feat(providers): add SNMP provider for ingesting traps as alerts#6281
Open
junaiddshaukat wants to merge 1 commit intokeephq:mainfrom
Open
feat(providers): add SNMP provider for ingesting traps as alerts#6281junaiddshaukat wants to merge 1 commit intokeephq:mainfrom
junaiddshaukat wants to merge 1 commit intokeephq:mainfrom
Conversation
Passive SNMP provider that receives traps via a small snmptrapd exec hook forwarding parsed traps as JSON to Keep's webhook endpoint. - _format_alert converts trap payload into AlertDto - Built-in severity mapping for standard RFC 1907 / RFC 3418 trap OIDs (coldStart, warmStart, linkDown, linkUp, authenticationFailure, egpNeighborLoss) with a user-configurable default_severity fallback - Varbinds exposed as labels["var:<oid>"] - Fingerprint derived from (trap_oid, source_address) for deduplication - Docs include snmptrapd.conf snippet and minimal bash bridge - simulate_alert fixture for UI testing - Unit tests for naming, severity resolution, fingerprinting, labels Closes keephq#2112
dosubot
Bot
added
the
size:L
|
|
dosubot
Bot
added
Documentation
Author
|
Hi @Matvey-Kuk @shahargl, Please have a look on this PR when you got chance, happy to iterate anything |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Adds a passive SNMP provider. The user's existing
snmptrapddaemon receives the trap; a tiny exec hook forwards it as JSON to Keep's webhook endpoint. The provider parses the payload into anAlertDto. Same webhook-receiver shape as the Prometheus / Grafana providers.Why webhook-based and not a native UDP listener inside Keep? Port 162 is privileged, and a per-tenant/per-replica UDP listener inside the API server doesn't fit Keep's deployment model (horizontally scaled, no shared port claim). Delegating raw SNMP handling to
snmptrapdkeeps the provider small, stateless, deploy-shape-agnostic, and consistent with how every other monitoring-tool integration in the repo works.Features
coldStart,warmStart,linkDown,linkUp,authenticationFailure,egpNeighborLoss)default_severityfor unknown trap OIDsseverityfield in the payload always winslabels["var:<oid>"]so they're queryable without clobbering top-level keyssha256(trap_oid|source_address)→ same trap from same host dedupes correctlysimulate_alertwith 4 representative trap fixtures for UI testingDemo Video
Screen.Recording.2026-04-23.at.3.33.50.AM.mov
The video shows: connect the provider from the UI → POST a
linkDowntrap to the webhook URL → POST anauthenticationFailuretrap → both alerts land in the feed with correct severity (high,warning),source: snmp, and varbinds visible on the labels.Testing that i have done
poetry run pytest tests/test_snmp_provider.py -v→ 10 passedpoetry run pre-commit run --files <new files>→ all green (black,isort,ruff, end-of-files, trailing whitespace)Checklist
CONTRIBUTING.md(PEP8, black, isort)simulate_alertworks from the UICloses #2112
/claim #2112