The following steps explain how to setup an ubuntu box ( debian should work aswell ) as an snmp trap receiver. You can define which incoming traps you want to process and where to log them to (syslog, File, Database). You can also execute a specific command when a trap is received.
aptitude install snmp snmpd snmptt
# To accept all traps disableAuthorization yes # To handle traps with snmptt traphandle default /usr/sbin/snmptt
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'
The ‘-On’ parameter tells snmptrapd to log OID numbers. This is needed for snmptt to recognize the incoming traps.
Next edit /etc/snmp/snmptt.ini and change
unknown_trap_log_enable = 0
unknown_trap_log_enable = 1
This enables logging all incoming traps to /var/log/snmptt/snmpttunknown.log.
Now we will create a handler for a test trap. To do so edit /etc/snmp/snmptt.conf and paste the following lines at the end:
# EVENT test .18.104.22.168.22.214.171.124.5.2 "Status Events" Normal FORMAT Just a Test EXEC touch /root/testsuccessful SDESC This is a test EDESC
(Re)start the snmp daemons:
should show snmpd and snmptrapd are running. We can give this all a try by entering the following command (best done from another machine to see it´s working from other hosts, change DESTINATIONIP to match yours):
snmptrap -v 1 -c public DESTINATIONIP "" "" 1 1 ""
Now you should now have the logfile /var/log/snmptt/snmptt.log created and filled whith your entry. Also the file /root/testsuccessful should be created so our custom handler command was also fired.
From this point on you should be able to create your own handlers. Unknown traps will be logged to /var/log/snmptt/snmpttunknown.log. Take the OID (in brackets), e. g.
Unknown trap (.126.96.36.199.188.8.131.52.5.2) received from
to define your own handlers and change the EXEC statement to your needs or comment it out.
Test if it running:
netstat -tulanp|grep snmp