Skip to main content

Configure the SNMP Trapd LAM

The SNMP Trapd LAM allows Moogsoft Onprem to receive and process trap messages as events.

You can configure the SNMP Trapd LAM to process SNMPv1 traps, SNMPv2 informs and, SNMPv3 traps and informs.

For an overview of trap processing and the different versions of SNMP see Ingest SNMP Traps.

Before You Begin

Before you set up your Trapd LAM, ensure you have met the following requirements:

  • Ensure port 162, the default port for receiving SNMP traps over UDP, is available and open on Moogsoft Onprem. Note port 162 is a protected port and requires root privileges to bind to it. Alternatively, configure another port to receive the traps.

  • You have parsed any MIB files into JSON format using the mibparser utility. See Parse MIBs for Trap Integration.

  • If using SNMPv3, you have generated the engine ID of your SNMP application in hexadecimal format.

If you are configuring a distributed deployment refer to High Availability Overview first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the configuration file to control the behavior of the Trapd LAM. You can find the file at $MOOGSOFT_HOME/config/trapd_lam.conf.

See the SNMP Trapd LAM Reference and LAM and Integration Reference for a full description of all properties. Some properties are commented out by default. Uncomment properties to enable them.

  1. Configure the connection properties:

    • trap_port: Port the Trapd LAM uses to receive traps. SNMP agents typically send traps to port 162 via UDP.

    • concurrency: Maximum number of threads the Trapd LAM can use for receiving and processing traps.

    • name_resolution: The hostname of the IP address the trap came from.

  2. Configure the Trapd LAM behavior:

    • event_ack_mode: Determines when Moogsoft Onprem acknowledges an event from the Trapd LAM during processing.

    • mib_db_file: Defines the location where the Mibparser utility exports and parses its MIBs. See Parse MIBs for Trap Integration for more details.

  3. Optionally configure the USM file and engine ID properties if you want to use SNMPv3:

    • usm_file: Path to your User-based Security Model (USM) file that allows you to authenticate and encrypt messages for SNMPv3.

    • local_engine_id: Engine ID of the SNMP monitor that sends Inform messages to your Trap LAM.

  4. Optionally configure the LAM identification and capture logging details:

    • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Onprem ingests from this LAM.

    • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  5. Optionally configure severity conversion. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.

  6. Optionally configure the process logging details:

    • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Example

The following example shows a Trapd LAM that is able to process SNMPv3 traps and informs:

monitor:
{
    name                : "Trap Monitor",
    class               : "CTrapMonitor",
    trap_port           : 162,
    concurrency         : 5,
    name_resolution     : false,
    event_ack_mode      : "queued_for_processing",
    mib_db_file         : "etc/myParsedMibs.json",
    usm_file            : "$MOOGSOFT_HOME/config/trapd_usm.conf",
    local_engine_id     : "03c4b11e3e"
},
agent:
{
    name                : "DATA_SOURCE",
    #capture_log        : "$MOOGSOFT_HOME/log/data-capture/trapd_lam.log"
},
log_config:
{
    configuration_file  : "$MOOGSOFT_HOME/config/logging/trapd_lam_log.json"
},

Configure for High Availability

Configure the Trapd LAM for high availability if required. See High Availability Overview for details.

Configure LAMbot Processing

The Trapd LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example Trapd LAM filter configuration is shown below.

filter:
{
    presend: "TrapdLam.js"
}

Start and Stop the LAM

Restart the Trapd LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is trapdlamd.

See Control Moogsoft Onprem Processes for further details.