Skip to main content
Version: 7.4

Devices

NetObserv Trap makes it simple to manage the devices counting towards your license limit. NetObserv Trap uses the devices defined in the device store file to determine the number of devices that are being monitored. Whenever a new device sends a trap packet to the collector, an entry is automatically added to the device file and if the licensed count hasn't been reached the device is set to active. Otherwise uses are free to update the file manually to specify which devices to listen for. As an added feature, NetObserv Trap will automatically deactivate a device which has not been heard from in a specified number of days.

The location of the device definition files is specified by EF_INPUT_TRAP_LISTENER_DEVICE_STORE_PATH in the collectors configuration options. The default location is /etc/elastiflow/trap/devices/devices.yml.

Listener Device Store Configuration Options

Please visit Trap Listener Device Store Settings to learn more about how the listener device store can be configured.

Listener Device File Example

Full configuration:

127.0.0.1:55014:
  ip: 127.0.0.1
  port: 55014
  active: true
  last_received: 2024-09-28T23:10:47.665385-05:00
127.0.0.1:57102:
  ip: 127.0.0.1
  port: 57102
  active: true
  last_received: 2024-09-29T00:11:57.963101-05:00
127.0.0.1:61511:
  ip: 127.0.0.1
  port: 61511
  active: true
  last_received: 2024-09-29T00:11:04.876109-05:00

Configuration Attributes

Device Key

The device key is a unique identifier for the device. It is a combination of the device's IP address and the port on which the device is sending the Trap requests.

EXAMPLE: 127.0.0.1:61511

ip

The IP address of the device from which the Trap requests are sent.

EXAMPLE: ip: 192.0.2.2

port

The UDP/TCP port from which a device is sending Trap requests.

EXAMPLE: 57102

active

Whether a device is actively counting towards the license limit. This field maybe manually changed as needed, however the license enforcer will always ensure the licensed number of devices are active.

  • Default
    • true

last_received

The datetime stamp of the last time a trap was received from the device. This field is used to determine if a device has not been heard from in a specified number of days and should be automatically deactivated.

EXAMPLE: 2024-09-29T00:11:04.876109-05:00

info

As new devices send trap packets to the collector, an entry is automatically added to the device file. If the licensed count hasn't been reached, the device is set to active. Otherwise, users are free to update the file manually to specify which devices to listen for. As an added feature, NetObserv Trap will automatically deactivate a device that has not been heard from in a specified number of days.