SNMP trap receiver with ubuntu

Posted on by phong

https://www.adminblog.org/2013/06/11/snmp-trap-receiver-with-ubuntu/

The following steps explain how to setup an ubuntu box ( debian should work aswell ) as an snmp trap receiver. You can define which incoming traps you want to process and where to log them to (syslog, File, Database). You can also execute a specific command when a trap is received.

Installation

aptitude install snmp snmpd snmptt

Configuration

Edit /etc/snmp/snmptrapd.conf:

# To accept all traps
disableAuthorization yes
# To handle traps with snmptt
traphandle default /usr/sbin/snmptt

Edit /etc/default/snmpd:

change

TRAPDRUN=no

to

TRAPDRUN=yes

and change

TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

to

TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'

The ‘-On’ parameter tells snmptrapd to log OID numbers. This is needed for snmptt to recognize the incoming traps.

Next edit /etc/snmp/snmptt.ini and change

unknown_trap_log_enable = 0

to

unknown_trap_log_enable = 1

This enables logging all incoming traps to /var/log/snmptt/snmpttunknown.log.

Testing

Now we will create a handler for a test trap. To do so edit /etc/snmp/snmptt.conf and paste the following lines at the end:

#
EVENT test .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT Just a Test
EXEC touch /root/testsuccessful
SDESC
This is a test
EDESC

(Re)start the snmp daemons:

/etc/init.d/snmpd restart
/etc/init.d/snmpd status

should show snmpd and snmptrapd are running. We can give this all a try by entering the following command (best done from another machine to see it´s working from other hosts, change DESTINATIONIP to match yours):

snmptrap -v 1 -c public DESTINATIONIP "" "" 1 1  ""

Now you should now have the logfile /var/log/snmptt/snmptt.log created and filled whith your entry. Also the file /root/testsuccessful should be created so our custom handler command was also fired.

From this point on you should be able to create your own handlers. Unknown traps will be logged to /var/log/snmptt/snmpttunknown.log. Take the OID (in brackets), e. g.

Unknown trap (.1.3.6.1.6.3.1.1.5.2) received from

to define your own handlers and change the EXEC statement to your needs or comment it out.

Test if it running:

netstat -tulanp|grep snmp

Written by phong

View all author posts →

View Larger Map