Skip to content

Collecting SNMP traps

SNMP traps are unsolicited, event-driven notifications sent by devices to a trap receiver (TeskaLabs LogMan.io collector). Unlike polling (SNMP GET/WALK), traps push changes in near-real time-interface flaps, link errors, PSU/temperature alarms, fan failures, UPS state changes, VPN tunnels up/down, and more; making them a high-value signal for TeskaLabs LogMan.io. Traps exist across versions v1, v2c, and v3.

Each trap carries an enterprise OID and a set of varbinds (key-value pairs) that describe the event context. Resolving these OIDs with the right MIBs turns opaque numbers into human-readable fields your analysts can search, correlate, and alert on. In a TeskaLabs LogMan.io parsing pipeline, traps are normalized (severity, device, component, cause) and enriched (device role, site, owner) before storage, detections and alerting.

Configuration of the collector

This enables capturing of SNMP traps on the default port UDP/162.

input:Datagram:udp-snmp-162:
  address: 162
  output: snmp-162

output:CommLink:snmp-162: {}