SNMP trap receiver with ubuntu

The following steps explain how to setup an ubuntu box ( debian should work aswell ) as an snmp trap receiver. You can define which incoming traps you want to process and where to log them to (syslog, File, Database). You can also execute a specific command when a trap is received.


aptitude install snmp snmpd snmptt


Edit /etc/snmp/snmptrapd.conf:

# To accept all traps
disableAuthorization yes
# To handle traps with snmptt
traphandle default /usr/sbin/snmptt

Edit /etc/default/snmpd:





and change

TRAPDOPTS='-Lsd -p /var/run/'


TRAPDOPTS='-On -Lsd -p /var/run/'

The ‘-On’ parameter tells snmptrapd to log OID numbers. This is needed for snmptt to recognize the incoming traps.

Next edit /etc/snmp/snmptt.ini and change

unknown_trap_log_enable = 0


unknown_trap_log_enable = 1

This enables logging all incoming traps to /var/log/snmptt/snmpttunknown.log.


Now we will create a handler for a test trap. To do so edit /etc/snmp/snmptt.conf and paste the following lines at the end:

EVENT test . "Status Events" Normal
FORMAT Just a Test
EXEC touch /root/testsuccessful
This is a test

(Re)start the snmp daemons:

/etc/init.d/snmpd restart
/etc/init.d/snmpd status

should show snmpd and snmptrapd are running. We can give this all a try by entering the following command (best done from another machine to see it´s working from other hosts, change DESTINATIONIP to match yours):

snmptrap -v 1 -c public DESTINATIONIP "" "" 1 1  ""

Now you should now have the logfile /var/log/snmptt/snmptt.log created and filled whith your entry. Also the file /root/testsuccessful should be created so our custom handler command was also fired.

From this point on you should be able to create your own handlers. Unknown traps will be logged to /var/log/snmptt/snmpttunknown.log. Take the OID (in brackets), e. g.

Unknown trap (. received from

to define your own handlers and change the EXEC statement to your needs or comment it out.

Test if it running:

netstat -tulanp|grep snmp