Struggling with snmptrapd
Posted by dankgus@reddit | linuxadmin | View on Reddit | 15 comments
I'm running Ubuntu and trying to collect snmp traps to a file. Very basic. Initial googling suggests using snmptrapd.
I have verified sending test traps, from my PC, that the server is seeing them, both by using tcpdump and also by configuring a traphandle script to run when a trap is received. I am trying to echo the contents of the trap to a file but it seems like snmptrapd is not passing arguments.
I wonder if anybody has tips. Below is the script I am running when a trap is received:
#!/bin/bash
# Log file to store received traps
LOG_FILE=/var/log/snmptraplog.txt
# Timestamp for the trap reception
TIMESTAMP=$(date +"%Y-%m-%d %T")
# Append the received trap details to the log file
echo "Received trap at $TIMESTAMP:" >> $LOG_FILE
echo "----------------------------------" >> $LOG_FILE
echo "Number of arguments: $#" >> $LOG_FILE
echo "$@" >> $LOG_FILE
echo "----------------------------------" >> $LOG_FILE
echo >> $LOG_FILE
If there is a better way of accomplishing this task, I am open for suggestions. I appreciate any input.
Tom_0974@reddit
Based on my field experience I can say that PRTG is quite reliable, especially for SNMP trap collection.
Austin_ticklee@reddit
How are you calling it?
dankgus@reddit (OP)
I'm calling the script from /etc/snmp/snmptrapd.conf (seen below). The script DOES run when a trap is received, I can tell due to the "echo" commands I have in the script that write the date into the log file.
An example configuration file for configuring the Net-SNMP snmptrapd agent.
This file is intended to only be an example.
When the snmptrapd agent starts up, this is where it will look for it.
All lines beginning with a '#' are comments and are intended for you
to read. All other lines are configuration commands for the agent.
PLEASE: read the snmptrapd.conf(5) manual page as well!
authCommunity log,execute,net private
authCommunity log,execute,net public
send mail when get any events
traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org
send mail when get linkDown
traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org
disableAuthorization yes authcommunity log,execute,net public traphandle default /etc/snmp/basictraphandler.sh
kellyzdude@reddit
I think if you replace the line:
in your script, with:
It should work?
If I'm reading the documentation correctly, the data is passed as STDIN, not as an argument of any kind.
marozsas@reddit
Yes. I use a slightly different construction, just `cat >>$LOG_FILE`
dankgus@reddit (OP)
That produced some results!!!
Thank you, that is a huge step forward and gives me a lot to go on!
nktje@reddit
Zabbix.
dankgus@reddit (OP)
I just took a quick look, Zabbix feels like way more than what I am looking for.
My ultimate goal is to make this snmp data available to my Splunk server, using a forwarder to monitor the snmp log file(s). Not exactly sure how it's done, but it seems like snmptrapd is an accepted way of getting this done - but I need to get snmptrapd working first!
Among my brief looking at Zabbix today I see a lot of google results "Zabbix vs Splunk" lol. Also, there are people wondering how to get their Splunk data INTO Zabbix.
nktje@reddit
Didn’t get the splunk idea. Also don’t get the idea why I’m downvoted. Anyways the idea of snmp is to get and set things. What’s wrong with zabbix people? Please elaborate
dankgus@reddit (OP)
Yeah I initially didn't mention Splunk because I didn't want to cloud the primary issue, being that I couldn't get snmptrapd to function fully.
Austin_ticklee@reddit
What's your snmptrapd command look like?
ps -elf | grep trapd
dankgus@reddit (OP)
/usr/sbin/snmptrapd -Ln -f -Lf /var/log/snmptrapd.log
That is the command listed in the file "/etc/systemd/system/snmptrapd.service.d/override.conf". Thank you for posting the command that reveals this. I think it verifies the override.conf file is indeed in effect.
There is another config file "/lib/systemd/system/snmptrapd.service" that has a different command "ExecStart=/usr/sbin/snmptrapd -LOw -f udp:162 udp6:162". I'm guessing due to the override.conf file this command is ignored.
Austin_ticklee@reddit
Yeah, that seems right. How come the args aren't popping through. Hrm.
MedicatedDeveloper@reddit
OPTIONS="-Lf /var/log/snmptrapd.log"
Should be all you need, then set the universal forwarder to forward the log file.
Desperate_Antelope60@reddit
You can use -t option with snmptrapd.
snmptrapd -tLf /your-log-location/yourlogfile.log