Hello. I have a problem that has been repeteadly asked in the forums but I still don't find a response.
I have a proxy that monitors about 300 Raspberry Pi devices, via a VPN that the server cannot access.
The proxy is running the Ubuntu latest image in a docker container, active mode. The snmptrapd daemon is the Redhat Linux native (no container).
The server is also running in containers, and is able to poll all the Raspberry devices correctly via the proxy. There are not firewall issues between proxy and server, they are in the same subnet. Only the proxy has the extra VPN interface.
My problem is, the server is not receiving any SNMP trap sent by the devices via the proxy.
If a device sends a trap to the proxy IP address:
UDP: [10.5.0.13]:47237->[10.5.0.1]:162
DISMAN-EVENT-MIB::sysUpTimeInstance = 9
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.0.2
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
20240227.123002 ZBXTRAP 10.5.0.13
UDP: [10.5.0.13]:53844->[10.5.0.1]:162
DISMAN-EVENT-MIB::sysUpTimeInstance = 9
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.
243:20240227:152220.762 unmatched trap received from "192.168.8.100": 20240227.122220 UDP: [10.5.0.76]:42713->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.8.100
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:152221.762 unmatched trap received from "10.5.0.76": 20240227.122220 UDP: [10.5.0.76]:44388->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:153002.829 unmatched trap received from "192.168.0.2": 20240227.123002 UDP: [10.5.0.13]:47237->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.0.2
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:153003.829 unmatched trap received from "10.5.0.13": 20240227.123002 UDP: [10.5.0.13]:53844->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
I don't know why the proxy logs all alarms as "unmatched", and the server does not, when both have the same snmpd/snmp/snmptrapd agents setup.
Thanks in advance,
I have a proxy that monitors about 300 Raspberry Pi devices, via a VPN that the server cannot access.
The proxy is running the Ubuntu latest image in a docker container, active mode. The snmptrapd daemon is the Redhat Linux native (no container).
The server is also running in containers, and is able to poll all the Raspberry devices correctly via the proxy. There are not firewall issues between proxy and server, they are in the same subnet. Only the proxy has the extra VPN interface.
My problem is, the server is not receiving any SNMP trap sent by the devices via the proxy.
If a device sends a trap to the proxy IP address:
- The trap is correctly received by snmptrapd in the proxy server, and is correctly written by zabbix_trap_handler.sh in the temp file:
UDP: [10.5.0.13]:47237->[10.5.0.1]:162
DISMAN-EVENT-MIB::sysUpTimeInstance = 9
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.0.2
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
20240227.123002 ZBXTRAP 10.5.0.13
UDP: [10.5.0.13]:53844->[10.5.0.1]:162
DISMAN-EVENT-MIB::sysUpTimeInstance = 9
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.
- The proxy reads correctly the temp file, as seen by the docker logs:
243:20240227:152220.762 unmatched trap received from "192.168.8.100": 20240227.122220 UDP: [10.5.0.76]:42713->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.8.100
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:152221.762 unmatched trap received from "10.5.0.76": 20240227.122220 UDP: [10.5.0.76]:44388->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:153002.829 unmatched trap received from "192.168.0.2": 20240227.123002 UDP: [10.5.0.13]:47237->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = 192.168.0.2
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
243:20240227:153003.829 unmatched trap received from "10.5.0.13": 20240227.123002 UDP: [10.5.0.13]:53844->[10.5.0.1]:162
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = NET-SNMP-MIB::netSnmpAgentOIDs.10
- [And that is all. The server never gets any trap from the proxy. If I send the same trap from some other host directly to the server, it is received, processed and displayed in the GUI (for example, it is enough to stop/start the snmpd daemon in a host or device, in order to receive the "shutdown" and "cold start" traps). The server logs do not contain anything about a received or discarded trap from the proxy.
I don't know why the proxy logs all alarms as "unmatched", and the server does not, when both have the same snmpd/snmp/snmptrapd agents setup.
Thanks in advance,