SNMP Trap Connector
8 minute read
Overview
The SNMP Trap connector receives SNMP trap notifications from network devices, servers, and infrastructure equipment. SNMP (Simple Network Management Protocol) traps are unsolicited event notifications that devices send when they detect significant events like interface failures, temperature alerts, or security incidents. Content streams into Edge Delta Pipelines for analysis by AI teammates through the Edge Delta MCP connector.
The connector supports SNMPv1, SNMPv2c, and SNMPv3 with flexible authentication and encryption options. It acts as a trap receiver that listens on UDP port 162 (configurable), automatically parsing trap PDUs, extracting variable bindings, and normalizing timestamps for consistent analysis.
When you add this streaming connector, it appears as a SNMP Trap source in your selected pipeline. AI teammates access this data by querying the Edge Delta backend with the Edge Delta MCP connector.
Add the SNMP Trap Connector
To add the SNMP Trap connector, you configure the listen address and port, select the SNMP version, and set authentication parameters.
Prerequisites
Before configuring the connector, ensure you have:
- Network devices configured to send SNMP traps
- Firewall rules allowing inbound UDP traffic on port 162 (or custom port)
- SNMP community string (for SNMPv1/v2c) or SNMPv3 credentials
- Network connectivity from devices to Edge Delta agent
- UDP port 162 available (or use port 1162+ for non-root operation)
Configuration Steps
- Navigate to AI Team > Connectors in the Edge Delta application
- Find the SNMP Trap connector in Streaming Connectors
- Click the connector card
- Configure Port (default 162) and Listen Address (default
0.0.0.0
) - Select Transport Protocol (default UDP)
- Select SNMP Version (v1, v2c, or v3)
- Configure authentication (Community String for v1/v2c or User credentials for v3)
- Optionally configure Advanced Settings for metadata
- Select a target environment
- Click Save
The connector deploys and begins listening for SNMP trap notifications.

Configuration Options
Connector Name
Name to identify this SNMP Trap connector instance.
Port
UDP port to listen for SNMP traps.
Default: 162 (standard SNMP trap port)
Note: Ports below 1024 require root privileges. Use 1162 or higher for non-root operation.
Examples:
162
- Standard SNMP trap port1162
- Alternative port for non-root deployment
Listen Address
IP address to bind to for listening.
Format: IP address
Default: 0.0.0.0
(all interfaces)
Examples:
0.0.0.0
- Listen on all network interfaces192.168.1.100
- Listen only on specific interface10.0.0.50
- Bind to particular IP address
Transport Protocol
Network transport protocol for trap listening.
Values: udp, tcp
Default: udp
Note: SNMP traps are always sent via UDP per SNMP specification
SNMP Version
SNMP protocol version to accept.
Values: v1, v2c, v3
Default: v2c
When to Use:
- v2c: Most common, community string authentication
- v3: Production environments requiring encryption and enhanced security
- v1: Legacy devices only
Advanced Settings
User
SNMP user for v3 authentication. Required when using SNMPv3.
Format: Username configured on devices
Example: monitoring
or trap-receiver
Community String
SNMP community string for v1 and v2c authentication.
Default: public
Security: Always change from default public
in production. Use read-only community strings.
Examples:
network-monitoring
- Custom community stringdatacenter-env
- Environment-specific monitoring
Security Level
Security level for SNMPv3 connections.
Values:
no_auth_no_priv
- No authentication or encryption (default)auth_no_priv
- Authentication onlyauth_priv
- Authentication and encryption (recommended for production)
When to Use: Use auth_priv
for production to ensure encrypted communication
Authentication Type
Authentication protocol for SNMPv3. Required when security level includes authentication.
Values: md5, sha, sha224, sha256, sha384, sha512
Default: md5
Recommended: sha256 or higher for better security
Authentication Password
Authentication password for SNMPv3. Required when security level includes authentication.
Format: Secure password string (minimum 8 characters)
Security: Use strong, randomly generated passwords unique to monitoring users
Privacy Type
Privacy (encryption) protocol for SNMPv3. Required when security level is auth_priv
.
Values: des, aes, aes192, aes256, aes192c, aes256c
Default: des
Recommended: aes256 or higher for stronger encryption than legacy des
Privacy Password
Privacy password for SNMPv3 encryption. Required when security level is auth_priv
.
Format: Secure password string (minimum 8 characters)
Note: Can be same as or different from authentication password
Engine ID
Server’s authoritative engine ID for SNMPv3. Auto-generated if empty.
Format: Hexadecimal string
When to Use: Specify when devices require specific engine ID for trap authentication
Example: 80001f8880c6127623566ce6a064
Metadata Level (Resource Attributes)
This option is used to define which detected resources and attributes to add to each data item as it is ingested by Edge Delta. You can select:
- Required Only: This option includes the minimum required resources and attributes for Edge Delta to operate.
- Default: This option includes the required resources and attributes plus those selected by Edge Delta
- High: This option includes the required resources and attributes along with a larger selection of common optional fields.
- Custom: With this option selected, you can choose which attributes and resources to include. The required fields are selected by default and can’t be unchecked.
Based on your selection in the GUI, the source_metadata
YAML is populated as two dictionaries (resource_attributes
and attributes
) with Boolean values.
See Choose Data Item Metadata for more information on selecting metadata.
SNMP-specific metadata included:
- Host name - Receiver hostname
- Host IP - Receiver IP address
- Service name - SNMP service identifier
- Source name - Connector instance name
- Source type - SNMP Trap connector type
Metadata Level (Attributes)
Additional attribute-level metadata fields to include.
Default: ed.env.id
How to Use the SNMP Trap Connector
The SNMP Trap connector integrates seamlessly with AI Team, enabling AI-powered analysis of network events and infrastructure alerts. AI teammates automatically leverage SNMP trap data to monitor device health, investigate connectivity issues, detect environmental problems, and analyze security events.
Use Case: Network Link Monitoring
Monitor network interface status changes to detect connectivity issues. AI teammates analyze linkDown and linkUp traps to identify interface failures, determine failure timing, and distinguish between hardware failures and administrative actions. When combined with PagerDuty alerts, teammates automatically investigate network outages by querying trap data and identifying problematic interfaces.
Configuration:
- Port:
162
- Listen Address:
0.0.0.0
- SNMP Version:
v2c
- Community String:
network-monitoring
Device Configuration (Cisco):
snmp-server host <edge-delta-ip> version 2c network-monitoring
snmp-server enable traps snmp linkdown linkup
Use Case: Environmental Monitoring
Monitor data center environmental conditions to prevent equipment damage. AI teammates detect temperature warnings, cooling failures, and power status changes from server chassis, UPS systems, and environmental sensors. This enables proactive response before conditions escalate to critical failures and hardware damage.
Configuration:
- Port:
162
- Listen Address:
0.0.0.0
- SNMP Version:
v2c
- Community String:
datacenter-env
Device Configuration (Dell Server):
racadm set iDRAC.SNMP.AgentEnable 1
racadm set iDRAC.SNMP.TrapEnable 1
racadm set iDRAC.SNMP.AlertDestIPAddr <edge-delta-ip>
Use Case: Security Event Tracking
Track security events from firewalls and network devices. AI teammates analyze authentication failures, policy violations, and blocked attacks to identify security patterns and threats. Using SNMPv3 with encryption ensures confidential handling of sensitive security data during transmission.
Configuration:
- Port:
162
- Listen Address:
0.0.0.0
- SNMP Version:
v3
- User:
security-monitor
- Security Level:
auth_priv
- Authentication Type:
sha256
- Privacy Type:
aes256
Troubleshooting
No traps received: Verify Edge Delta listening on port with netstat -uln | grep 162
. Check firewall rules allow inbound UDP on port 162 from devices. Confirm devices configured with correct Edge Delta agent IP (not cloud service IP). Test with snmptrap -v 2c -c public <edge-delta-ip> '' .1.3.6.1.6.3.1.1.5.3
to verify reception.
Community string mismatch (v1/v2c): Verify community string in connector matches devices exactly (case-sensitive). Check device configuration with show snmp host
(Cisco) or show configuration snmp trap-group
(Juniper). Avoid using default public
or private
strings in production.
SNMPv3 authentication failures: Verify username matches device configuration exactly (case-sensitive). Ensure authentication type matches (sha vs md5). Confirm authentication password identical and meets minimum length (8+ characters). Verify privacy protocol matches between connector and devices. Check security level consistent (no_auth_no_priv/auth_no_priv/auth_priv).
OIDs display as numbers not names: Upload vendor-specific MIB files for proper OID translation. Download MIBs from device manufacturer (cisco.com/go/mibs, juniper.net/support). Upload .mib
or .txt
files to connector configuration. Restart connector after uploading new MIBs. Check MIB file IMPORTS for dependent MIBs.
High CPU or memory usage: Reduce trap rate by filtering at source devices. Use selective trap enablement instead of all traps. Check for trap storms from misconfigured debug-level SNMP logging. Load only necessary MIB files not entire vendor collections. Deploy multiple agents with load balancing for high trap rates.
Traps being lost: SNMP traps use UDP which doesn’t retransmit lost packets. Check network statistics for UDP packet loss between devices and Edge Delta. For critical events, configure devices to also send via syslog with TCP. Consider SNMPv3 inform messages instead of traps for acknowledgment and retransmission. Ensure adequate network buffer sizes for burst traffic.
Port binding issues: Verify listen address exists on system with ip addr show
or ifconfig
. Check no other process using port 162 with netstat -ulnp | grep 162
. For ports below 1024, ensure root privileges or use higher port number. In Kubernetes, confirm pod security context allows specified port.
Next Steps
- Learn about SNMP Trap source configuration for advanced pipeline integration
- Learn about Edge Delta MCP connector for querying trap data
- Learn about creating custom teammates that can use SNMP trap data
For additional help, visit AI Team Support.