These docs are for Cribl Edge 4.12 and are no longer actively maintained.
See the latest version (4.13).
SNMP Trap Destination
Cribl Edge supports forwarding of SNMP Traps out.
Type: Streaming | TLS Support: No | PQ Support: No
If you’ve modified SNMP trap events within the Pipeline, use the SNMP Trap Serialize Function to serialize compliant events into SNMP traps before sending them to an SNMP Trap Destination.
Configure Cribl Edge to Forward to SNMP Traps
- On the top bar, select Products, and then select Cribl Edge. Under Fleets, select a Fleet. Next, you have two options:
- To configure via QuickConnect, navigate to Routing > QuickConnect (Stream) or Collect (Edge). Select Add Destination and select the Destination you want from the list, choosing either Select Existing or Add New.
- To configure via the Routes, select Data > Destinations or More > Destinations (Edge). Select the Destination you want. Next, select Add Destination.
- In the New Destination modal, configure the following under General Settings:
- Output ID: Enter a unique name to identify this SNMP Trap definition. If you clone this Destination, Cribl Edge will add
-CLONEto the original Output ID. - Description: Optionally, enter a description.
- SNMP trap destinations: For each destination configured, enter the destination host Address and destination Port. Port: Defaults to
162. To specify additional SNMP trap destinations to forward traps to on new rows, select Add Destination.
- Output ID: Enter a unique name to identify this SNMP Trap definition. If you clone this Destination, Cribl Edge will add
- Next, you can configure the following Optional Settings:
- Tags: Optionally, add tags that you can use to filter and group Destinations on the Destinations page. These tags aren’t added to processed events. Use a tab or hard return between (arbitrary) tag names.
- Optionally, you can adjust the Processing and Advanced settings outlined in the sections below.
- Select Save, then Commit & Deploy.
Processing Settings
Post‑Processing
Pipeline: Pipeline or Pack to process data before sending the data out using this output.
Advanced Settings
DNS resolution period (sec): Specify the interval (in seconds) to re-resolve hostnames. This reduces the frequency of DNS lookups, improving performance. Use this setting to balance the overhead of DNS lookup calls with the expected frequency of changes in the DNS records. Defaults to 0 seconds, meaning DNS lookups occur for every outgoing trap.
Environment: If you’re using GitOps, optionally use this field to specify a single Git branch on which to enable this configuration. If empty, the config will be enabled everywhere.
Considerations for Working with SNMP Traps Data
It’s possible to work with SNMP metadata (i.e., we’ll decode the packet). Options include dropping, routing, etc. However, packets cannot be modified and sent to another SNMP Destination.
SNMP packets can be forwarded to non-SNMP Destinations (for example, Splunk, Syslog, S3, etc.).
SNMP packets can be forwarded to other SNMP Destinations. However, the contents of the incoming packet cannot be modified – i.e., we’ll forward the packets verbatim as they came in.
Non-SNMP input data cannot be sent to SNMP Destinations.
Troubleshooting
The Destination’s configuration modal has helpful tabs for troubleshooting:
Live Data: Try capturing live data to see real-time events as they flow through the Destination. On the Live Data tab, click Start Capture to begin viewing real-time data.
Logs: Review and search the logs that provide detailed information about the delivery process, including any errors or warnings that may have occurred.
Test: Ensures that the Destination is correctly set up and reachable. Verify that sample events are sent correctly by clicking Run Test.
You can also view the Monitoring page that provides a comprehensive overview of data volume and rate, helping you identify delivery issues. Analyze the graphs showing events and bytes in/out over time.