snmptrap-receiver

$npx mdskill add automateyournetwork/netclaw/snmptrap-receiver

Receives and queries SNMP traps from network devices via UDP

  • Monitors network events like link status and authentication failures
  • Uses UDP and supports SNMPv1, SNMPv2c, and SNMPv3 trap formats
  • Filters and aggregates traps by type, source, or SNMP version
  • Provides trap details and statistics through query tools

SKILL.md

.github/skills/snmptrap-receiverView on GitHub ↗
---
name: snmptrap-receiver
description: "Receive and query SNMP traps from network devices via UDP."
version: 1.0.0
license: Apache-2.0
author: netclaw
tags: []
---

# SNMP Trap Receiver Skill

Receive and query SNMP traps from network devices via UDP.

## Skill ID

`snmptrap-receiver`

## Description

This skill enables NetClaw to receive SNMP traps from network devices (routers, switches, firewalls) and query the collected data. It supports SNMPv1, SNMPv2c, and SNMPv3 trap formats.

## When to Use

- Monitoring network device events (link up/down, authentication failures)
- Investigating incidents by querying historical trap data
- Aggregating traps from multiple network devices
- Filtering traps by type, source, or SNMP version
- Analyzing trap patterns across the network

## Required MCP Server

`snmptrap-mcp`

## Available Tools

| Tool | Purpose |
|------|---------|
| `snmptrap_start_receiver` | Start listening for SNMP traps |
| `snmptrap_stop_receiver` | Stop the receiver |
| `snmptrap_get_status` | Check receiver status and statistics |
| `snmptrap_query` | Search traps with filters |
| `snmptrap_get_trap` | Get full details of a specific trap |
| `snmptrap_get_counts` | Get trap counts by type and source |

## Example Workflows

### Start Monitoring

```
1. Use snmptrap_start_receiver with port 10162
2. Configure network devices to send traps to this port
3. Use snmptrap_get_status to verify traps are being received
```

### Investigate Link Issues

```
1. Use snmptrap_query with trap_oid_prefix "1.3.6.1.6.3.1.1.5" for standard traps
2. Filter by source_ip to focus on specific device
3. Use snmptrap_get_trap for full variable binding details
```

### Daily Summary

```
1. Use snmptrap_get_counts to see trap distribution
2. Focus on linkDown, authenticationFailure counts
3. Query high-frequency trap sources for details
```

## Sample Prompts

- "Start the SNMP trap receiver on port 10162"
- "Show me all linkDown traps from the last hour"
- "How many traps have we received by type?"
- "Find all SNMP traps from 192.168.1.1"
- "What's the trap receiver status?"
- "Query SNMPv3 traps received today"

## Configuration

The snmptrap-mcp server is configured via environment variables:

- `SNMPTRAP_PORT`: UDP listening port (default: 162)
- `SNMPTRAP_BIND_ADDRESS`: Bind address (default: 0.0.0.0)
- `SNMPTRAP_RETENTION_HOURS`: Trap retention (default: 24)
- `SNMPTRAP_RATE_LIMIT`: Max traps/second (default: 1000)
- `SNMPTRAP_DEDUP_WINDOW`: Dedup window in seconds (default: 5)

## Limitations

- In-memory storage only (data lost on restart)
- SNMPv3 requires USM user configuration for full parsing
- Single instance per port
- No MIB compilation (OIDs shown numerically)
- UDP only (no TCP/TLS support)

## Related Skills

- `syslog-receiver` - Syslog message collection
- `ipfix-receiver` - Flow data collection
- `gnmi-telemetry` - Streaming telemetry

More from automateyournetwork/netclaw

SkillDescription
aap-automationRed Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-edaEvent-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lintansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploySafe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-auditComprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvpArista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-configView and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfacesMonitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switchingView and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-systemDiscover Aruba CX switch system information, firmware versions, and VSF topology