Snmp trap alert action

Has anyone implemented an SNMP trap action for the X-pack watcher to allow SNMP traps to be sent out if thresholds are crossed?
Our customer uses HP openview and traps to monitor all nodes and would like to integrate the watcher notifications also.

Mikael Lindstrom

1 Like


just to make sure I understand the use case. Does watcher need to be able to receive SNMP data in this one or does it need to be able to send SNMP traps on crossed thresholds?

Watcher does not have any SNMP capabilities per se, but you might be able to utilize the logstash snmptrap input plugin and the logstash exec output and call the linux snmp CLI tools directory. If the latter would be a solution, you could use this in combination with watcher sending a webhook to the logstash http input plugin.

Hope this helps!


I'm referring to the trigger action - i.e. if the watcher is setup to trigger an action when above a certain value, I want to send an SNMP trap to a monitoring system.

So basically, it would go from X-pack watcher to logstash input and then logstash exec output?


yes, that would be the way to go! Watcher action webhook -> logstash http input -> logstash exec output with snmp* cli tools. As watcher is running inside of Elasticsearch, it is also bound to the same security restrictions, which means there is no chance of forking processes.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.