manual:config:items:itemtypes:snmptrap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:config:items:itemtypes:snmptrap [2016/09/28 07:26]
127.0.0.1 external edit
manual:config:items:itemtypes:snmptrap [2021/01/28 15:46] (current)
Line 1: Line 1:
-==== - #3 SNMP traps ====+==== 3 SNMP traps ====
  
 === Overview === === Overview ===
Line 63: Line 63:
 <note tip>For the best performance,​ SNMPTT should be configured as a daemon using **snmptthandler-embedded** to pass the traps to it. See instructions for configuring SNMPTT in its homepage:\\ [[http://​snmptt.sourceforge.net/​docs/​snmptt.shtml]]</​note>​ <note tip>For the best performance,​ SNMPTT should be configured as a daemon using **snmptthandler-embedded** to pass the traps to it. See instructions for configuring SNMPTT in its homepage:\\ [[http://​snmptt.sourceforge.net/​docs/​snmptt.shtml]]</​note>​
  
-When SNMPTT is configured to receive the traps, configure ​SNMPTT to log the traps:+When SNMPTT is configured to receive the traps, configure ​''​snmptt.ini'':​ 
 +  - enable the use of the Perl module from the NET-SNMP package:\\ net_snmp_perl_enable = 1
   - log traps to the trap file which will be read by Zabbix:\\ log_enable = 1\\ log_file = [TRAP FILE]   - log traps to the trap file which will be read by Zabbix:\\ log_enable = 1\\ log_file = [TRAP FILE]
   - set the date-time format:\\ date_time_format = %H:%M:%S %Y/%m/%d = [DATE TIME FORMAT]   - set the date-time format:\\ date_time_format = %H:%M:%S %Y/%m/%d = [DATE TIME FORMAT]
-Now format the traps for Zabbix to recognise ​them (edit snmptt.conf):​+ 
 +<note warning>​The %%"​%%net-snmp-perl%%"​%% package has been removed in RHEL/CentOS 8.0-8.2; re-added in RHEL 8.3. For more information,​ see the [[:​manual/​installation/​known_issues#​snmp_traps|known issues]].</​note>​ 
 + 
 +Now format the traps for Zabbix to recognize ​them (edit snmptt.conf):​
   - Each FORMAT statement should start with "​ZBXTRAP [address]",​ where [address] will be compared to IP and DNS addresses of SNMP interfaces on Zabbix. E.g.:\\ EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "​Status Events"​ Normal\\ FORMAT ZBXTRAP $aA Device reinitialized (coldStart)   - Each FORMAT statement should start with "​ZBXTRAP [address]",​ where [address] will be compared to IP and DNS addresses of SNMP interfaces on Zabbix. E.g.:\\ EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "​Status Events"​ Normal\\ FORMAT ZBXTRAP $aA Device reinitialized (coldStart)
   - See more about SNMP trap format below.   - See more about SNMP trap format below.
-<note important>​Do not use unknown traps - Zabbix will not be able to recognise ​them. Unknown traps can be handled by defining a general event in snmptt.conf:​\\ EVENT general .* "​General event" Normal</​note>​+<note important>​Do not use unknown traps - Zabbix will not be able to recognize ​them. Unknown traps can be handled by defining a general event in snmptt.conf:​\\ EVENT general .* "​General event" Normal</​note>​
  
 == Configuring Perl trap receiver == == Configuring Perl trap receiver ==
Line 80: Line 84:
   Regexp modifier "/​l"​ may not appear twice at (eval 2) line 1, at end of line   Regexp modifier "/​l"​ may not appear twice at (eval 2) line 1, at end of line
 </​note>​ </​note>​
 +
 +<note warning>​net-snmp agent does not support AES256 with SNMPv3/​USM.</​note>​
 == SNMP trap format == == SNMP trap format ==
-All customised ​perl trap receivers and SNMPTT trap configuration must format the trap in the following way:+All customized ​perl trap receivers and SNMPTT trap configuration must format the trap in the following way:
 **[timestamp] [the trap, part 1] ZBXTRAP [address] [the trap, part 2]**, where **[timestamp] [the trap, part 1] ZBXTRAP [address] [the trap, part 2]**, where
   * [timestamp] - timestamp used for log items   * [timestamp] - timestamp used for log items
Line 90: Line 96:
  
 === - System requirements === === - System requirements ===
 +
 +== Large file support ==
 +
 +Zabbix has "Large file support"​ for SNMP trapper files. The maximum file size that Zabbix can read is 2^63 (8 EiB). Note that the filesystem may impose a lower limit on the file size.
  
 == Log rotation == == Log rotation ==
Line 98: Line 108:
   - The new data are parsed. If this was the rotated file, the file is closed and goes back to step 2.   - The new data are parsed. If this was the rotated file, the file is closed and goes back to step 2.
   - If there was no new data, Zabbix sleeps for 1 second and goes back to step 2.   - If there was no new data, Zabbix sleeps for 1 second and goes back to step 2.
- 
-<note important>​The maximum log file size supported by Zabbix is 2 gigabytes. The log file must be rotated before reaching this limit.</​note>​ 
  
 == File system == == File system ==
Line 108: Line 116:
   - **zabbix_server.conf** - configure Zabbix to start SNMP trapper and set the trap file:\\ StartSNMPTrapper=1\\ SNMPTrapperFile=/​tmp/​my_zabbix_traps.tmp   - **zabbix_server.conf** - configure Zabbix to start SNMP trapper and set the trap file:\\ StartSNMPTrapper=1\\ SNMPTrapperFile=/​tmp/​my_zabbix_traps.tmp
   - **snmptrapd.conf** - add SNMPTT as the trap handler:\\ traphandle default snmptt   - **snmptrapd.conf** - add SNMPTT as the trap handler:\\ traphandle default snmptt
-  - **snmptt.ini** - configure output file and time format:\\ log_file = /​tmp/​my_zabbix_traps.tmp\\ date_time_format = %H:%M:%S %Y/%m/%d+  - **snmptt.ini** -\\ enable the use of the Perl module from the NET-SNMP package:\\ net_snmp_perl_enable = 1\\ configure output file and time format:\\ log_file = /​tmp/​my_zabbix_traps.tmp\\ date_time_format = %H:%M:%S %Y/%m/%d
   - **snmptt.conf** - define a default trap format: \\ EVENT general .* %%"​General event"​%% Normal\\ FORMAT ZBXTRAP $aA $ar   - **snmptt.conf** - define a default trap format: \\ EVENT general .* %%"​General event"​%% Normal\\ FORMAT ZBXTRAP $aA $ar
   - Create an SNMP item TEST:\\ Host's SNMP interface IP: 127.0.0.1\\ Key: %%snmptrap["​General"​]%%\\ Log time format: hh:mm:ss yyyy/MM/dd   - Create an SNMP item TEST:\\ Host's SNMP interface IP: 127.0.0.1\\ Key: %%snmptrap["​General"​]%%\\ Log time format: hh:mm:ss yyyy/MM/dd
Line 119: Line 127:
 === - See also === === - See also ===
  
 +  * [[https://​blog.zabbix.com/​snmp-traps-in-zabbix|Zabbix blog article on SNMP traps]]
   * [[https://​www.zabbix.org/​wiki/​Start_with_SNMP_traps_in_Zabbix|CentOS based SNMP trap tutorial on zabbix.org]]   * [[https://​www.zabbix.org/​wiki/​Start_with_SNMP_traps_in_Zabbix|CentOS based SNMP trap tutorial on zabbix.org]]