SNMP Trap Connector

Configure the SNMP Trap connector to receive SNMP trap notifications from network devices, servers, and infrastructure equipment for AI-powered analysis of alerts and events.

  8 minute read  

Overview

The SNMP Trap connector receives SNMP trap notifications from network devices, servers, and infrastructure equipment. SNMP (Simple Network Management Protocol) traps are unsolicited event notifications that devices send when they detect significant events like interface failures, temperature alerts, or security incidents. Content streams into Edge Delta Pipelines for analysis by AI teammates through the Edge Delta MCP connector.

The connector supports SNMPv1, SNMPv2c, and SNMPv3 with flexible authentication and encryption options. It acts as a trap receiver that listens on UDP port 162 (configurable), automatically parsing trap PDUs, extracting variable bindings, and normalizing timestamps for consistent analysis.

When you add this streaming connector, it appears as a SNMP Trap source in your selected pipeline. AI teammates access this data by querying the Edge Delta backend with the Edge Delta MCP connector.

Add the SNMP Trap Connector

To add the SNMP Trap connector, you configure the listen address and port, select the SNMP version, and set authentication parameters.

Prerequisites

Before configuring the connector, ensure you have:

  • Network devices configured to send SNMP traps
  • Firewall rules allowing inbound UDP traffic on port 162 (or custom port)
  • SNMP community string (for SNMPv1/v2c) or SNMPv3 credentials
  • Network connectivity from devices to Edge Delta agent
  • UDP port 162 available (or use port 1162+ for non-root operation)

Configuration Steps

  1. Navigate to AI Team > Connectors in the Edge Delta application
  2. Find the SNMP Trap connector in Streaming Connectors
  3. Click the connector card
  4. Configure Port (default 162) and Listen Address (default 0.0.0.0)
  5. Select Transport Protocol (default UDP)
  6. Select SNMP Version (v1, v2c, or v3)
  7. Configure authentication (Community String for v1/v2c or User credentials for v3)
  8. Optionally configure Advanced Settings for metadata
  9. Select a target environment
  10. Click Save

The connector deploys and begins listening for SNMP trap notifications.

SNMP Trap connector configuration showing listen address, version, and authentication settings

Configuration Options

Connector Name

Name to identify this SNMP Trap connector instance.

Port

UDP port to listen for SNMP traps.

Default: 162 (standard SNMP trap port)

Note: Ports below 1024 require root privileges. Use 1162 or higher for non-root operation.

Examples:

  • 162 - Standard SNMP trap port
  • 1162 - Alternative port for non-root deployment

Listen Address

IP address to bind to for listening.

Format: IP address

Default: 0.0.0.0 (all interfaces)

Examples:

  • 0.0.0.0 - Listen on all network interfaces
  • 192.168.1.100 - Listen only on specific interface
  • 10.0.0.50 - Bind to particular IP address

Transport Protocol

Network transport protocol for trap listening.

Values: udp, tcp

Default: udp

Note: SNMP traps are always sent via UDP per SNMP specification

SNMP Version

SNMP protocol version to accept.

Values: v1, v2c, v3

Default: v2c

When to Use:

  • v2c: Most common, community string authentication
  • v3: Production environments requiring encryption and enhanced security
  • v1: Legacy devices only

Advanced Settings

User

SNMP user for v3 authentication. Required when using SNMPv3.

Format: Username configured on devices

Example: monitoring or trap-receiver

Community String

SNMP community string for v1 and v2c authentication.

Default: public

Security: Always change from default public in production. Use read-only community strings.

Examples:

  • network-monitoring - Custom community string
  • datacenter-env - Environment-specific monitoring

Security Level

Security level for SNMPv3 connections.

Values:

  • no_auth_no_priv - No authentication or encryption (default)
  • auth_no_priv - Authentication only
  • auth_priv - Authentication and encryption (recommended for production)

When to Use: Use auth_priv for production to ensure encrypted communication

Authentication Type

Authentication protocol for SNMPv3. Required when security level includes authentication.

Values: md5, sha, sha224, sha256, sha384, sha512

Default: md5

Recommended: sha256 or higher for better security

Authentication Password

Authentication password for SNMPv3. Required when security level includes authentication.

Format: Secure password string (minimum 8 characters)

Security: Use strong, randomly generated passwords unique to monitoring users

Privacy Type

Privacy (encryption) protocol for SNMPv3. Required when security level is auth_priv.

Values: des, aes, aes192, aes256, aes192c, aes256c

Default: des

Recommended: aes256 or higher for stronger encryption than legacy des

Privacy Password

Privacy password for SNMPv3 encryption. Required when security level is auth_priv.

Format: Secure password string (minimum 8 characters)

Note: Can be same as or different from authentication password

Engine ID

Server’s authoritative engine ID for SNMPv3. Auto-generated if empty.

Format: Hexadecimal string

When to Use: Specify when devices require specific engine ID for trap authentication

Example: 80001f8880c6127623566ce6a064

Metadata Level (Resource Attributes)

This option is used to define which detected resources and attributes to add to each data item as it is ingested by Edge Delta. You can select:

  • Required Only: This option includes the minimum required resources and attributes for Edge Delta to operate.
  • Default: This option includes the required resources and attributes plus those selected by Edge Delta
  • High: This option includes the required resources and attributes along with a larger selection of common optional fields.
  • Custom: With this option selected, you can choose which attributes and resources to include. The required fields are selected by default and can’t be unchecked.

Based on your selection in the GUI, the source_metadata YAML is populated as two dictionaries (resource_attributes and attributes) with Boolean values.

See Choose Data Item Metadata for more information on selecting metadata.

SNMP-specific metadata included:

  • Host name - Receiver hostname
  • Host IP - Receiver IP address
  • Service name - SNMP service identifier
  • Source name - Connector instance name
  • Source type - SNMP Trap connector type

Metadata Level (Attributes)

Additional attribute-level metadata fields to include.

Default: ed.env.id

How to Use the SNMP Trap Connector

The SNMP Trap connector integrates seamlessly with AI Team, enabling AI-powered analysis of network events and infrastructure alerts. AI teammates automatically leverage SNMP trap data to monitor device health, investigate connectivity issues, detect environmental problems, and analyze security events.

Monitor network interface status changes to detect connectivity issues. AI teammates analyze linkDown and linkUp traps to identify interface failures, determine failure timing, and distinguish between hardware failures and administrative actions. When combined with PagerDuty alerts, teammates automatically investigate network outages by querying trap data and identifying problematic interfaces.

Configuration:

  • Port: 162
  • Listen Address: 0.0.0.0
  • SNMP Version: v2c
  • Community String: network-monitoring

Device Configuration (Cisco):

snmp-server host <edge-delta-ip> version 2c network-monitoring
snmp-server enable traps snmp linkdown linkup

Use Case: Environmental Monitoring

Monitor data center environmental conditions to prevent equipment damage. AI teammates detect temperature warnings, cooling failures, and power status changes from server chassis, UPS systems, and environmental sensors. This enables proactive response before conditions escalate to critical failures and hardware damage.

Configuration:

  • Port: 162
  • Listen Address: 0.0.0.0
  • SNMP Version: v2c
  • Community String: datacenter-env

Device Configuration (Dell Server):

racadm set iDRAC.SNMP.AgentEnable 1
racadm set iDRAC.SNMP.TrapEnable 1
racadm set iDRAC.SNMP.AlertDestIPAddr <edge-delta-ip>

Use Case: Security Event Tracking

Track security events from firewalls and network devices. AI teammates analyze authentication failures, policy violations, and blocked attacks to identify security patterns and threats. Using SNMPv3 with encryption ensures confidential handling of sensitive security data during transmission.

Configuration:

  • Port: 162
  • Listen Address: 0.0.0.0
  • SNMP Version: v3
  • User: security-monitor
  • Security Level: auth_priv
  • Authentication Type: sha256
  • Privacy Type: aes256

Troubleshooting

No traps received: Verify Edge Delta listening on port with netstat -uln | grep 162. Check firewall rules allow inbound UDP on port 162 from devices. Confirm devices configured with correct Edge Delta agent IP (not cloud service IP). Test with snmptrap -v 2c -c public <edge-delta-ip> '' .1.3.6.1.6.3.1.1.5.3 to verify reception.

Community string mismatch (v1/v2c): Verify community string in connector matches devices exactly (case-sensitive). Check device configuration with show snmp host (Cisco) or show configuration snmp trap-group (Juniper). Avoid using default public or private strings in production.

SNMPv3 authentication failures: Verify username matches device configuration exactly (case-sensitive). Ensure authentication type matches (sha vs md5). Confirm authentication password identical and meets minimum length (8+ characters). Verify privacy protocol matches between connector and devices. Check security level consistent (no_auth_no_priv/auth_no_priv/auth_priv).

OIDs display as numbers not names: Upload vendor-specific MIB files for proper OID translation. Download MIBs from device manufacturer (cisco.com/go/mibs, juniper.net/support). Upload .mib or .txt files to connector configuration. Restart connector after uploading new MIBs. Check MIB file IMPORTS for dependent MIBs.

High CPU or memory usage: Reduce trap rate by filtering at source devices. Use selective trap enablement instead of all traps. Check for trap storms from misconfigured debug-level SNMP logging. Load only necessary MIB files not entire vendor collections. Deploy multiple agents with load balancing for high trap rates.

Traps being lost: SNMP traps use UDP which doesn’t retransmit lost packets. Check network statistics for UDP packet loss between devices and Edge Delta. For critical events, configure devices to also send via syslog with TCP. Consider SNMPv3 inform messages instead of traps for acknowledgment and retransmission. Ensure adequate network buffer sizes for burst traffic.

Port binding issues: Verify listen address exists on system with ip addr show or ifconfig. Check no other process using port 162 with netstat -ulnp | grep 162. For ports below 1024, ensure root privileges or use higher port number. In Kubernetes, confirm pod security context allows specified port.

Next Steps

For additional help, visit AI Team Support.