We started receiving SNMP Traps in our setup but noticed that the events are not properly mapped to hosts. The events are having the field Hostname with the host ip address but the IP is not mapped to the host. Is this a missing feature or are we missing something in our setup?
It seems that I`m not the first one with this situation.
I asked the checkmk chat bot https://chat.checkmk.com/ this question.
I’ll want try that too, because it sounds easy.
This was the answer I got (for version 2.4.0):
To quickly assign SNMP traps to hosts based on the sender’s IP address in Checkmk, the system uses the IP address of the trap sender and matches it against the IP addresses of hosts already configured in the monitoring. This requires that the hosts are properly created in Checkmk with their IP addresses or resolvable hostnames.
Key points:
Checkmk’s Event Console receives SNMP traps directly without needing external tools like snmptrapd.
When a trap arrives, Checkmk checks the sender’s IP address and tries to match it to a known host in the monitoring configuration.
For this to work reliably, hosts must be configured with their correct IP addresses in Checkmk.
If traps contain hostnames instead of IPs, you can use host name matching rules or regular expressions to translate or match these names to your configured hosts.
The IP address matching is the most straightforward and reliable method for automatic host assignment of traps.
In summary, ensure your hosts are configured with their IP addresses in Checkmk, enable SNMP trap reception in the Event Console, and Checkmk will automatically assign incoming traps to the correct host based on the sender IP SNMP Trap Reception Setup, Host Name Matching Rules, Host Registration Process.
If you want to test trap reception, you can send a test trap from another system using the snmptrap command and verify it is assigned correctly by checking the Event Console logs SNMP Trap Reception Setup.
Thanks for the prompt response. Found some issues at my end and also some things that still needs testing:
When sending the test payload I was pointing to a different site (For testing purposes we have two sites running in the same server), after updating that I was able to see the proper hostname set in the event.
We have some devices with multiple ip addresses and the assignment only works for the main ip address. This might be a problem for devices with multiple ip addresses.
In our scenario they are important and this mapping is how we will track the source with more useful informations like location. I will mark your last reply as solution, thanks for the prompt response. We will create multiple entries for each ip available as the secondary ips are not supported.