Monday, February 11, 2013

How to Configure Windows Event Logs as SNMP Traps

There are a lot of different monitoring suites out there that monitor servers by using SNMP traps. If you want to be alerted when a specific error or warning occurs in any of your event logs, you need to configure those events to send an SNMP trap.

To do this, you need to launch %windir%\system32\evntwin.exe to start configuring them. That opens up a window like this.

Select the Custom radial button, then click Edit.
That opens this "Event to Trap Translator". First, you need to expand the event log that you want to look in from the "Event sources" window. That shows you all of the event sources that have registered events in that event log. Select one of the event sources, and the related events shows in the events window. In the example image I selected Kerberos. Then, in the "Events" window you select the event that you want to start sending SNMP traps for. Click Add to configure that event send SNMP traps.

You can click OK for it to generate a trap every time that event occurs. Or, you can modify some the settings in the "Generate trap" section to limit the amount of traps it sends out.
Click OK, and you are done.