SNMP Traps on Docker Host

Support: Full-Stack Observability (FSO) Infrastructure
#1

I want to receive traps from different sources on port 162 , on docker-host.
Below information is available in docs, but it doesn’t explains pre-requisite for docker host:
Direction - Inbound
Source - Source devices for SNMP Trap data
Destination - Docker host
Ports - 162 (default)
Protocol - UDP

How do we configure MIBs in this docker host?
Will these traps processed on the docker host?
What will process these traps, since they will be in raw form - Any rules will be in place?

Any information or pointer would be appreciated.
Thanks in Advance.
Amit

#2

Hey @risinamit,

Thank you for reaching out.

Check out the advanced configuration options for network performance monitoring. Here you can configure your mib_profile and determine what mib’s you wish to send to New Relic.

Let me know if you have questions.

#3

Thank you for response @emurphy.
Provided link talks about snmp polling and ktranslate docker image is required to do so.

I am more interested in traps. Network devices will be configured to sent traps to docker host(Linux) and traps are more dynamic in nature with real issues from the devices.
How the traps will be processed on docker host?
Traps will be in raw form, once reached on docker host.
Which component will understand traps in raw form and pass to New Relic?

Thanks in Advance,
Amit

#4

Hey @risinamit,

Have you been able to run through this Getting Started documentation?

Our Network Integration is capable of capturing SNMP Trap data.

1 Like
#5

Thank you for your response @emurphy.
I have gone through that document. I have reviewed that page already and I am looking for below information:

  1. What will be definition of docker host?
  2. Is docker host capable to send traps to NewRelic?
  3. Which component will process all the incoming traps on the docker host?
  4. Where will I do configuration on docker host to send traps to New Relic?
  5. Is there any other component required to be installed on docker host?
  6. How can ensure that only relevant data is forwarded to New Relic?
  7. Data flow for traps from NW to New Relic is not available anywhere.

Regards,
Amit Kumar

#6

@risinamit - please see responses to your queries below:

1. What will be definition of docker host?
Can you be more descriptive? I’m not sure what you’re asking about here. The docker host is the Linux server running docker that you host your ktranslate container(s) on. The container image for SNMP traps will be the same image used for SNMP polling and on-premises flow collection (kentik/ktranslate:v2).

2. Is docker host capable to send traps to NewRelic?
Yes, by default ktranslate sets up a passive listener for SNMP traps on UDP port 1620. This port can be edited in the trap section of your container configuration file.

3. Which component will process all the incoming traps on the docker host?
The ktranslate container will process all traps, setup a payload compatible with our Event API; and then forward the traps into the New Relic Event API using the KSnmpTrap namespace.

4. Where will I do configuration on docker host to send traps to New Relic?
Configuration of the ktranslate listener is in the trap section of the configuration file. By design, the container will use the host network, meaning that you will setup your devices to send traps to the IP address of the linux server running docker.

5. Is there any other component required to be installed on docker host?
It is helpful to have the tcpdump utility on the host in order to create packet capture (.pcap) files, which we use during profile generation and troubleshooting.

6. How can ensure that only relevant data is forwarded to New Relic?
The easiest way is to create a GitHub issue for a new SNMP Traps profile and provide a sample .pcap file that we can use to create a profile (like this one) in order to create friendly display names for the various trap varbinds. Note this is not required and ktranslate will forward all traps even without a profile; but the results in New Relic will be attributes with OIDs as the key names instead of a friendly name.

e.g.; looking at the profile example above:

- name: vmwVpxdOldStatus
  OID: 1.3.6.1.4.1.6876.4.3.304.0
  tag: old_status

With a profile; the results of a received trap in New Relic could be queried like this:

FROM KSnmpTrap SELECT latest(old_status) FACET device_name

Without a profile, it would look like this:

FROM KSnmpTrap SELECT latest(`1.3.6.1.4.1.6876.4.3.304.0`) FACET device_name

As far as restricting which particular traps are collected; that is handled either on the device configuration where the traps are generated, or you can create drop rules that will drop data on our ingest pipeline before writing to disk.

7. Data flow for traps from NW to New Relic is not available anywhere.
There is a high-level architectural diagram in our docs site. Is this what you’re looking for?

Hope this helps to clear up some confusion, please don’t hesitate to ask any other questions that you may need clarification on.

2 Likes
#7

thank you @zackm this information seems to be helpful.
I will review this and come back, if I have any further questions.

Regards,
Amit Kumar

#8

Hi @risinamit

Glad to hear the info was helpful, please do reach out and let us know if it worked for you!

Have a great day!

#9

Few queries resolved, but need more details around below points:

  1. Is sizing of linux server(docker host) defined anywhere with respect to RAM, CPU & Disk ?

  2. By default ktranslate sets up a passive listener for SNMP traps on UDP port 1620. Can’t see any container at /var/lib/docker/containers/container-id/config
    After execution of command “docker run -d -p 1620:1620 -it kentik/ktranslate:v2” , config file is available
    [ec2-user@ip-172-31-25-40 ~]$ sudo su
    [root@ip-172-31-25-40 ec2-user]# cd /var/lib/docker/containers/
    1eb511e0f4e63854635f505264588e0dbf27ad7a84a2813753ce5761fc6af293/ cdb773695ecbae426a7a0fbfae61111b8437c77ae23b663d1b6c9dec8f3db365/
    b7e3ba42ca0745717f393ae697c0415f581555655c062a34e0de4f26c578d5e7/ fee2117fec10e0207226795a440ffa42335c65be96f7a034323790c77013f571/
    [root@ip-172-31-25-40 ec2-user]# cd /var/lib/docker/containers/b7e3ba42ca0745717f393ae697c0415f581555655c062a34e0de4f26c578d5e7/
    [root@ip-172-31-25-40 b7e3ba42ca0745717f393ae697c0415f581555655c062a34e0de4f26c578d5e7]# ls
    b7e3ba42ca0745717f393ae697c0415f581555655c062a34e0de4f26c578d5e7-json.log config.v2.json hostname mounts resolv.conf.hash
    checkpoints hostconfig.json hosts resolv.conf
    [root@ip-172-31-25-40 b7e3ba42ca0745717f393ae697c0415f581555655c062a34e0de4f26c578d5e7]#

  3. Where to setup a payload compatible with Event API and how to forward the traps into the New Relic Event API? If you can share the documentation please

  4. What are the steps to configure the KSnmpTrap namespace?

  5. Kindly share the link for the high level architectural diagram.

#10

  1. container requirements are in this docs link; we expect to be able to handle ~2,000 SNMP Traps per second per core of CPU available to the container.

  2. this command isn’t correct: docker run -d -p 1620:1620 -it kentik/ktranslate:v2 (notes below)

  3. You don’t need to setup a payload for our Event API; that’s what the ktranslate container is for.

  4. Similar to #3; you don’t need to do this, ktranslate will process your traps and forward them into the correct namespace in the correct format for you.

  5. It was in my original reply; here is the link again for reference

Running the container

For a simple container that only listens for SNMP traps and is not responsible for any SNMP polling; you can follow these steps: (Replace $NEW_RELIC_LICENSE_KEY and $NEW_RELIC_ACCOUNT_ID in the commands below with your information)

  1. Pull the latest container image:
docker pull kentik/ktranslate:v2
  1. Run your container, listening on UDP port 1620 (this is the default port we use as 162 is privileged for docker’s purposes)
docker run -d --name ktranslate-snmp-traps --restart unless-stopped --net=host \
-e NEW_RELIC_API_KEY=$NEW_RELIC_LICENSE_KEY  \
kentik/ktranslate:v2 \
  -snmp /etc/ktranslate/snmp-base.yaml \
  -nr_account_id=$NEW_RELIC_ACCOUNT_ID \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=snmp-traps \
  nr1.snmp

OPTIONALLY
If you cannot change the target port on your devices, you can run your container listening on the default SNMP Trap port UDP 162

docker run -d --name ktranslate-snmp-traps --restart unless-stopped -p 162:1620/udp \
-e NEW_RELIC_API_KEY=$NEW_RELIC_LICENSE_KEY  \
kentik/ktranslate:v2 \
  -snmp /etc/ktranslate/snmp-base.yaml \
  -nr_account_id=$NEW_RELIC_ACCOUNT_ID \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=snmp-traps \
  nr1.snmp
1 Like
#11

Want to use 2nd option.
Will this container be always running in --restart mode?

There is no ktranslate folder and below is the output from my docker host :
[root@ip-172-31-25-40 etc]# ls -la /etc/ktranslate/snmp-base.yaml
ls: cannot access ‘/etc/ktranslate/snmp-base.yaml’: No such file or directory
[root@ip-172-31-25-40 etc]# ls k*
kdump.conf krb5.conf

kdump:
post.d pre.d

kernel:
install.d postinst.d

krb5.conf.d:
crypto-policies kcm_default_ccache
[root@ip-172-31-25-40 etc]#

ktranslate folder would be created once "docker pull kentik/ktranslate:v2 " or how is that?
Will this get all the respective files also?

Please provide more details.

#12

Hey there @risinamit,

I wanted to follow up and let you know the team is still working on this for you. We appreciate your patience as we continue to provide support. We will reach back out here when we have an update.

Please let us know if there are any changes on your end or if you have further questions. I hope you have a great day!

1 Like
#13

Thank you @michaelfrederick , I will wait for the update.

#14

@risinamit - there is not a ktranslate folder; ktranslate is the name of the container image that we use for network monitoring.

Here’s a breakdown of the docker run command (these options are also outlined in our docs:

docker run \
    -d \
    --name ktranslate-snmp-traps \
    --restart unless-stopped \
    -p 162:1620/udp \
    -e NEW_RELIC_API_KEY=$NEW_RELIC_LICENSE_KEY  \
kentik/ktranslate:v2 \
    -snmp /etc/ktranslate/snmp-base.yaml \
    -nr_account_id=$NEW_RELIC_ACCOUNT_ID \
    -metrics=jchf \
    -tee_logs=true \
    -service_name=snmp-traps \
    nr1.snmp

docker run :: this tells docker you want to run a container
-d :: this runs the container in “detached” mode, meaning in the background
--name ktranslate-snmp-traps :: this provides a friendly display name for your container of “ktranslate-snmp-traps”
--restart unless-stopped :: this sets your restart preference to make the container attempt the keep itself alive unless you manually stop it
p 162:1620/udp :: this sets up port forwarding from the docker host’s port 162 to the container on UDP 1620
-e NEW_RELIC_API_KEY=... :: this sets an environment variable for the container named “NEW _RELIC_API_KEY” that holds the license key needed to interact with our APIs
kentik/ktranslate:v2 :: this names the container image you are about to run
-snmp /etc/ktranslate/snmp-base.yaml :: this tells ktranslate to use the “snmp-base.yaml” file that is pre-loaded in the image since we are not providing one at runtime.
-nr_account_id :: this tells ktranslate which account ID at New Relic to interact with (some of our APIs require this in addition to the license key)
-metrics=jchf :: this enables ktranslate to send health metrics about itself into New Relic Metrics
-tee_logs=true :: this enables ktranslate to forward its own container logs into New Relic Logs
-service_name=snmp-traps :: this decorates the container logs with a field named “service_name”. docker does not decorate container logs with their container name by default so this allows you to easily isolate individual container logs when running multiple containers in your environment.
nr1.snmp :: this argument sets some of the defaults that are used for interaction with the New Relic APIs like listening endpoints, compression, etc.

As a quick test, I spun up an Ubuntu 20.04 EC2 host and ran the latest version of ktranslate as a Traps listener, and sent it some test traps using the NET-SNMP-EXAMPLES-MIB; results below:

Run Command

docker run -d --name ktranslate-snmp-traps --restart unless-stopped --net=host \
-e NEW_RELIC_API_KEY=$NEW_RELIC_LICENSE_KEY  \
kentik/ktranslate:v2 \
  -snmp /etc/ktranslate/snmp-base.yaml \
  -nr_account_id=$NEW_RELIC_ACCOUNT_ID \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=snmp-traps \
  nr1.snmp

Image 2022-05-26 at 9.35.34 AM
Image 2022-05-26 at 9.35.34 AM2080×186 70.8 KB

Test Traps

snmptrap -v 2c -c hello 127.0.0.1:1620 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456
snmptrap -v 2c -c hello 127.0.0.1:1620 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123457
snmptrap -v 2c -c hello 127.0.0.1:1620 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123458

Image 2022-05-26 at 9.34.57 AM
Image 2022-05-26 at 9.34.57 AM2280×182 116 KB

Results

FROM KSnmpTrap SELECT * SINCE 5 MINUTES AGO

Image 2022-05-26 at 9.36.06 AM
Image 2022-05-26 at 9.36.06 AM1224×1752 263 KB

1 Like
#15

Thank you for explanation.
Could you share the output of the docker run command from your execution?
Below is the output of my command and executed as non root user

Moderator Note: Redacting screenshot because it has API key in it

Status of my container is always restarting, is that normal or there is some issue?
Did you uploaded Net-SNMP-Examples-MIB on docker host, after starting the container?

#16

what do your logs tell you for the container?

docker logs ktranslate-snmp-traps

#17

Log was too long, I have captured some lines and are below:
[ec2-user@ip-172-31-25-40 ~]$ docker logs ktranslate-snmp-traps | more
2022-05-27T10:00:03.925 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:03.927 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:03.927 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:03.927 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:03.955 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:03.956 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:03.957 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:03.957 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:03.958 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:03.958 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:03.959 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:03.963 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:07.120 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:07.120 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:07.120 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:07.120 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:07.140 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:07.140 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:07.141 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:07.142 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:07.142 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:07.142 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:07.144 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:07.145 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:07.823 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:07.823 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:07.823 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:07.823 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:07.834 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:07.837 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:07.838 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:07.838 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:07.838 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:07.838 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:07.838 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:07.839 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:08.777 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:08.777 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:08.777 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:08.777 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:08.789 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:08.790 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:08.790 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:08.790 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:08.791 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:08.791 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:08.792 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:08.793 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:10.108 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:10.108 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:10.108 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:10.108 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:10.120 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:10.121 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:10.121 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:10.122 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:10.122 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:10.122 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:10.125 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:10.125 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:12.288 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:12.288 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:12.288 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:12.288 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:12.302 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:12.303 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:12.303 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:12.303 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:12.303 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:12.303 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:12.304 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:12.305 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:15.996 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:15.996 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:15.996 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:15.996 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:16.010 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:16.010 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:16.011 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:16.011 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:16.011 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:16.011 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:16.011 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:16.012 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:22.979 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:22.979 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:22.979 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:22.979 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:22.989 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:22.990 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:22.993 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:22.993 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:22.994 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:22.994 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:22.994 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:22.995 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:00:36.336 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:00:36.336 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:00:36.336 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:00:36.336 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:00:36.347 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:00:36.347 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:00:36.348 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:00:36.348 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:00:36.349 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:00:36.349 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:00:36.350 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:00:36.351 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:01:02.538 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:01:02.538 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
2022-05-27T10:01:02.538 ktranslate/snmp-traps [Info] snmp-traps Setting metrics: jchf
2022-05-27T10:01:02.538 ktranslate/snmp-traps [Info] snmp-traps Metrics: Connecting jchf
2022-05-27T10:01:02.550 ktranslate/snmp-traps [Info] KTranslate Turning on 1 processing threads
2022-05-27T10:01:02.550 ktranslate/snmp-traps [Info] KTranslate Loaded 128 custom mappings
2022-05-27T10:01:02.551 ktranslate/snmp-traps [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total
2022-05-27T10:01:02.551 ktranslate/snmp-traps [Info] KTranslate Using sink new_relic
2022-05-27T10:01:02.551 ktranslate/snmp-traps [Info] KTranslate Running – Version kt-2022-05-24-2378866532; Build Tue May 24 15:28:13 UTC 2022
2022-05-27T10:01:02.551 ktranslate/snmp-traps [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLit
e2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /etc/ktr
anslate/snmp-base.yaml -nr_account_id=3438257 -metrics=jchf -tee_logs=true -service_name=snmp-traps nr1.snmp]
2022-05-27T10:01:02.554 ktranslate/snmp-traps [Info] nrSink Exporting to New Relic at main: https://metric-api.newrelic.com/metric/v1, events: https://insigh
ts-collector.newrelic.com/v1/accounts/3438257/events, metrics: https://metric-api.newrelic.com/metric/v1, logs https://log-api.newrelic.com/log/v1
2022-05-27T10:01:02.555 ktranslate/snmp-traps [Info] nrSink Receiving logs…
service Run() error: Error testing https://insights-collector.newrelic.com/v1/accounts/3438257/events: There was an error when communicating to New Relic One
: 403.
2022-05-27T10:01:54.307 ktranslate/snmp-traps [Info] snmp-traps version kt-2022-05-24-2378866532 starting
2022-05-27T10:01:54.307 ktranslate/snmp-traps [Info] snmp-traps olly: disabled
–More–

#18

@risinamit - this is the problem you’re having; the container cannot communicate with the API endpoints. Looking at your screenshot from earlier, I noticed your license key was for our EU region; that requires one additional change to your docker run command to make the container target our EU API endpoints: nr_region=EU

docker run -d --name ktranslate-snmp-traps --restart unless-stopped --net=host \
-e NEW_RELIC_API_KEY=$NEW_RELIC_LICENSE_KEY  \
kentik/ktranslate:v2 \
  -snmp /etc/ktranslate/snmp-base.yaml \
  -nr_account_id=$NEW_RELIC_ACCOUNT_ID \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=snmp-traps \
  -nr_region=EU \
  nr1.snmp

That should get this sorted for you.

#19

Thank you @zackm.
Yes container is all sorted out now.
I tried generating traps as

snmptrap -v 2c -c hello 127.0.0.1:1620 ‘’ 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 1234511
snmptrap -v 2c -c hello 127.0.0.1:1620 ‘’ 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 1234522
snmptrap -v 2c -c hello 127.0.0.1:1620 ‘’ 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 1234533

But I do not see KSnmpTrap table in New Relic. I followed the same steps as mentioned by you in my linux machine.

I have 2 more queries :slight_smile:

  1. Is it necessary to define the location, even though account number & NR api key was provided?
  2. If any new mibs are required, what will be the process to push in github and who will push that?
#20
  1. Yes. Inside the container code, the interaction with our APIs is the same as if you were building out your own custom events. At a minimum, this requires the following:
  • NR Account ID
  • NR License Key
  • Correct endpoint (US/EU/GOV)
  • Compressed JSON payload
  1. Opening an issue on the open source SNMP profiles repo is the best way to have additional MIB support added.
1 Like