SNMP Trap Receivers
SNMP traps are generated by third-party network devices and systems. SNMP Trap Receiver collects the traps and translates them into LogRhythm logs.
The LogRhythm SNMP Trap Receiver supports SNMP Trap formats v1, v2c, and v3.
A LogRhythm System Monitor Pro or Collector license is required to have access to the SNMP Trap Receiver.
Network Requirements for SNMP Trap Receiver
UDP port 161 must be open from the remote system to the monitoring system.
Process
Part of an SNMP Trap message is an Object ID. The Object ID is decoded by matching it with an entry in a Management Information Base (MIB) file. LogRhythm includes a set of standard MIBs that are installed in C:\Program Files\LogRhythm\LogRhythm System Monitor\config\mibs on the System Monitor host. If your site requires additional MIB files, you may copy them to that location. MIB files do not need to be loaded in any particular order.
LogRhythm MIB files can be found on the Community downloads page for the most recent SIEM release:
Some log source types require vendor-supplied MIBs. Please work with the required vendor to gather the needed file.
After decoding, the raw logs are sent to the Mediator for collection and processing.
You can use Investigate, Tail, and all other standard analysis tools with these log source types.