Ad Widget

Collapse

snmp trap receiver

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • confused
    Junior Member
    • Nov 2017
    • 2
    #1

    snmp trap receiver

    Hi,
    I installed zabbix 3.4 on my ubuntu server but i cant receive traps using zabbix_trap_receiver.pl

    - I've put zabbix_trap_receiver.pl in /usr/bin/ (and edited trapper file location)
    - I've created empty file "zabbix_traps.log" and put it in /var/log/zabbix/ where my zabbix_server.log is also and gave zabbix user permission to write
    - in /etc/snmp I've edited "snmpd.conf" bolded below:

    Code:
    ###############################################################################
#
# EXAMPLE.conf:
#   An example configuration file for configuring the Net-SNMP agent ('snmpd')
#   See the 'snmpd.conf(5)' man page for details
#
#  Some entries are deliberately commented out, and will need to be explicitly activated
#
###############################################################################
#
#  AGENT BEHAVIOUR
#

#  Listen for connections from the local system only
[B]#agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
[/B]


###############################################################################
#
#  SNMPv3 AUTHENTICATION
#
#  Note that these particular settings don't actually belong here.
#  They should be copied to the file /var/lib/snmp/snmpd.conf
#     and the passwords changed, before being uncommented in that file *only*.
#  Then restart the agent

#  createUser authOnlyUser  MD5 "remember to change this password"
#  createUser authPrivUser  SHA "remember to change this one too"  DES
#  createUser internalUser  MD5 "this is only ever used internally, but still change the password"

#  If you also change the usernames (which might be sensible),
#  then remember to update the other occurances in this example config file to match.



###############################################################################
#
#  ACCESS CONTROL
#

                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
 rocommunity public  default    -V systemonly
                                                 #  rocommunity6 is for IPv6
 rocommunity6 public  default   -V systemonly
 
 rocommunity zabbix

                                                 #  Full access from an example network
                                                 #     Adjust this network address to match your local
                                                 #     settings, change the community string,
                                                 #     and check the 'agentAddress' setting above
#rocommunity secret  10.0.0.0/16

                                                 #  Full read-only access for SNMPv3
 rouser   authOnlyUser
                                                 #  Full write access for encrypted requests
                                                 #     Remember to activate the 'createUser' lines above
#rwuser   authPrivUser   priv

#  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
#  r[ow]user and r[ow]community, together with suitable views, should cover most requirements



###############################################################################
#
#  SYSTEM INFORMATION
#

#  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
#  See snmpd.conf(5) for more details
sysLocation    Sitting on the Dock of the Bay
sysContact     Me <[email protected]>
                                                 # Application + End-to-End layers
sysServices    72


#
#  Process Monitoring
#
                               # At least one  'mountd' process
proc  mountd
                               # No more than 4 'ntalkd' processes - 0 is OK
proc  ntalkd    4
                               # At least one 'sendmail' process, but no more than 10
proc  sendmail 10 1

#  Walk the UCD-SNMP-MIB::prTable to see the resulting output
#  Note that this table will be empty if there are no "proc" entries in the snmpd.conf file


#
#  Disk Monitoring
#
                               # 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk       /     10000
disk       /var  5%
includeAllDisks  10%

#  Walk the UCD-SNMP-MIB::dskTable to see the resulting output
#  Note that this table will be empty if there are no "disk" entries in the snmpd.conf file


#
#  System Load
#
                               # Unacceptable 1-, 5-, and 15-minute load averages
load   12 10 5

#  Walk the UCD-SNMP-MIB::laTable to see the resulting output
#  Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file



###############################################################################
#
#  ACTIVE MONITORING
#

                                    #   send SNMPv1  traps
 trapsink     localhost public
                                    #   send SNMPv2c traps
#trap2sink    localhost public
                                    #   send SNMPv2c INFORMs
#informsink   localhost public

#  Note that you typically only want *one* of these three lines
#  Uncommenting two (or all three) will result in multiple copies of each notification.


#
#  Event MIB - automatically generate alerts
#
                                   # Remember to activate the 'createUser' lines above
iquerySecName   internalUser       
rouser          internalUser
                                   # generate traps on UCD error conditions
[B]#defaultMonitors          yes
                                   # generate traps on linkUp/Down
#linkUpDownNotifications  yes
[/B]


###############################################################################
#
#  EXTENDING THE AGENT
#

#
#  Arbitrary extension commands
#
 extend    test1   /bin/echo  Hello, world!
 extend-sh test2   echo Hello, world! ; echo Hi there ; exit 35
#extend-sh test3   /bin/sh /tmp/shtest

#  Note that this last entry requires the script '/tmp/shtest' to be created first,
#    containing the same three shell commands, before the line is uncommented

#  Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
#     and nsExtendOutput2Table) to see the resulting output

#  Note that the "extend" directive supercedes the previous "exec" and "sh" directives
#  However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
#     as well as the fuller results in the above tables.


#
#  "Pass-through" MIB extension command
#
#pass .1.3.6.1.4.1.8072.2.255  /bin/sh       PREFIX/local/passtest
#pass .1.3.6.1.4.1.8072.2.255  /usr/bin/perl PREFIX/local/passtest.pl

# Note that this requires one of the two 'passtest' scripts to be installed first,
#    before the appropriate line is uncommented.
# These scripts can be found in the 'local' directory of the source distribution,
#     and are not installed automatically.

#  Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output


#
#  AgentX Sub-agents
#
                                           #  Run as an AgentX master agent
 master          agentx
                                           #  Listen for network connections (from localhost)
                                           #    rather than the default named socket /var/agentx/master
#agentXSocket    tcp:localhost:705

[B]authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";
[/B]
    I dont have snmptrapd.conf just snmpd.conf

    When I test it by sending traps from another linux server, tcpdump on zabbix server shows them, but zabbix server log doesnt log any error and zabbix_traps.log is empty.

    I've restarted server and snmpd service multiple times and I saw that when I add last line in my snmpd.conf perl do "/usr/bin/zabbix_trap_receiver.pl"; i get error in snmpd service status:
    Code:
    ● snmpd.service - LSB: SNMP agents
   Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled)
   Active: active (running) since Fri 2017-11-17 09:56:13 CET; 2s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 21654 ExecStop=/etc/init.d/snmpd stop (code=exited, status=0/SUCCESS)
  Process: 21663 ExecStart=/etc/init.d/snmpd start (code=exited, status=0/SUCCESS)
    Tasks: 1
   Memory: 4.3M
      CPU: 28ms
   CGroup: /system.slice/snmpd.service
           └─21670 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid

Nov 17 09:56:13 zabbix systemd[1]: Starting LSB: SNMP agents...
Nov 17 09:56:13 zabbix snmpd[21663]:  * Starting SNMP services:
Nov 17 09:56:13 zabbix snmpd[21668]: Turning on AgentX master support.
Nov 17 09:56:13 zabbix snmpd[21663]: Can't locate NetSNMP/agent.pm in @INC (you may need to install the NetSNMP::agent module) (@INC
Nov 17 09:56:13 zabbix snmpd[21663]: BEGIN failed--compilation aborted at /usr/share/snmp/snmp_perl.pl line 5.
Nov 17 09:56:13 zabbix snmpd[21668]: [B]embedded perl support failed to initialize (perl_parse(/usr/share/snmp/snmp_perl.pl) returned 2
[/B]Nov 17 09:56:13 zabbix systemd[1]: Started LSB: SNMP agents.
Nov 17 09:56:13 zabbix snmpd[21670]: NET-SNMP version 5.7.3
    and my snmp_perl.pl contains only this:
    Code:
    ##
## SNMPD perl initialization file.
##

use NetSNMP::agent;
$agent = new NetSNMP::agent('dont_init_agent' => 1,
			    'dont_init_lib' => 1);
    Any ideas on how to get this thing to work?
    Tags: perl, snmp
    • allexpetrov
      Senior Member
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2017
      • 361
      #2
      Hi,

      So in ubuntu you need to install snmptrap package separately.

      Code:
      sudo apt install snmptrapd -y
      And changes for snmptraps must be performed in snmptrapd.conf file

      Regards,
      Alex!

        Comment

        • confused
          Junior Member
          • Nov 2017
          • 2
          #3
          I installed snmptt package and pearl error dissapeard.

          Now i've installed snmptrapd package and nothing happens. Zabbix_traps.log file is empty, and zabbix_server.log has no new errors.

          My new snmptrapd.conf contains only this:
          authCommunity execute public
          perl do "/usr/bin/zabbix_trap_receiver.pl";

          Is that ok? Or do I have to copy this somewhere else?

            Comment

            • Guntis
              Junior Member
              • Mar 2019
              • 18
              #4
              Hi! Since I found this and many others posts with same problem and no answer, after a while I finally came up with solution, hope this helps someone in future

              By running "ps ax | grep snmptrapd" I noticed that there is no snmptrapd process running although service seemed to be running fine. So after some digging I found it that there is default setting:
              TRAPDRUN=no in file /etc/default/snmptrapd which had to be changed to TRAPDRUN=yes

              you can also add logging to file by changing TRAPDOPTS to:
              TRAPDOPTS='-Lsd -Lf /var/log/snmptrapd.log -p /run/snmptrapd.pid'

              I also disable snmpd service in /etc/default/snmpd by setting "SNMPDRUN=no" although, not sure if this is neccessary.
              Also I had to edit /usr/bin/zabbix_trap_receiver.pl, because running script from shell threw error
              Undefined subroutine &NetSNMP::TrapReceiver::register called at /usr/bin/zabbix_trap_receiver.pl line 112.
              Fix was to add this, to beginning of file /usr/bin/zabbix_trap_receiver.pl:
              #!/usr/bin/env perl
              use NetSNMP::TrapReceiver;

              Now restart the SNMPTRAPD service:
              systemctl daemon-reload
              systemctl restart snmptrapd.service

              And woala /tmp/zabbix_traps.tmp is being created automatically and filled with traps

              P.S. This solution is tested on Ubuntu 16.04 and Zabbix 4.0.5

                Comment

                • forzaTOTTI
                  Junior Member
                  • Dec 2018
                  • 8
                  #5
                  Hi,

                  is it normal behavior that zabbix_server.log is filled with snmp traps as well. I have zabbix_server log file in /var/log/zabbix/zabbix_server.log and snmptrap file is in /var/log/zabbix_snmptrap/snmptrap.log. Both log files are receiving those snmp traps and it's almost impossible to find any correct zabbix-server related log information from there because I have quite a few network device chich are sending snmp traps to my Zabbix.
                  How could I fix this, so that traps would go only in the right snmptrap.log file?

                  Br
                  JP

                    Comment

                    • Azo_the_elk
                      Junior Member
                      • May 2021
                      • 1
                      #6
                      forzaTOTTI
                      Hi,

                      This might be too late but there is a setting under Adminstration/General/Other (depending on the version, the menu might change) mentionning "Log unmatched SNMP traps". If you activate this check, any trap not being captured under a host will get thrown in the server logs.

                        Comment

                        Previous template Next
                        Working...