Open
Conversation
Adds an SNMP provider that receives trap data via webhook, using the same zero-dependency pattern as the Checkmk, Wazuh, and Netdata providers. An SNMP manager (snmptrapd, Net-SNMP, Zabbix, etc.) posts trap data as JSON to Keep's webhook endpoint — no pysnmp or other SNMP library needed. - Maps all 7 RFC 1157 generic trap types to AlertSeverity/AlertStatus (linkDown → CRITICAL/FIRING, linkUp → INFO/RESOLVED, etc.) - Extracts varbinds, OIDs, agent address, enterprise OID, community string - Accepts both camelCase and snake_case field names for interoperability - Includes alerts_mock.py and a full pytest suite covering all trap types, field aliases, varbind formatting, and edge cases Closes keephq#2112
dosubot
Bot
added
the
size:L
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #2112
What this adds
An SNMP provider that ingests trap data via webhook — same zero-dependency pattern as the Checkmk, Wazuh, and Netdata providers.
An SNMP manager (snmptrapd, Net-SNMP, Zabbix, or any custom handler) formats trap data as JSON and POSTs it to Keep's webhook endpoint. No
pysnmp, noeasysnmp, no external SNMP library on Keep's side.Files
keep/providers/snmp_provider/snmp_provider.pykeep/providers/snmp_provider/alerts_mock.pytests/providers/snmp_provider/test_snmp_provider.pyBehaviour
All 7 RFC 1157 generic trap types handled:
Field aliasing — accepts both
snake_caseandcamelCasevariants (agent_addr/agentAddr,trap_type/trapType, etc.) for compatibility with different trap forwarders.Varbind extraction — OID, type, and value included in the alert description.
Example payload
{ "agent_addr": "192.168.1.10", "trap_type": 2, "trap_name": "linkDown", "enterprise": "1.3.6.1.2.1.11", "uptime": "123456", "timestamp": "2024-10-26T23:20:39+00:00", "community": "public", "varbinds": [ {"oid": "1.3.6.1.2.1.2.2.1.1.1", "type": "integer", "value": "1"}, {"oid": "1.3.6.1.2.1.2.2.1.2.1", "type": "octet-string", "value": "eth0"} ] }Why webhook-based, no pysnmp
Adding pysnmp (or any SNMP library) means Keep would need to open a UDP port, manage its own trap receiver, handle SNMPv1/v2c/v3 auth, and deal with ASN.1 decoding. All of that complexity lives in the user's existing SNMP infrastructure already. The webhook model lets any trap daemon do the heavy lifting and push clean JSON — the same pattern Checkmk, Wazuh, and Netdata use.