Snmp-trap type

Connectors of the snmp-trap type are used in agents and collectors to passively receive snmp-trap events. The connector receives snmp-trap events and prepares them for normalization by mapping SNMP object IDs to temporary keys. Then the message is passed to the JSON normalizer, where the temporary keys are mapped to the KUMA fields and an event is generated.

To process events received via SNMP, you must use the json normalizer.

The connector of the snmp-trap type is available for Windows agents and Linux agents. Supported protocol versions:

Settings for a connector of the snmp-trap type are described in the following tables.

Basic settings tab

Setting

Description

Name

Unique name of the resource. Maximum length of the name: 128 Unicode characters.

Required setting.

Tenant

The name of the tenant that owns the resource.

Required setting.

Type

Connector type. You need to select snmp-trap.

Required setting.

SNMP version

The version of SNMP being used. Available values:

  • snmpV1
  • snmpV2

For example, Windows uses the snmpV2 version of the SNMP protocol by default.

Required setting.

URL

URL for receiveing SNMP trap events. You can enter a URL in one of the following formats:

  • <host name>:<port number>
  • <IPv4 address>:<port number>
  • <IPv6 address>:<port number>
  • :<port number>

Required setting.

The SNMP version and URL settings define a connection used to receive snmp-trap events. You can create multiple connections or delete a connection. To add a connection, click the SNMP resource button. To delete a connection, click search_del next to it.

Source data

Rules for naming the received data, according to which OIDs (object identifiers) are converted to the keys with which the normalizer can interact. Available settings:

  • Parameter name is the name for the data type, for example, Host name or Host uptime.

    Required setting.

  • OID is a unique identifier that determines where to look for the required data at the event source, for example, 1.3.6.1.2.1.1.5.

    Required setting.

  • Key is a unique identifier returned in response to a request to the device with the value of the requested parameter, for example, sysName. You can reference this key when normalizing data.

    Required setting.

  • MAC address—if this functionality is enabled, KUMA correctly decodes data where the OID contains information about the MAC address in OctetString format. After decoding, the MAC address is converted to a String value of the XX:XX:XX:XX:XX:XX format.

You can click Apply OIDs for WinEventLog to populate the table with mappings for OID values that arrive in WinEventLog logs. If more data needs to be determined and normalized in the incoming events, add to the table rows containing OID objects and their keys.

Data is processed according to the allow list principle: objects that are not specified in the table are not sent to the normalizer for further processing.

Description

Description of the resource. Maximum length of the description: 4000 Unicode characters.

Advanced settings tab

Setting

Description

Character encoding

Character encoding. The default value is UTF-8.

When receiving snmp-trap events from Windows with Russian localization, if you encounter invalid characters in the event, we recommend changing the character encoding in the snmp-trap connector to Windows 1251.

Debug

Resource logging. The toggle switch is turned off by default.

In this section

Configuring the source of SNMP trap messages for Windows

Page top