Zabbix Documentation 5.0

3.04.04.4 (current)| In development:5.0 (devel)| Unsupported:1.82.02.22.43.23.44.2Guidelines

User Tools

Site Tools


manual:config:items:itemtypes:snmptrap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:config:items:itemtypes:snmptrap [2015/09/15 10:20]
wiper Added note about log file size limits
manual:config:items:itemtypes:snmptrap [2020/02/20 09:15] (current)
martins-v net-snmp-perl has been removed in RHEL/CentOS 8
Line 1: Line 1:
-==== - #3 SNMP traps ====+==== 3 SNMP traps ====
  
 === Overview === === Overview ===
Line 18: Line 18:
   - Zabbix SNMP trapper reads and parses the trap file   - Zabbix SNMP trapper reads and parses the trap file
   - For each trap Zabbix finds all "SNMP trapper"​ items with host interfaces matching the received trap address. Note that only the selected "​IP"​ or "​DNS"​ in host interface is used during the matching.   - For each trap Zabbix finds all "SNMP trapper"​ items with host interfaces matching the received trap address. Note that only the selected "​IP"​ or "​DNS"​ in host interface is used during the matching.
-  - For each found item, the trap is compared to regex in "​snmptrap[regex]". The trap is set as the value of **all** matched items. If no matching item is found and there is an "​snmptrap.fallback"​ item, the trap is set as the value of that.+  - For each found item, the trap is compared to regexp ​in "​snmptrap[regexp]". The trap is set as the value of **all** matched items. If no matching item is found and there is an "​snmptrap.fallback"​ item, the trap is set as the value of that.
   - If the trap was not set as the value of any item, Zabbix by default logs the unmatched trap. (This is configured by "Log unmatched SNMP traps" in Administration -> General -> Other.)   - If the trap was not set as the value of any item, Zabbix by default logs the unmatched trap. (This is configured by "Log unmatched SNMP traps" in Administration -> General -> Other.)
  
Line 36: Line 36:
 ^  Description ​ ^  Return value  ^  Comments ​ ^ ^  Description ​ ^  Return value  ^  Comments ​ ^
 | ||| | |||
-^snmptrap[regex] ||| +^snmptrap[regexp] ||| 
-| Catches all SNMP traps from a corresponding address ​that match the [[:​manual/​regular_expressions|regular expression]] specified in **regex** | SNMP trap | This item can be set only for SNMP interfaces. \\ This item is supported since Zabbix **2.0.0.**\\ //Note//: Starting with Zabbix 2.0.5, user macros and global regular expressions are supported in the parameter of this item key.  |+| Catches all SNMP traps that match the [[:​manual/​regular_expressions|regular expression]] specified in **regexp**. If regexp is unspecified,​ catches any trap. | SNMP trap | This item can be set only for SNMP interfaces. \\ This item is supported since Zabbix **2.0.0.**\\ //Note//: Starting with Zabbix 2.0.5, user macros and global regular expressions are supported in the parameter of this item key.  |
 | ||| | |||
 ^snmptrap.fallback ||| ^snmptrap.fallback |||
-| Catches all SNMP traps from a corresponding address ​that were not caught by any of the snmptrap[] items for that interface | SNMP trap | This item can be set only for SNMP interfaces.\\ This item is supported since Zabbix **2.0.0.** ​ |+| Catches all SNMP traps that were not caught by any of the snmptrap[] items for that interface| SNMP trap | This item can be set only for SNMP interfaces.\\ This item is supported since Zabbix **2.0.0.** ​ |
  
-<​note>​Multi-line ​regex matching is not supported at this time.</​note>​+<​note>​Multi-line ​regexp ​matching is not supported at this time.</​note>​
  
 Set the **Type of information** to be '​Log'​ for the timestamps to be parsed. Note that other formats such as '​Numeric'​ are also acceptable but might require a custom trap handler. Set the **Type of information** to be '​Log'​ for the timestamps to be parsed. Note that other formats such as '​Numeric'​ are also acceptable but might require a custom trap handler.
Line 56: Line 56:
   - SNMPTrapperFile=[TRAP FILE]   - SNMPTrapperFile=[TRAP FILE]
  
 +<note warning>​If systemd parameter **[[http://​www.freedesktop.org/​software/​systemd/​man/​systemd.exec.html#​PrivateTmp=|PrivateTmp]]** is used, this file is unlikely to work in ///​tmp//​.</​note>​
 == Configuring SNMPTT == == Configuring SNMPTT ==
  
Line 62: Line 63:
 <note tip>For the best performance,​ SNMPTT should be configured as a daemon using **snmptthandler-embedded** to pass the traps to it. See instructions for configuring SNMPTT in its homepage:\\ [[http://​snmptt.sourceforge.net/​docs/​snmptt.shtml]]</​note>​ <note tip>For the best performance,​ SNMPTT should be configured as a daemon using **snmptthandler-embedded** to pass the traps to it. See instructions for configuring SNMPTT in its homepage:\\ [[http://​snmptt.sourceforge.net/​docs/​snmptt.shtml]]</​note>​
  
-When SNMPTT is configured to receive the traps, configure ​SNMPTT to log the traps:+When SNMPTT is configured to receive the traps, configure ​''​snmptt.ini'':​ 
 +  - enable the use of the Perl module from the NET-SNMP package:\\ net_snmp_perl_enable = 1
   - log traps to the trap file which will be read by Zabbix:\\ log_enable = 1\\ log_file = [TRAP FILE]   - log traps to the trap file which will be read by Zabbix:\\ log_enable = 1\\ log_file = [TRAP FILE]
   - set the date-time format:\\ date_time_format = %H:%M:%S %Y/%m/%d = [DATE TIME FORMAT]   - set the date-time format:\\ date_time_format = %H:%M:%S %Y/%m/%d = [DATE TIME FORMAT]
 +
 +<note warning>​The net-snmp-perl package has been removed in RHEL/CentOS 8.</​note>​
 +
 Now format the traps for Zabbix to recognise them (edit snmptt.conf):​ Now format the traps for Zabbix to recognise them (edit snmptt.conf):​
   - Each FORMAT statement should start with "​ZBXTRAP [address]",​ where [address] will be compared to IP and DNS addresses of SNMP interfaces on Zabbix. E.g.:\\ EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "​Status Events"​ Normal\\ FORMAT ZBXTRAP $aA Device reinitialized (coldStart)   - Each FORMAT statement should start with "​ZBXTRAP [address]",​ where [address] will be compared to IP and DNS addresses of SNMP interfaces on Zabbix. E.g.:\\ EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "​Status Events"​ Normal\\ FORMAT ZBXTRAP $aA Device reinitialized (coldStart)
Line 79: Line 84:
   Regexp modifier "/​l"​ may not appear twice at (eval 2) line 1, at end of line   Regexp modifier "/​l"​ may not appear twice at (eval 2) line 1, at end of line
 </​note>​ </​note>​
 +
 +<note warning>​net-snmp agent does not support AES256 with SNMPv3/​USM.</​note>​
 == SNMP trap format == == SNMP trap format ==
 All customised perl trap receivers and SNMPTT trap configuration must format the trap in the following way: All customised perl trap receivers and SNMPTT trap configuration must format the trap in the following way:
Line 89: Line 96:
  
 === - System requirements === === - System requirements ===
 +
 +== Large file support ==
 +
 +Zabbix has "Large file support"​ for SNMP trapper files. The maximum file size that Zabbix can read is 2^63 (8 EiB). Note that the filesystem may impose a lower limit on the file size.
  
 == Log rotation == == Log rotation ==
Line 97: Line 108:
   - The new data are parsed. If this was the rotated file, the file is closed and goes back to step 2.   - The new data are parsed. If this was the rotated file, the file is closed and goes back to step 2.
   - If there was no new data, Zabbix sleeps for 1 second and goes back to step 2.   - If there was no new data, Zabbix sleeps for 1 second and goes back to step 2.
- 
-<note important>​The maximum log file size supported by Zabbix is 2 gigabytes. The log file must be rotated before reaching this limit.</​note>​ 
  
 == File system == == File system ==
Line 107: Line 116:
   - **zabbix_server.conf** - configure Zabbix to start SNMP trapper and set the trap file:\\ StartSNMPTrapper=1\\ SNMPTrapperFile=/​tmp/​my_zabbix_traps.tmp   - **zabbix_server.conf** - configure Zabbix to start SNMP trapper and set the trap file:\\ StartSNMPTrapper=1\\ SNMPTrapperFile=/​tmp/​my_zabbix_traps.tmp
   - **snmptrapd.conf** - add SNMPTT as the trap handler:\\ traphandle default snmptt   - **snmptrapd.conf** - add SNMPTT as the trap handler:\\ traphandle default snmptt
-  - **snmptt.ini** - configure output file and time format:\\ log_file = /​tmp/​my_zabbix_traps.tmp\\ date_time_format = %H:%M:%S %Y/%m/%d+  - **snmptt.ini** -\\ enable the use of the Perl module from the NET-SNMP package:\\ net_snmp_perl_enable = 1\\ configure output file and time format:\\ log_file = /​tmp/​my_zabbix_traps.tmp\\ date_time_format = %H:%M:%S %Y/%m/%d
   - **snmptt.conf** - define a default trap format: \\ EVENT general .* %%"​General event"​%% Normal\\ FORMAT ZBXTRAP $aA $ar   - **snmptt.conf** - define a default trap format: \\ EVENT general .* %%"​General event"​%% Normal\\ FORMAT ZBXTRAP $aA $ar
   - Create an SNMP item TEST:\\ Host's SNMP interface IP: 127.0.0.1\\ Key: %%snmptrap["​General"​]%%\\ Log time format: hh:mm:ss yyyy/MM/dd   - Create an SNMP item TEST:\\ Host's SNMP interface IP: 127.0.0.1\\ Key: %%snmptrap["​General"​]%%\\ Log time format: hh:mm:ss yyyy/MM/dd
 This results in: This results in:
-  - Command used to send a trap:\\ snmptrap -v 1 -c public 127.0.0.1 '​.1.3.6.1.6.3.1.1.5.3'​ '​0.0.0.0'​ 6 33 '​55'​ .1.3.6.1.6.3.1.1.5.3 ​ s "​teststring000"​+  - Command used to send a trap:\\ snmptrap -v 1 -c public 127.0.0.1 '​.1.3.6.1.6.3.1.1.5.3'​ '​0.0.0.0'​ 6 33 '​55'​ .1.3.6.1.6.3.1.1.5.3 ​ s <​nowiki>​"​teststring000"​</​nowiki>​
   - The received trap:\\ 15:48:18 2011/07/26 .1.3.6.1.6.3.1.1.5.3.0.33 Normal %%"​General event"​%% localhost - ZBXTRAP 127.0.0.1 127.0.0.1   - The received trap:\\ 15:48:18 2011/07/26 .1.3.6.1.6.3.1.1.5.3.0.33 Normal %%"​General event"​%% localhost - ZBXTRAP 127.0.0.1 127.0.0.1
   - Value for item TEST:\\ 15:48:18 2011/07/26 .1.3.6.1.6.3.1.1.5.3.0.33 Normal %%"​General event"​%% localhost - 127.0.0.1   - Value for item TEST:\\ 15:48:18 2011/07/26 .1.3.6.1.6.3.1.1.5.3.0.33 Normal %%"​General event"​%% localhost - 127.0.0.1
 <note tip>This simple example uses SNMPTT as **traphandle**. For better performance on production systems, use embedded Perl to pass traps from snmptrapd to SNMPTT or directly to Zabbix.</​note>​ <note tip>This simple example uses SNMPTT as **traphandle**. For better performance on production systems, use embedded Perl to pass traps from snmptrapd to SNMPTT or directly to Zabbix.</​note>​
  
 +=== - See also ===
 +
 +  * [[https://​blog.zabbix.com/​snmp-traps-in-zabbix|Zabbix blog article on SNMP traps]]
 +  * [[https://​www.zabbix.org/​wiki/​Start_with_SNMP_traps_in_Zabbix|CentOS based SNMP trap tutorial on zabbix.org]]