Ad Widget

Collapse

SNMP V3 with TRAP

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • DamienL
    Junior Member
    • Jul 2020
    • 3
    #1

    SNMP V3 with TRAP

    Hello,

    We want to implement SNMP V3 trap to collect Nutanix traps.

    After some research i only found this thread for SNMP Traps with SNMP V3, only the info for snmptrapd file config : https://zabbix.org/wiki/SNMP_Traps_i...ix_with_SNMPv3

    Could someone has a full example to share for an implementation ?

    Thanks !

    Regards,

    Damien
    Tags: None
    • flamme_2
      Junior Member
      • Aug 2018
      • 7
      #2
      Hi DamienL

      I try to describe our SNMPv3 implementation on Zabbix 5.0.2 installed on CentOS 8.2.2004.

      Step 1 :
      Allow UDP 162 on your firewall

      Step 2 :
      On SSH zabbix-server or proxy, have these packages already installed :
      Code:
      dnf install epel-release perl-Net-SNMP net-snmp net-snmp-libs net-snmp-perl net-snmp-utils net-snmp-agent-libs
      Note : On CentOS 8, net-snmp-perl is not available in official repository. I have add this repo :
      Code:
      rpm -ivh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm
dnf makecache
dnf install net-snmp-perl
      Step 3 :
      Get "zabbix_trap_receiver.pl" file :
      - from Zabbix github :
      zabbix/misc/snmptrap/zabbix_trap_receiver.pl at e416e8a24120db593f373e76592d3fbbe7a306a3 · zabbix/zabbix
      https://github.com/zabbix/zabbix/tree/trunk/misc/snmptrap/zabbix_trap_receiver.pl
      Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud. - zabbix/zabbix

      - OR from Zabbix source in folder misc/snmptrap/zabbix_trap_receiver.pl

      Place "zabbix_trap_receiver.pl" in /usr/bin/zabbix_trap_receiver.pl

      If SELinux is enforcing mode, restore context :
      Code:
      restorecon /usr/bin/zabbix_trap_receiver.pl
      The owner:group file is root:root and must be executable
      Code:
      chown root:root /usr/bin/zabbix_trap_receiver.pl
chmod 755 /usr/bin/zabbix_trap_receiver.pl
      Step 4 :
      Edit /etc/zabbix/zabbix_server.conf, uncomment or add these lines :
      SNMPTrapperFile=/tmp/zabbix_traps.tmp
      StartSNMPTrapper=1
      Step 5 :
      Add or edit /etc/sysconfig/snmptrapd to get snmptrapd on numeric format. my file is currently :
      # snmptrapd command line options
      # '-f' is implicitly added by snmptrapd systemd unit file
      # OPTIONS="-Lsd"
      OPTIONS="-On"
      Step 6 :
      Get EngineID
      VERY IMPORTANT : For EACH device, you MUST configure "/etc/snmp/snmptrapd.conf" file by adding EngineID device and credential.

      Most of the time, by default remote device have already a UNIQUE EngineID already configured.
      But, sometime, device have no EngineID, or two devices have the same EngineID, when user have overwrite on devices.

      EngineID MUST be unique in your Zabbix configuration.

      How to obtain EngineID ?
      Depend of device, but often you can get by a simple SNMP query on this OID :
      1.3.6.1.6.3.10.2.1.1.0

      Example :
      Code:
      snmpwalk -v3 -l authPriv -u 'zabbix' -a SHA -A 'VeryLongP@$$w0rdForAuthKey' -x AES -X 'VeryLongP@$$w0rdForPrivKey' <IP of remote device> 1.3.6.1.6.3.10.2.1.1.0
      Command retourn :
      SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 xx xx xx xx
      xx xx xx xx xx xx xx
      Delete carriage return if present : 80 00 xx xx xx xx xx xx xx xx xx xx xx.

      Step 7 :
      Edit "/etc/snmp/snmptrapd.conf" file to add your device :

      At begin file, add line, like :
      Code:
      createUser -e <ENGINEID> <USER> SHA <AUTHKEY> AES <PRIVKEY>
      Where :
      <ENGINEID> : Is double quoted, begin by "0x" and is completed by step 6 result
      <USER> : WITHOUT any quote, user defined on device configuration
      <AUTHKEY> : WITHOUT any quote even with special characters, Authentication key defined on device configuration
      <PRIVKEY> : WITHOUT any quote even with special characters,Private key defined on device configuration

      Step 8 :
      Edit "/etc/snmp/snmptrapd.conf" file to execute zabbix_trap_receiver.pl
      At ending file, add these lines :

      authUser execute zabbix
      perl do "/usr/bin/zabbix_trap_receiver.pl"
      Example of my /etc/snmp/snmptrapd.conf :

      # Example configuration file for snmptrapd
      #
      # No traps are handled by default, you must edit this file!
      #
      # authCommunity log,execute,net public
      # traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold

      #createUser -e <ENGINEID> <USER> SHA <AUTHKEY> AES <PRIVKEY>

      # device 1
      createUser -e "0x80 00 86 45 00 04 30 84 8F 12 04 20 89 3B EE 59 00 00 47 74 01 89 21 98 1F 8B" zabbix SHA VeryLongP@$$w0rdForAuthKey AES VeryLongP@$$w0rdForPrivKey

      # device 2
      createUser -e "0x80 00 40 02 8F 4D E9 00 1A 8B D5 00 32 87 99 00 AB 00 04 8E 00" zabbix SHA VeryLongP@$$w0rdForAuthKey AES VeryLongP@$$w0rdForPrivKey

      authUser execute zabbix
      perl do "/usr/bin/zabbix_trap_receiver.pl"
      Step 9 :
      Restart snmptrapd and zabbix-server
      Code:
      systemctl restart snmptrapd
systemctl restart zabbix-server
      Step 10 :
      On zabbix frontend, create host and "SNMP Trap" item with key snmptrap.fallback and set type to Text.
      This item collect all SNMP traps unmatched by other snmptrap items.

      Step 11 :
      Most of the time, device can be send a test trap to validate your configuration

      END

      Troubleshoot :
      If you have problem to get trap :
      - Check or temporary pass your SELinux to permissive
      - stop snmptrapd and zabbix-server
      Code:
      systemctl stop snmptrapd
systemctl stop zabbix-server
      - Open two SSH terminal, launch snmptrapd in foreground and debug mode :
      Code:
      snmptrapd -f -C -Le -Dusm -c /etc/snmp/snmptrapd.conf
      Try to send snmp trap and check if you have information in your terminal

      --> If no : check firewall
      --> If yes : check if a new file is create "/tmp/zabbix_traps.tmp". zabbix-server/proxy get and delete this file when is running state.

      Try to execute manually /usr/bin/zabbix_trap_receiver.pl without error. Command return "Loaded Zabbix SNMP trap receiver".

      Enjoy

        Comment

        • juano1985
          #2.1
          juano1985 commented
          11-06-2024, 20:35
          Editing a comment
          Thank you so much for this! I finally got SNMP trap working with v3. Cheers!
        • DamienL
          Junior Member
          • Jul 2020
          • 3
          #3
          Hello,

          Thanks for your reply.

          I'll test that and keep you informed !!

            Comment

            • DamienL
              Junior Member
              • Jul 2020
              • 3
              #4
              Hello flamme_2,

              I have followed your steps.
              I have configured as explained and executed manually /usr/bin/zabbix_trap_receiver.pl without error. Command return "Loaded Zabbix SNMP trap receiver".
              Some MIB packages were missing, i had to install them. Many thanks !

              But :

              appliance@zabbix:/tmp$ cat /tmp/zabbix_traps.tmp
              cat: /tmp/zabbix_traps.tmp: No such file or directory


              Why using text instead of log for snmptrap fallback ?
              Did you add snmptrap [regex] also ?
              Should i use this for the monitoring the objects : https://netping.atlassian.net/wiki/s...ng+NetPing+SMS (exemple : monitoring metro availabilty and so one ? :


              ntxTrapMetroAvailabilityIsDisabled NOTIFICATION-TYPE OBJECTS { ntxAlertCreationTime, ntxAlertDisplayMsg, ntxAlertTitle, ntxAlertSeverity } STATUS current DESCRIPTION "Metro availability is disabled." ::= { nutanix 1103 }
              Last edited by DamienL; 10-08-2020, 12:01.

                Comment

                • flamme_2
                  Junior Member
                  • Aug 2018
                  • 7
                  #5
                  Hi Damien,

                  Sorry for the delay of my answer.

                  /tmp/zabbix_traps.tmp is created only by "zabbix_trap_receiver.pl" script when trap is received and immediately captured by Zabbix agent when running.

                  Why using text instead of log for snmptrap fallback ?
                  log working also.

                  Did you add snmptrap [regex] also ?
                  "snmptrap fallback" is used for any snmptrap not already catched.
                  Yes, I use snmptrap [regex] when I'm sure snmptrap fallback working.

                    Comment

                    • chiragvaidya
                      Junior Member
                      • Jun 2019
                      • 6
                      #6
                      flamme_2 i am running zabbix 4.4.9 on ubuntu 18.04 and sucessfully reveiving snmpv2 traps but when i configure SNMPv3 with SHA and AES i can't receive any V3 Traps on my log files.

                        Comment

                        • stanley783
                          #6.1
                          stanley783 commented
                          15-01-2021, 16:04
                          Editing a comment
                          if you mean that your "/tmp/zabbix_traps.tmp" is not updated by snmpv3 traps you recieve then i would say problem is with your snmptrapd.conf. If you followed flamme_2 guide posted here, i see no reason why it would not work for you (got this running on zabbix 4.4.something and 5.0.3)

                          altough in file snmptrapd.conf, i have line - "authUser log,execute zabbix", not sure if "log" necesarry but i put it there

                          if you want to verify if your snmpv3 traps are even comming-> on zabbix host, via SSH, execute "sudo tcpdump -nn src <IP-of-device-sending-traps>" and watch if there are traps comming to port 162
                          if not, problem is with your device snmpv3 setting, also be sure to use AES 128 bit and not 256 bit (this option to choose is sometimes avaliable)
                        • chiragvaidya
                          Junior Member
                          • Jun 2019
                          • 6
                          #7
                          stanley783 i got it working fine.

                            Comment

                            • vissu66@gmail.com
                              Junior Member
                              • Mar 2022
                              • 1
                              #8
                              Listing engine ID for each device is difficult. Can it be replaced with other parameters like ip or device name.

                                Comment

                                Previous template Next
                                Working...