Ad Widget

**Pedro.Almeida** · 25-02-2016, 18:11

Have you tried turning on:

Administration-> General -> Other -> Log unmatched SNMP traps

and see if anything shows up?

Can zabbix user read the trap file?
Have you confirmed the SNMPTrapperFile= setting?

How's your StartSNMPTrapper= setting?

**cico_lt** · 26-02-2016, 10:33

Can't receive Traps on Centos 7 with Zabbix 3.0

Hi,

Thanks for your answer

My current zabbix-server configuration is:

Administration-> General -> Other -> Log unmatched SNMP traps
is checked,

SNMPTrapperFile=/var/log/snmptrap/snmptrap.log

StartSNMPTrapper=1

The services snmptt.service and snmptrapd.service are enabled and started.

Furthermore, the snmptrapd.service has been started with Option: "-On -p /var/run/snmptrapd.pid"

It's very strange that no /var/log/snmptrap/snmptrap.log was created by the application.

I had many errors in zabbix_server.log, like: "cannot stat SNMP trapper file "/var/log/snmptrap/snmptrap.log": [2] No such file or directory",

so I solved creating it by hand with the following command: "touch /var/log/snmptrap/snmptrap.log"

Other suggestions ??

**Crypty** · 29-02-2016, 15:10

Hi,

I have a similar trouble, so we can cooperate somehow. I found that some troubles can be caused by SElinux. I'm doing on it with my colleague so I do not fully understand all issues, but let's summarize it.

I do NOT use SNMPTT, I'm using an external script:
- /usr/lib/zabbix/externalscripts/snmptrap.sh

It is a bash script which should be run when the trap is received, as configured in /etc/snmp/snmptrapd.conf:

Code:

authCommunity log,execute public
authCommunity log,execute PUBLIC
traphandle default /bin/bash /usr/lib/zabbix/externalscripts/snmptrap.sh
disableAuthorization yes

I added the last line just for sure, but I will delete it probaly.

I try to test TRAPS via the following command:

Code:

# snmptrap -Ci -v 2c -c public localhost "" "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB::netSnmpExperimental s test

Or more specific to our environment:

Code:

[root@dmz-zabbix3 ~]# snmptrap -Ci -v 2c -c public localhost "" "RIPEX::trpTemp" RIPEX::trpTemp s "OFF"

If I run this command, it is processed and eventually sent to Zabbix via Zabbix-sender application (configured in bash script). Great.

BUT from this script, I cannot handle MySQL due to SELinux, we could not find how to change it....

My colleague was able to allow bash, zabbix_sender SELinux rules from this file... But not MySQL...

Anyway, I though I would process incoming traps, because I commented out the lines with MySQL... But when I really send receive a trap (displayed in tcpdump, port 162), nothing happens. The script is NOT executed probably...

I'm stuck now. I had it working in CentOS6. And in Ubuntu 14.04 too... But not possible so far in CentOS7.

SNMPTrapper is enabled (=1).

snmpd and snmptrapd are running as follows:

Code:

root      7255  0.0  0.2 222904 10584 ?        Ss   Feb23   1:55 /usr/sbin/snmpd -LS0-6d -f
root      9343  0.0  0.1 224176  7080 ?        Ss   Feb26   0:04 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid -c /etc/snmp/snmptrapd.conf -n -f

Regarding SELinux and MySQL, the last problem log was:

Code:

----
time->Fri Feb 26 15:28:58 2016
type=SYSCALL msg=audit(1456496938.644:4811): arch=c000003e syscall=42 success=no exit=-13 a0=8 a1=7fff59def990 a2=6e a3=7fff59def5d0 items=0 ppid=9374 pid=9376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mysql" exe="/usr/bin/mysql" subj=system_u:system_r:snmpd_t:s0 key=(null)
type=AVC msg=audit(1456496938.644:4811): avc:  denied  { write } for  pid=9376 comm="mysql" name="mysql.sock" dev="dm-2" ino=241 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file
----
time->Fri Feb 26 15:28:58 2016
type=SYSCALL msg=audit(1456496938.664:4812): arch=c000003e syscall=42 success=no exit=-13 a0=8 a1=7ffea4f8ef90 a2=6e a3=7ffea4f8ebd0 items=0 ppid=9408 pid=9410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mysql" exe="/usr/bin/mysql" subj=system_u:system_r:snmpd_t:s0 key=(null)
type=AVC msg=audit(1456496938.664:4812): avc:  denied  { write } for  pid=9410 comm="mysql" name="mysql.sock" dev="dm-2" ino=241 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file

**Pedro.Almeida** · 29-02-2016, 16:25

If you aren't getting any output to the file then it's probably a permission issue (most likely SElinux).

Do a 'getenforce' on a shell (as root) to check it.

If you get anything other than "Disabled" you can try to edit
/etc/selinux/config

and set:

SELINUX=disabled

reboot to make sure settings are applied and confirm with 'getenforce'

Do this for testing and you can re-enable and manually configure it (or leave it disabled).

---

If SElinux was not enabled check if the user running snmptrapd can write to the directory/file.
Also check if zabbix user can read the directory/file.

**Crypty** · 29-02-2016, 16:29

Hi guys,

It was a Firewall issue in my case:

Code:

[root@dmz-zabbix3 ~]# firewall-cmd --permanent --add-port=162/udp
success
[root@dmz-zabbix3 ~]# firewall-cmd --reload
success

And of course, previously, my collegue was editing SELinux, but now it was just Firewall... Will post some updates too!

**Crypty** · 01-03-2016, 14:37

Hi everybody...

So the MySQL SELinux trouble persists... If I want to access the database, it does not work:

Code:

time->Tue Mar  1 13:23:51 2016
type=SYSCALL msg=audit(1456835031.554:6027): arch=c000003e syscall=42 success=no exit=-13 a0=8 a1=7ffef59e19d0 a2=6e a3=7ffef59e1610 items=0 ppid=21945 pid=21947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mysql" exe="/usr/bin/mysql" subj=system_u:system_r:snmpd_t:s0 key=(null)
type=AVC msg=audit(1456835031.554:6027): avc:  denied  { write } for  pid=21947 comm="mysql" name="mysql.sock" dev="dm-2" ino=241 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file

I cannot access the MySQL socket... (but maybe I do not need accessing the database)

--------

Another issue is that every received trap on port 162 is handled twice... So I have it doubled in Zabbix too. It seems the whole script runs twice, for each trap received.

But I do not think I run it from two different places...

Would you guess what could be the reason?

Thanks.

**Crypty** · 01-03-2016, 14:43

Okay,

I probably took the script twice...

I had this in /etc/sysconfig/snmptrapd

Code:

OPTIONS="-Lsd -p /var/run/snmptrapd.pid -c /etc/snmp/snmptrapd.conf -On"

And in the /etc/snmp/snmptrapd.conf I handle the traps via the script...

If I remove -c, it works just fine, just once.

Code:

OPTIONS="-Lsd -p /var/run/snmptrapd.pid -On"

Ad Widget

Can't receive Traps on Centos 7 with Zabbix 3.0

Can't receive Traps on Centos 7 with Zabbix 3.0

Comment

Comment

Comment

Comment

Comment

Comment

Comment