How To Send And Receive Snmp Traps

SNMPTRAPD gets started from snmpd.conf.
Depending on your distro you will have to also enable them on /etc/default/snmpd

First of all you have to have a /etc/snmp/snmpd.conf similar to this one

Then you need a /etc/snmptrapd.conf like this:

#Previously, snmptrapd would accept all incoming notifications, and log them automatically (even if no explicit configuration was provided). 
#Starting with release 5.3, access control checks will be applied
disableAuthorization yes

traphandle default /usr/sbin/snmptrapfmthdlr

Now we need a MIB we can try with:

Create a MIB file with name /usr/share/snmp/mibs/TRAP-TEST-MIB.txt with the following content:

TRAP-TEST-MIB DEFINITIONS ::= BEGIN
IMPORTS ucdExperimental FROM UCD-SNMP-MIB;

demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 }

demo-trap TRAP-TYPE
STATUS current
ENTERPRISE demotraps
VARIABLES { sysLocation }
DESCRIPTION "This is just a demo"
::= 17

END

Restart the snmp daemon and run "ps axf", you should see snmpd and snmptrapd are running.

You can also check with: netstat -lnu|egrep "161|162" if the ports are open.

Make sure your firewall is not blocking connections to these ports and modify it if you need to.

Copy the MIB file we created earlier to the mibs directory on the box the trap is going to be sent from.

Now run:

snmptrap -v 1 -c public 192.168.2.237 TRAP-TEST-MIB::demotraps localhost 6 17 '' SNMPv2-MIB::sysLocation.0 s "Ryan was just here"

You should have received this message on the server's syslog.

If you want SNMPTRAP to log to a file different than syslog, in /etc/defaults/snmpd

Change this line:

TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

In to this one:

TRAPDOPTS='-Lf /tmp/snmp -p /var/run/snmptrapd.pid'

See "man snmpcmd" for logging options.

MIB definition taken from net-snmp

########################

To find out if the MIB you are trying to use has its dependencies met, open the MIB file and locate one of its modules, so we can search for it.

For instance:

[…]

eventTable OBJECT-TYPE
SYNTAX SEQUENCE OF EventEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION ""
::= { events 1 }

[…]

Copy the MIB file to /usr/share/mibs/netsnmp/

Then run:

snmptranslate -IR eventTable

Where eventTable is the name of an object, in the MIB we are trying to push in.

Then, snmptranslate will tell us what modules this MIB is missing:

usm:~# snmptranslate -IR eventTable
No log handling enabled - turning on stderr logging
MIB search path: /root/.snmp/mibs:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (SNMPv2-SMI): At line 14 in /usr/share/mibs/netsnmp/ISS-MIB
Cannot find module (SNMPv2-TC): At line 16 in /usr/share/mibs/netsnmp/ISS-MIB
Cannot find module (IF-MIB): At line 20 in /usr/share/mibs/netsnmp/ISS-MIB
Did not find 'enterprises' in module #-1 (/usr/share/mibs/netsnmp/ISS-MIB)
Did not find 'DisplayString' in module #-1 (/usr/share/mibs/netsnmp/ISS-MIB)
Did not find 'TruthValue' in module #-1 (/usr/share/mibs/netsnmp/ISS-MIB)
Did not find 'DateAndTime' in module #-1 (/usr/share/mibs/netsnmp/ISS-MIB)
Did not find 'ifAlias' in module #-1 (/usr/share/mibs/netsnmp/ISS-MIB)
Unlinked OID in ISS-MIB: iss ::= { enterprises 2499 }
Undefined identifier: enterprises near line 23 of /usr/share/mibs/netsnmp/ISS-MIB
Cannot adopt OID in ISS-MIB: v25EventObjectsGroup ::= { realSecureMIBGroups 2 }
Cannot adopt OID in ISS-MIB: v15EventObjectsGroup ::= { realSecureMIBGroups 1 }
Cannot adopt OID in ISS-MIB: daemon ::= { v1-5 3 }

[…]

The package that provides the extra MIBs this MIB depends on, is called snmp-mibs-downloader

http://packages.debian.org/squeeze/snmp-mibs-downloader

After installing it, you need to copy or link the following MIBs to /usr/share/mibs/netsnmp/

…mibs/ietf/SNMPv2-SMI
…mibs/ietf/SNMPv2-TC
…mibs/ietf/IF-MIB -TC
…mibs/ietf/SNMPv2-MIB
…mibs/iana/IANAifType-MIB

Also to /usr/share/snmp/mibs/

ln -s /usr/share/mibs/netsnmp/SNMPv2-SMI /usr/share/snmp/mibs/SNMPv2-SMI
ln -s /usr/share/mibs/netsnmp/SNMPv2-TC /usr/share/snmp/mibs/SNMPv2-TC
ln -s /usr/share/mibs/netsnmp/IF-MIB /usr/share/snmp/mibs/IF-MIB
ln -s /usr/share/mibs/netsnmp/SNMPv2-MIB /usr/share/snmp/mibs/SNMPv2-MIB
ln -s /usr/share/mibs/netsnmp/IANAifType-MIB /usr/share/snmp/mibs/IANAifType-MIB

Lastly, you need to create the file /etc/snmp/snmp.local.conf with the following content:

usm:~# cat /etc/snmp/snmp.local.conf
mibs :ISS-MIB

/etc/init.d/snmpd restart

After managing to have the snmptranslate command to work, we need to restart snmpd and verify on /var/log/syslog that no errors are found.

You may find errors like this:

Sep 2 12:55:43 usm snmptrapd[3135]: MIB search path: /usr/share/snmp/mibs
Sep 2 12:55:43 usm snmptrapd[3135]: Cannot find module (ISS-MIB): At line 0 in (none)

Which get solved by linking the necessary MIBs to /usr/share/snmp/mibs and restarting the service again.

To load the ISS-MIB, you need to specify it in:

/etc/snmp/snmp.local.conf

More info:

http://www.net-snmp.org/tutorial/tutorial-5/commands/mib-options.html

page revision: 12, last edited: 02 Sep 2013 14:55
Edit Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License