snmp-trap type

The snmp-trap connector is used in agents and collectors to passively receive SNMP trap messages. The connector receives and prepares messages for normalization by mapping the SNMP object IDs to the temporary keys. Then the message is passed to the JSON normalizer, where the temporary keys are mapped to the KUMA fields and an event is generated.

To process events received via SNMP, you must use json normalizer.

It is available for Windows and Linux Agents. Supported protocol versions:

• snmpV1
• snmpV2

When creating this type of connector, you need to define values for the following settings:

• Basic settings tab:
  • Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
  • Tenant (required)—name of the tenant that owns the resource.
  • Type (required)—connector type, snmp-trap.
  • SNMP version (required)—in this drop-down list, select the version of the protocol to be used: snmpV1 or snmpV2.

    For example, Windows uses the snmpV2 version by default.

  • URL (required) – URL where SNMP Trap messages will be expected. Available formats: hostname:port, IPv4:port, IPv6:port, :port.

  The SNMP version and URL parameters define one connection used to receive SNMP Traps. You can create several such connections in one connector by adding new ones by clicking the SNMP resource button. You can delete connections by clicking the button.

  • Source data—a table in which you specify the rules for naming the received data, according to which OIDs (object identifiers) are converted to the keys with which the normalizer can interact.

    You can click Apply OIDs for WinEventLog to populate the table with mappings for OID values ​​that arrive in WinEventLog logs. If more data needs to be determined and normalized in the incoming events, add to the table rows containing OID objects and their keys.

    Available table columns:

    • Parameter name —an arbitrary name for the data type. For example, "Site name" or "Site uptime".
    • OID (required)—a unique identifier that determines where to look for the required data at the event source. For example, 1.3.6.1.2.1.1.1.
    • Key (required)—a unique identifier returned in response to a request to the asset with the value of the requested setting. For example, sysDescr. This key can be accessed when normalizing data.
    • MAC address—if this functionality is enabled, KUMA correctly decodes data where the OID contains information about the MAC address in OctetString format. After decoding, the MAC address is converted to a String value of the XX:XX:XX:XX:XX:XX format.

    Data is processed according to the allow list principle: objects that are not specified in the table are not sent to the normalizer for further processing.

  • Description—resource description: up to 4,000 Unicode characters.
• Advanced settings tab:
  • Character encoding—a setting that specifies character encoding. The default value is UTF-8. When receiving snmp-trap events from Windows with Russian localization, if you encounter invalid characters in the event, we recommend changing the character encoding in the snmp-trap connector to Windows 1251.
  • Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

Configuring a Windows device to send SNMP trap messages to the KUMA collector involves the following steps:

1. Configuring and starting the SNMP and SNMP trap services
2. Configuring the Event to Trap Translator service

Events from the source of SNMP trap messages must be received by the KUMA collector, which uses a connector of the snmp-trap type and a json normalizer.

To configure and start the SNMP and SNMP trap services in Windows 10:

1. Open Settings → Apps → Apps and features → Optional features → Add feature → Simple Network Management Protocol (SNMP) and click Install.
2. Wait for the installation to complete and restart your computer.
3. Make sure that the SNMP service is running. If any of the following services are not running, enable them:
   • Services → SNMP Service.
   • Services → SNMP Trap.
4. Right-click Services → SNMP Service, and in the context menu select Properties. Specify the following settings:
   • On the Log On tab, select the Local System account check box.
   • On the Agent tab, fill in the Contact (for example, specify User-win10) and Location (for example, specify detroit) fields.
   • On the Traps tab:
     • In the Community Name field, enter community public and click Add to list.
     • In the Trap destination field, click Add, specify the IP address or host of the KUMA server on which the collector that waits for SNMP events is deployed, and click Add.
   • On the Security tab:
     • Select the Send authentication trap check box.
     • In the Accepted community names table, click Add, enter Community Name public and specify READ WRITE as the Community rights.
     • Select the Accept SNMP packets from any hosts check box.
5. Click Apply and confirm your selection.
6. Right click Services → SNMP Service and select Restart.

To configure and start the SNMP and SNMP trap services in Windows XP:

1. Open Start → Control Panel → Add or Remove Programs → Add / Remove Windows Components → Management and Monitoring Tools → Details.
2. Select Simple Network Management Protocol and WMI SNMP Provider, and then click OK → Next.
3. Wait for the installation to complete and restart your computer.
4. Make sure that the SNMP service is running. If any of the following services are not running, enable them by setting the Startup type to Automatic:
   • Services → SNMP Service.
   • Services → SNMP Trap.
5. Right-click Services → SNMP Service, and in the context menu select Properties. Specify the following settings:
   • On the Log On tab, select the Local System account check box.
   • On the Agent tab, fill in the Contact (for example, specify User-win10) and Location (for example, specify detroit) fields.
   • On the Traps tab:
     • In the Community Name field, enter community public and click Add to list.
     • In the Trap destination field, click Add, specify the IP address or host of the KUMA server on which the collector that waits for SNMP events is deployed, and click Add.
   • On the Security tab:
     • Select the Send authentication trap check box.
     • In the Accepted community names table, click Add, enter Community Name public and specify READ WRITE as the Community rights.
     • Select the Accept SNMP packets from any hosts check box.
6. Click Apply and confirm your selection.
7. Right click Services → SNMP Service and select Restart.

Changing the port for the SNMP trap service

You can change the SNMP trap service port if necessary.

To change the port of the SNMP trap service:

1. Open the C:\Windows\System32\drivers\etc folder.
2. Open the services file in Notepad as an administrator.
3. In the service name section of the file, specify the snmp-trap connector port added to the KUMA collector for the SNMP trap service.
4. Save the file.
5. Open the Control Panel and select Administrative Tools → Services.
6. Right-click SNMP Service and select Restart.

To configure the Event to Trap Translator service that translates Windows events to SNMP trap messages:

1. In the command line, type evntwin and press Enter.
2. Under Configuration type, select Custom, and click the Edit button.
3. In the Event sources group of settings, click the Add button to find and add the events that you want to send to KUMA collector with the SNMP trap connector installed.
4. Click the Settings button, in the opened window, select the Don't apply throttle check box, and click OK.
5. Click Apply and confirm your selection.