Documentation

You are viewing documentation for the development version, it may be incomplete.
Join our translation project and help translate Zabbix documentation into your native language.
1 Manual structure
2 What is Zabbix
3 Zabbix features
4 Zabbix overview
5 What's new in Zabbix 8.0.0
6 What's new in Zabbix 8.0.x
2 Definitions
1 High availability
2 Agent
3 Agent 2
4 Proxy
1 Setup from sources
2 Setup from RHEL packages
3 Setup from Debian/Ubuntu packages
6 Sender
7 Get
8 JS
9 Web service
1 Getting Zabbix
2 Requirements
1 Building Zabbix agent on Windows
2 Building Zabbix agent 2 on Windows
3 Building Zabbix agent on macOS
1 Red Hat Enterprise Linux and derivatives
2 Debian/Ubuntu/Raspbian
3 SUSE Linux Enterprise Server
4 Windows agent installation from MSI
5 Mac OS agent installation from PKG
6 Unstable releases
5 Installation from containers
6 Web interface installation
1 Upgrade from sources
1 Red Hat Enterprise Linux
2 Debian/Ubuntu
3 Upgrade from containers
1 Compilation issues
2 Escaping-related upgrade issues
9 Template changes
10 Upgrade notes for 8.0.0
11 Upgrade notes for 8.0.x
1 Login and configuring user
2 New host
3 New item
4 New trigger
5 Receiving problem notification
6 New template
6 Zabbix appliance
1 Host Wizard
2 Configuring a host
3 Configuring a host group
4 Inventory
5 Mass update
1 Item key format
2 Custom intervals
1 Preprocessing testing
2 Preprocessing details
3 Preprocessing examples
1 Escaping special characters from LLD macro values in JSONPath
1 Additional JavaScript objects
2 Browser item JavaScript objects
6 CSV to JSON preprocessing
1 Zabbix agent 2
2 Windows Zabbix agent
1 Dynamic indexes
2 Special OIDs
3 MIB files
3 SNMP traps
4 IPMI checks
1 VMware monitoring item keys
6 Log file monitoring
1 Aggregate calculations
8 Internal checks
9 SSH checks
10 Telnet checks
11 External checks
12 Trapper items
13 JMX monitoring
14 ODBC monitoring
15 Dependent items
16 HTTP agent
17 Prometheus checks
18 Script items
19 Browser items
4 History and trends
1 Extending Zabbix agents
6 Windows performance counters
7 Mass update
8 Value mapping
9 Queue
10 Value cache
11 Execute now
12 Restricting agent checks
1 Configuring a trigger
2 Trigger expression
3 Trigger dependencies
4 Trigger severity
5 Customizing trigger severities
6 Mass update
7 Predictive trigger functions
1 Trigger event generation
2 Other event sources
3 Manual closing of problems
1 Trigger-based event correlation
2 Global event correlation
6 Tagging
1 Simple graphs
2 Custom graphs
3 Ad-hoc graphs
4 Aggregation in graphs
1 Configuring a network map
2 Host group elements
3 Link indicators
3 Dashboards
1 Configuring a template
2 Configuring a template group
3 Linking/unlinking
4 Nesting
5 Mass update
1 Zabbix agent template operation
2 Zabbix agent 2 template operation
3 HTTP template operation
4 IPMI template operation
5 JMX template operation
6 ODBC template operation
7 Standardized templates for network devices
8 VMware template operation
1 Automated Gmail/Office365 media types
2 SMS
3 Custom alert scripts
1 Webhook script examples
1 Conditions
1 Sending message
2 Remote commands
3 Additional operations
4 Using macros in messages
3 Recovery operations
4 Update operations
5 Escalations
3 Receiving notification on unsupported items
1 Macro functions
2 User macros
3 User macros with context
4 Secret user macros
5 Low-level discovery macros
6 Expression macros
1 Configuring a user
2 Permissions
3 User groups
1 CyberArk configuration
2 HashiCorp configuration
14 Scheduled reports
1 Export to files
2 Streaming to external systems
3 SNMP gateway
1 Service tree
2 SLA
3 Setup example
1 Web monitoring items
2 Real-life scenario
1 VMware monitoring item keys
2 Virtual machine discovery key fields
3 JSON examples for VMware items
4 VMware monitoring setup example
11 Maintenance
12 Regular expressions
1 Problem suppression
1 Template groups
2 Host groups
3 Templates
4 Hosts
5 Network maps
6 Media types
1 Configuring a network discovery rule
2 Active agent autoregistration
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
6 Notes on low-level discovery
1 Discovery of mounted filesystems
2 Discovery of network interfaces
3 Discovery of CPUs and CPU cores
4 Discovery of SNMP OIDs
5 Discovery of SNMP OIDs (legacy)
6 Discovery of JMX objects
7 Discovery of IPMI sensors
8 Discovery of systemd services
9 Discovery of Windows services
10 Discovery of Windows performance counter instances
11 Discovery using WMI queries
12 Discovery using ODBC SQL queries
13 Discovery using Prometheus data
14 Discovery of block devices
15 Discovery of host interfaces in Zabbix
8 Custom LLD rules
1 Synchronization of monitoring configuration
2 Proxy load balancing and high availability
1 Using certificates
2 Using pre-shared keys
1 Connection type or permission problems
2 Certificate problems
3 PSK problems
1 Event menu
2 Host menu
3 Item menu
1 Action log
2 Clock
3 Discovery status
4 Favorite graphs
5 Favorite maps
6 Gauge
7 Geomap
8 Graph
9 Graph (classic)
10 Graph prototype
11 Honeycomb
12 Host availability
13 Host card
14 Host navigator
15 Item card
16 Item history
17 Item navigator
18 Item value
19 Map
20 Map navigation tree
21 Pie chart
22 Problem hosts
23 Problems
24 Problems by severity
25 SLA report
26 System information
27 Top hosts
28 Top items
29 Top triggers
30 Trigger overview
31 URL
32 Web monitoring
1 Cause and symptom problems
1 Graphs
2 Host dashboards
3 Web scenarios
3 Latest data
4 Maps
5 Discovery
1 Services
2 SLA
3 SLA report
1 Overview
2 Hosts
1 System information
2 Scheduled reports
3 Availability report
4 Top 100 triggers
5 Audit log
6 Action log
7 Notifications
1 Template groups
2 Host groups
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
5 Web scenarios
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
5 Web scenarios
5 Maintenance
6 Event correlation
7 Discovery
1 Actions
2 Media types
3 Scripts
1 User groups
2 User roles
3 Users
4 API tokens
1 HTTP
2 LDAP
3 SAML
4 MFA
1 General
2 Audit log
3 Housekeeping
4 Proxies
5 Proxy groups
6 Macros
7 Queue
1 Global notifications
2 Sound in browsers
4 Global search
5 Frontend maintenance mode
6 Page parameters
7 Definitions
8 Creating your own theme
9 Debug mode
10 Cookies used by Zabbix
11 Time zones
12 Resetting password
13 Time period selector
1 Securing MySQL/MariaDB
2 Securing PostgreSQL/TimescaleDB
2 Cryptography
3 Web server
2 Configuration best practices
Action object
action.create
action.delete
action.get
action.update
Alert object
alert.get
apiinfo.version
Audit log object
auditlog.get
Authentication object
authentication.get
authentication.update
Autoregistration object
autoregistration.get
autoregistration.update
configuration.export
configuration.import
configuration.importcompare
Connector object
connector.create
connector.delete
connector.get
connector.update
Correlation object
correlation.create
correlation.delete
correlation.get
correlation.update
Dashboard object
dashboard.create
dashboard.delete
dashboard.get
dashboard.update
1 Action log
2 Clock
3 Discovery status
4 Favorite graphs
5 Favorite maps
6 Gauge
7 Geomap
8 Graph
9 Graph (classic)
10 Graph prototype
11 Honeycomb
12 Host availability
13 Host card
14 Host navigator
15 Item card
16 Item history
17 Item navigator
18 Item value
19 Map
20 Map navigation tree
21 Pie chart
22 Problem hosts
23 Problems
24 Problems by severity
25 SLA report
26 System information
27 Top hosts
28 Top items
29 Top triggers
30 Trigger overview
31 URL
32 Web monitoring
Discovered host object
dhost.get
Discovered service object
dservice.get
Discovery check object
dcheck.get
Discovery rule object
drule.create
drule.delete
drule.get
drule.update
Event object
event.acknowledge
event.get
Graph object
graph.create
graph.delete
graph.get
graph.update
Graph item object
graphitem.get
Graph prototype object
graphprototype.create
graphprototype.delete
graphprototype.get
graphprototype.update
High availability node object
hanode.get
History object
history.clear
history.get
history.push
Host object
host.create
host.delete
host.get
host.massadd
host.massremove
host.massupdate
host.update
Host group object
hostgroup.create
hostgroup.delete
hostgroup.get
hostgroup.massadd
hostgroup.massremove
hostgroup.massupdate
hostgroup.propagate
hostgroup.update
Host interface object
hostinterface.create
hostinterface.delete
hostinterface.get
hostinterface.massadd
hostinterface.massremove
hostinterface.replacehostinterfaces
hostinterface.update
Host prototype object
hostprototype.create
hostprototype.delete
hostprototype.get
hostprototype.update
Housekeeping object
housekeeping.get
housekeeping.update
Icon map object
iconmap.create
iconmap.delete
iconmap.get
iconmap.update
Image object
image.create
image.delete
image.get
image.update
Item object
item.create
item.delete
item.get
item.update
Item prototype object
itemprototype.create
itemprototype.delete
itemprototype.get
itemprototype.update
LLD rule object
discoveryrule.create
discoveryrule.delete
discoveryrule.get
discoveryrule.update
LLD rule prototype object
discoveryruleprototype.create
discoveryruleprototype.delete
discoveryruleprototype.get
discoveryruleprototype.update
Maintenance object
maintenance.create
maintenance.delete
maintenance.get
maintenance.update
Map object
map.create
map.delete
map.get
map.update
Media type object
mediatype.create
mediatype.delete
mediatype.get
mediatype.update
MFA object
mfa.create
mfa.delete
mfa.get
mfa.update
Module object
module.create
module.delete
module.get
module.update
Problem object
problem.get
Proxy object
proxy.create
proxy.delete
proxy.get
proxy.update
Proxy group object
proxygroup.create
proxygroup.delete
proxygroup.get
proxygroup.update
Regular expression object
regexp.create
regexp.delete
regexp.get
regexp.update
Report object
report.create
report.delete
report.get
report.update
Role object
role.create
role.delete
role.get
role.update
Script object
script.create
script.delete
script.execute
script.get
script.getscriptsbyevents
script.getscriptsbyhosts
script.update
Service object
service.create
service.delete
service.get
service.update
Settings object
settings.get
settings.update
SLA object
sla.create
sla.delete
sla.get
sla.getsli
sla.update
Task object
task.create
task.get
Template object
template.create
template.delete
template.get
template.massadd
template.massremove
template.massupdate
template.update
Template dashboard object
templatedashboard.create
templatedashboard.delete
templatedashboard.get
templatedashboard.update
Template group object
templategroup.create
templategroup.delete
templategroup.get
templategroup.massadd
templategroup.massremove
templategroup.massupdate
templategroup.propagate
templategroup.update
Token object
token.create
token.delete
token.generate
token.get
token.update
Trend object
trend.get
Trigger object
trigger.create
trigger.delete
trigger.get
trigger.update
Trigger prototype object
triggerprototype.create
triggerprototype.delete
triggerprototype.get
triggerprototype.update
User object
user.checkAuthentication
user.create
user.delete
user.get
user.login
user.logout
user.provision
user.resettotp
user.unblock
user.update
User directory object
userdirectory.create
userdirectory.delete
userdirectory.get
userdirectory.test
userdirectory.update
User group object
usergroup.create
usergroup.delete
usergroup.get
usergroup.update
User macro object
usermacro.create
usermacro.createglobal
usermacro.delete
usermacro.deleteglobal
usermacro.get
usermacro.update
usermacro.updateglobal
Value map object
valuemap.create
valuemap.delete
valuemap.get
valuemap.update
Web scenario object
httptest.create
httptest.delete
httptest.get
httptest.update
Appendix 1. Reference commentary
Appendix 2. Changes from 7.4 to 8.0
Appendix 3. Changes in 8.0
1 Loadable modules
1 Building loadable plugins
3 Frontend modules
1 Database creation
2 Repairing Zabbix database character set and collation
3 Database upgrade to primary keys
4 Preparing auditlog table for partitioning
1 MySQL encryption configuration
2 PostgreSQL encryption configuration
6 Secure connection to the frontend
7 TimescaleDB setup
8 Elasticsearch setup
9 Distribution-specific notes on setting up Nginx for Zabbix
10 Running agent as root
11 Zabbix agent on Microsoft Windows
12 SAML setup with Microsoft Entra ID
13 SAML setup with Okta
14 SAML setup with OneLogin
15 Setting up scheduled reports
16 Additional frontend languages
1 Zabbix server
2 Zabbix proxy
3 Zabbix agent (UNIX)
4 Zabbix agent 2 (UNIX)
5 Zabbix agent (Windows)
6 Zabbix agent 2 (Windows)
1 Ceph plugin
2 Docker plugin
3 Ember+ plugin
4 Memcached plugin
5 Modbus plugin
6 MongoDB plugin
7 MQTT plugin
8 MSSQL plugin
9 MySQL plugin
10 NVIDIA GPU plugin
11 Oracle plugin
12 PostgreSQL plugin
13 Redis plugin
14 SMART plugin
8 Zabbix Java gateway
9 Zabbix web service
10 Environment variables
11 Inclusion
1 Server-proxy data exchange protocol
2 Zabbix agent/agent2 protocol
4 Zabbix agent 2 plugin protocol
5 Zabbix sender protocol
6 Header
7 Newline-delimited JSON export protocol
1 vm.memory.size parameters
2 Passive and active agent checks
3 Minimum permission level for Windows agent items
4 Encoding of returned values
5 Large file support
6 Sensor
7 Notes on memtype parameter in proc.mem items
8 Notes on selecting processes in proc.mem and proc.num items
9 Implementation details of net.tcp.service and net.udp.service checks
10 proc.get parameters
11 Unreachable/unavailable host interface settings
12 Remote monitoring of Zabbix stats
13 Configuring Kerberos with Zabbix
14 modbus.get parameters
15 Creating custom performance counter names for VMware
16 Return values for system.sw.packages.get
17 Return values for net.dns.get
18 Notes on system.cpu.util items on Windows
1 Foreach functions
2 Bitwise functions
3 Date and time functions
4 History functions
5 Trend functions
6 Mathematical functions
7 Operator functions
8 Predictive functions
9 String functions
1 Macros supported by location
2 User macros supported by location
7 Unit symbols
8 Time period syntax
9 Command execution
10 Version compatibility
12 Zabbix sender dynamic link library for Windows
13 Python library for Zabbix API
14 Service monitoring upgrade
15 Other issues
16 Agent vs agent 2 comparison
17 Escaping examples
1 Monitor Linux with Zabbix agent
2 Monitor Windows with Zabbix agent
3 Monitor Apache via HTTP
4 Monitor MySQL with Zabbix agent 2
5 Monitor VMware with Zabbix
6 Monitor network traffic with Zabbix
7 Monitor network traffic using active checks
8 Monitor websites with Browser items
9 Monitor website certificates with Zabbix agent 2 (passive)
10 Monitor a network switch or router with Zabbix
11 Monitor Windows event log using active checks
manifest.json
Actions
Views
Assets
Register a new module
Configuration
Presentation
Create a module (tutorial)
Create a widget (tutorial)
Examples
Examples
Create a plugin (tutorial)
Plugin interfaces
Changes to extension development
zabbix_agent2
zabbix_agentd
zabbix_get
zabbix_js
zabbix_proxy
zabbix_sender
zabbix_server
zabbix_web_service

3 SNMP traps

Overview

Receiving SNMP traps is the opposite to querying SNMP-enabled devices.

In this case, the information is sent from an SNMP-enabled device to snmptrapd and is collected or "trapped" by Zabbix server or Zabbix proxy from file.

Usually, traps are sent upon some condition change and the agent connects to the server on port 162 (as opposed to port 161 on the agent side that is used for queries). Using traps may detect some short problems that occur amidst the query interval and may be missed by the query data.

Receiving SNMP traps in Zabbix is designed to work with snmptrapd and one of the mechanisms for passing the traps to Zabbix - either a Bash or Perl script or SNMPTT.

The simplest way to set up trap monitoring after configuring Zabbix is to use the Bash script solution, because Perl and SNMPTT are often missing in modern distributions and require more complex configuration. However, this solution uses a script configured as traphandle. For better performance on production systems, use the embedded Perl solution (either script with do perl option or SNMPTT).

The workflow of receiving a trap:

  1. snmptrapd receives a trap
  2. snmptrapd passes the trap to the receiver script (Bash, Perl) or SNMPTT
  3. The receiver parses, formats and writes the trap to a file
  4. Zabbix SNMP trapper reads and parses the trap file
  5. For each trap Zabbix finds all "SNMP trapper" items with host interfaces matching the received trap address. Note that only the selected "IP" or "DNS" in host interface is used during the matching.
  6. For each found item, the trap is compared to regexp in snmptrap[regexp]. The trap is set as the value of all matched items. If no matching item is found and there is an snmptrap.fallback item, the trap is set as the value of that.
  7. If the trap was not set as the value of any item, Zabbix by default logs the unmatched trap. (This is configured by "Log unmatched SNMP traps" in Administration > General > Other.)
Notes on HA failover

During high-availability (HA) node switch, Zabbix will continue processing after the last record within the last ISO 8601 timestamp; if the same record is not found then only the timestamp will be used to identify last position.

Configuring SNMP traps

This item type requires the following frontend configuration.

1. Create an SNMP interface for your host

  • In Data collection > Hosts, create/edit the host, and in the Interfaces field, add the interface type "SNMP", specifying the IP or DNS address.

    The address from each received trap will be compared to the IP and DNS addresses of all SNMP interfaces to find the corresponding hosts.

2. Configure the item

  • In Data collection > Hosts, create/edit the necessary item.
  • In the Key field, use one of the SNMP trap keys:
Key
Description Return value Comments
snmptrap[regexp]
Catches all SNMP traps that match the regular expression specified in regexp. If regexp is unspecified, catches any trap. SNMP trap This item can be set only for SNMP interfaces.
User macros and global regular expressions are supported in the parameter of this item key.
snmptrap.fallback
Catches all SNMP traps that were not caught by any of the snmptrap[] items for that interface. SNMP trap This item can be set only for SNMP interfaces.

Multiline regular expression matching is not supported at this time.

  • Set the Type of information to "Log" for the timestamps to be parsed. Other formats such as "Numeric" are also acceptable but might require a custom trap handler.

Setting up SNMP trap monitoring

Configuring Zabbix server/proxy

To read the traps, Zabbix server or proxy must be configured to start the SNMP trapper process and point to the trap file that is being written by SNMPTT or a Bash/Perl trap receiver. To do that, edit the configuration file (zabbix_server.conf or zabbix_proxy.conf):

StartSNMPTrapper=1
       SNMPTrapperFile=[TRAP FILE]

If systemd parameter PrivateTmp is used, this file is unlikely to work in /tmp.

Configuring Bash trap receiver

Requirements: only snmptrapd.

A Bash trap receiver script can be used to pass traps to Zabbix server from snmptrapd using trapper file. To configure it, add the traphandle option to snmptrapd configuration file (snmptrapd.conf), see example.

snmptrapd might need to be restarted to pick up changes to its configuration.

Configuring Perl trap receiver

Requirements: Perl, Net-SNMP compiled with --enable-embedded-perl (done by default since Net-SNMP 5.4)

A Perl trap receiver (look for misc/snmptrap/zabbix_trap_receiver.pl) can be used to pass traps to Zabbix server directly from snmptrapd. To configure it:

  • add the Perl script to the snmptrapd configuration file (snmptrapd.conf), e.g.:
perl do "[FULL PATH TO PERL RECEIVER SCRIPT]";
  • configure the receiver, e.g:
$SNMPTrapperFile = '[TRAP FILE]';
       $DateTimeFormat = '[DATE TIME FORMAT]';

snmptrapd might need to be restarted to pick up changes to its configuration.

If the script name is not quoted, snmptrapd will refuse to start up with messages, similar to these:

Regexp modifiers "/l" and "/a" are mutually exclusive at (eval 2) line 1, at end of line
       Regexp modifier "/l" may not appear twice at (eval 2) line 1, at end of line
Configuring SNMPTT

At first, snmptrapd should be configured to use SNMPTT.

For the best performance, SNMPTT should be configured as a daemon using snmptthandler-embedded to pass the traps to it. See instructions for configuring SNMPTT.

When SNMPTT is configured to receive the traps, configure snmptt.ini:

  1. enable the use of the Perl module from the NET-SNMP package:
net_snmp_perl_enable = 1
  1. log traps to the trap file which will be read by Zabbix:
log_enable = 1
       log_file = [TRAP FILE]
  1. set the date-time format:
date_time_format = %Y-%m-%dT%H:%M:%S%z

The "net-snmp-perl" package has been removed in RHEL 8.0-8.2; re-added in RHEL 8.3. For more information, see the known issues.

Now format the traps for Zabbix to recognize them (edit snmptt.conf):

  1. Each FORMAT statement should start with "ZBXTRAP [address]", where [address] will be compared to IP and DNS addresses of SNMP interfaces on Zabbix. E.g.:
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
       FORMAT ZBXTRAP $aA Device reinitialized (coldStart)
  1. See more about SNMP trap format below.

Do not use unknown traps - Zabbix will not be able to recognize them. Unknown traps can be handled by defining a general event in snmptt.conf:

EVENT general .* "General event" Normal
SNMP trap format

All customized Perl trap receivers and SNMPTT trap configuration must format the trap in the following way:

[timestamp] [the trap, part 1] ZBXTRAP [address] [the trap, part 2]

where

  • [timestamp] - the timestamp in "%Y-%m-%dT%H:%M:%S%z" format
  • ZBXTRAP - header that indicates that a new trap starts in this line
  • [address] - IP address used to find the host for this trap

Note that "ZBXTRAP" and "[address]" will be cut out from the message during processing. If the trap is formatted otherwise, Zabbix might parse the traps unexpectedly.

Example trap:

2024-01-11T15:28:47+0200 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" localhost - ZBXTRAP 192.168.1.1 Link down on interface 2. Admin state: 1. Operational state: 2

This will result in the following trap for SNMP interface with IP=192.168.1.1:

2024-01-11T15:28:47+0200 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events"
       localhost - Link down on interface 2. Admin state: 1. Operational state: 2

System requirements

It is recommended to install MIB files to ensure that item values are displayed in the correct format. Without the MIB files, formatting issues, such as displaying values in HEX instead of UTF-8 or vice versa, may occur.

Large file support

Zabbix has large file support for SNMP trapper files. The maximum file size that Zabbix can read is 2^63 (8 EiB). Note that the filesystem may impose a lower limit on the file size.

Log rotation

Zabbix does not provide any log rotation system - that should be handled by the user. The log rotation should first rename the old file and only later delete it so that no traps are lost:

  1. Zabbix opens the trap file at the last known location and goes to step 3
  2. Zabbix checks if the currently opened file has been rotated by comparing the inode number to the defined trap file's inode number. If there is no opened file, Zabbix resets the last location and goes to step 1.
  3. Zabbix reads the data from the currently opened file and sets the new location.
  4. The new data are parsed. If this was the rotated file, the file is closed and goes back to step 2.
  5. If there was no new data, Zabbix sleeps for 1 second and goes back to step 2.
File system

Because of the trap file implementation, Zabbix needs the file system to support inodes to differentiate files (the information is acquired by a stat() call).

Setup examples using different SNMP protocol versions

This example uses snmptrapd and a Bash receiver script to pass traps to Zabbix server.

Setup:

  1. Configure Zabbix to start SNMP trapper and set the trap file. Add to zabbix_server.conf:
StartSNMPTrapper=1
       SNMPTrapperFile=/var/lib/zabbix/snmptraps/snmptraps.log
  1. Download the Bash script to /usr/sbin/zabbix_trap_handler.sh:
curl -o /usr/sbin/zabbix_trap_handler.sh https://raw.githubusercontent.com/zabbix/zabbix-docker/trunk/Dockerfiles/snmptraps/alpine/conf/usr/sbin/zabbix_trap_handler.sh

If necessary, adjust the ZABBIX_TRAPS_FILE variable in the script. To use the default value, create the parent directory first:

mkdir -p /var/lib/zabbix/snmptraps
  1. Add the following to snmtrapd.conf (refer to working example)
traphandle default /bin/bash /usr/sbin/zabbix_trap_handler.sh

snmptrapd might need to be restarted to pick up changes to its configuration.

  1. Create an SNMP item TEST (keep in mind the initial configuration requirements):

    Type: SNMP trap
    Type of information: Log Host interface: SNMP 127.0.0.1
    Key: snmptrap["linkUp"]
    Log time format: yyyyMMdd.hhmmss

Note that the ISO 8601 date and time format is used.

  1. Next we will configure snmptrapd for our chosen SNMP protocol version and send test traps using the snmptrap utility.
SNMPv1, SNMPv2

SNMPv1 and SNMPv2 protocols rely on "community string" authentication. In the example below we will use "secret" as community string. It must be set to the same value on SNMP trap senders.

Please note that while still widely used in production environments, SNMPv2 doesn't offer any encryption and real sender authentication. The data is sent as plain text and therefore these protocol versions should only be used in secure environments such as private network and should never be used over any public or third-party network.

SNMP version 1 isn't really used these days since it doesn't support 64-bit counters and is considered a legacy protocol.

To enable accepting SNMPv1 or SNMPv2 traps you should add the following line to snmptrapd.conf. Replace "secret" with the SNMP community string configured on SNMP trap senders:

authCommunity log,execute,net secret

Next we can send a test trap using snmptrap. We will use the common "link up" OID in this example:

snmptrap -v 2c -c secret localhost '' linkUp.0
SNMPv3

SNMPv3 addresses SNMPv1/v2 security issues and provides authentication and encryption. You can use the MD5 or multiple SHA authentication methods and DES/multiple AES as cipher.

To enable accepting SNMPv3 add the following lines to snmptrapd.conf:

createUser -e 0x8000000001020304 traptest SHA mypassword AES
       authuser log,execute traptest

Please note the "execute" keyword that allows to execute scripts for this user security model.

snmptrap -v 3 -n "" -a SHA -A mypassword -x AES -X mypassword -l authPriv -u traptest -e 0x8000000001020304 localhost 0 linkUp.0

If you wish to use strong encryption methods such as AES192 or AES256, please use net-snmp starting with version 5.8. You might have to recompile it with configure option: --enable-blumenthal-aes. Older versions of net-snmp do not support AES192/AES256. See also: Strong Authentication or Encryption.

Verification

In both examples you will see similar lines in your /var/lib/zabbix/snmptraps/snmptraps.log:

2024-01-30T10:04:23+0200 ZBXTRAP 127.0.0.1
       UDP: [127.0.0.1]:56585->[127.0.0.1]:162
       DISMAN-EVENT-MIB::sysUpTimeInstance = 2538834
       SNMPv2-MIB::snmpTrapOID.0 = IF-MIB::linkUp.0

The item value in Zabbix will be:

2024-01-30 10:04:23 2024-01-30 10:04:21 
       
       2024-01-30T10:04:21+0200 UDP: [127.0.0.1]:56585->[127.0.0.1]:162
       DISMAN-EVENT-MIB::sysUpTimeInstance = 2538834
       SNMPv2-MIB::snmpTrapOID.0 = IF-MIB::linkUp.0

Example with Perl:

2024-01-30T11:42:54+0200 ZBXTRAP 127.0.0.1
       PDU INFO:
         receivedfrom                   UDP: [127.0.0.1]:58649->[127.0.0.1]:162
         notificationtype               TRAP
         version                        1
         community                      public
         errorstatus                    0
         transactionid                  1
         requestid                      2101882550
         messageid                      0
         errorindex                     0
       VARBINDS:
         DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (457671) 1:16:16.71
         SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: IF-MIB::linkUp.0

See also

© 2001-2025 by Zabbix SIA. All rights reserved.
Except where otherwise noted, Zabbix Documentation is licensed under the following license
Trademark Policy