It’s a Trap! SNMP Traps as Datadog Logs

February 17, 2022
|
5
min read

Anyone that has worked with SNMP (Simple Network Management Protocol, if you haven’t) knows that it’s kind of a misnomer - there’s really not a lot about it that feels simple. Translating SNMP data into modern monitoring tools can be burdensome for a number of reasons. Between the differences in v2 and v3, MIB files that were last updated in 1997, and making sense of the thousands of data points from any given device, it can cause some real headaches for engineers. One of the biggest pain points has been handling and understanding SNMP traps in my experience, and it’s made even more difficult by needing to utilize more specialized software outside of primary monitoring tools.

Without naming names, some of these pieces of software are clunky and outdated with crazy licensing policies, and every single one of them has made me say “man, I really wish this was Datadog.” Well, one day I was frustrated enough I decided to make that happen.

As a result, RapDev is now offering a Datadog Marketplace package that sets up a trap receiver that forwards messages as logs to Datadog, enabling engineers to maintain all of their monitoring in a single place (because c’mon, it’s 2022). Included in this package are over 12,000 MIB files that allow translation of events from almost any SNMP device you can think of.

Let’s be honest, who wants to deal with this

When you could have this?

Once our SNMP traps are sending to Datadog, there’s a few other things we can do with them using some of Datadogs built-in log parsing functionality. For example, converting the host IP into the hostname of the device - we can do this utilizing Enrichment Tables. By providing a CSV document to Datadog with IPs and hostnames, we can tell Datadog to lookup the IP in the enrichment table and add the hostname to the log message. This way, we can filter down logs in an even more human readable format. Additionally, if we know which logs fields we want to view as the main message body, we can utilize the Message Remapper. If we know we want our message field to be the content of fields like ccvpEventText or any other trap field, we can add that to the list of fields to remap to the message. That allows our log page to go from looking like this:

To looking like this:


And after we’ve got all of that in place - we can setup log based alerts to notify us of different conditions:


By coupling this all together with RapDev’s SNMP Profiles, you can have full observability into your SNMP devices all in Datadog without needing additional tools. Because c’mon, it’s 2022.


To get started with SNMP Traps to logs, check out the Datadog Marketplace offering.

written by
Nick Vecellio
Nick Vecellio
New England
By day, a DevOps Architect specializing in Kubernetes, cloud infrastructure, logging, and monitoring. By night, a woodworker, punk musician, and dog dad.
Back to main Blog