Hello Team, 

Wondering if someone can shed some light and help me understand the workings of a MID server in relation to processing inbound SNMP traps and Syslogs?

1) Syslog processing - Can a MID server receive syslogs on the standard Syslog Port (UDP-514)? if so is this something I need to enable on the cloud side to push the config to the MID or something on the MID server conf file that I can enable this? 

If yes, is there a way to format syslogs before they reach the em_event table. 

if No, any recommendations/suggestions on syslog to trap or syslog to REST/JSON (open source - like Graylog or ELK) something you are using now to feed data to em_event?

2) SNMP Traps - Inbound to a MID server. Does the MID server, when receiving inbound SNMP traps, utilize the MIBS (esp that define the trap format) to map the varbinds to em_event fields? 

I dont see this working, when I do load the MIBs; but that could be because I don't have the correct dependency mibs loaded. Otherwise, the MIBs might be only for inventory - discovery via MID. 

If MIB's are not used my MID server for inbound SNMP trap formatting natively, is there a different way I can format the trap varbinds from various tools / devices traps -> to format properly before they reach em_event table.

I know I could do this with NNM, Netcool Omnibus.. etc.. but wanted to see if MID could natively do this.

Basically, I am looking for more intelligence in trap handling at the MID server, almost like the work that happens at em_event table, happen on-prem, so the flood of events can be managed using de-dup keys and suppression on premise before the load is put on the cloud SNOW EM instance. 

Thanks in advance for your input. 

Regards, 

Dan