I still haven't managed to solve the above problem...so any help would be appreciated. In addition to the above could someone also explain to me how zabbix handles snmp traps, and why you need the snmptrap.sh file?

Does it display the trap details in the GUI or put something up on the alerts page? I dont understand why you need the snmptrap.sh file anyway...and also how zabbix has any interaction with snmp traps. As far as i can see itsn't it net-snmp that does everything? By this i mean aslong as you have net-snmp for example installed on the monitored host and zabbix server then you would simple be emailed everytime an snmp trap even occurs. As long as you have the following config:

Add the line "trapsink <ip address of zabbix server/server with net-snmp installed> <community name>" in the snmp.conf file on the monitored host which should have net-snmp installed on.

Add thine "traphandle default /usr/bin/perl /usr/bin/traptoemail -s <smtp server> -f <from email address> <email address>" to the snmnptrapd.conf on the zabbix server or server with net-snmp installed on. This should then pick up any trap event and send out an email.

Soo where does zabbix and snmptrap.sh come into the action?

It works something like this:

(SNMP Trap) -> snmptrapd -> snmptrap.sh -> zabbix_sender -> (Zabbix)

Basically, the point of snmptrap.sh is to translate a SNMP trap into a Zabbix trap.

You're right that if you just just want to receive emails about traps, and don't need to keep a history of them in Zabbix, the perl script traptoemail should work fine.

If you need me to elaborate further, let me know.

Cheers,
Ken

Hi Ken, thanks for replying!!! I must admit that this is puzzling me quiet abit and would be greatfull if you could elaborate abit more.

"The point of snmptrap.sh is to translate a SNMP trap into a Zabbix trap". By saying this do you mean that the snmptrap.sh file translates the trap into a form which Zabbix can handle...which in turn will allow you to set various triggers and allocate different email groups etc based on the trap?

Woud you be kind enough to help me configure the snmptrap.sh file please. I dont understand where i am going wrong.

Thanks for your help!
Anil

That's correct, for instance, an example trap that net-snmp might hand off to snmptrap.sh could look something like this:

Then, you'll notice in snmptrap.sh:

Which reads each line of the trap (e.g. 'read ip' handles the first line of the trap) and parses out the important info.

Finally,

is what actually sends the data to Zabbix, which corresponds to what you have define $HOST:$KEY as. In your first post, it would be sent to key 'snmptraps' of host 'snmptraps'. You can then set up a trigger for the key 'snmptraps', (assuming you made it type 'Zabbix trapper') which will trigger everytime you send new data to Zabbix.

I'm probably still a little vague...if you're having trouble with a specific part of snmptrap.sh, let me know which.

Cheers,
Ken

Hmmmm ok that kinda makes sense....but im still not seeing anything in zabbix in relation to snmp trap info. The hosts status says "monitored" but availibilty is "unknown" and there is nothing in the latest values section. Here's what ive done so far:

1. Added host:
name=snmpTraps
ip address = (didn't enter an ip address)
port = 10005 (port which zabbix server is on) - do i need to set this to 162?
Set status to monitored....didn't add anything else eg IP address, group etc

2. Added item to host (i.e to snmpTraps)
key=snmpTraps
type=zabbix trapper
type of info=numeric
store value=As is
Allowed host= (i have left this line blank)

3. Edited snmptrap.sh file
ZABBIX_SERVER=<ip address of zabbix server>";
ZABBIX_PORT="10005";
ZABBIX_SENDER="~zabbix/bin/zabbix_sender";
KEY="snmpTraps";
HOST="snmpTraps";

4. Edited snmptrapd.conf file
added line "traphandle default /bin/bash /home/zabbix/bin/snmptrap.sh"

5. Restarted snmptrapd service

I then went along to my server and pulled out the Redundant power cable, this should have triggered an snmp event trap. However i cant see anything happening in zabbix. I haven't setup any triggers for this item yet...but i would still expect something to been shown in the latest values section when a trap occours.

Any ideas on what im doing wrong?

P.S in the zabbix_trapperd.conf file i have set the port to 10003 which is different to the one in zabbix_server.conf. The reason i made this change was because if i had set it to 10005 which is the same as that in zabbix_server.conf it says it can't bind to the port becuase it is already being used.

Here's a couple things you may want to look at (following your points):

(1) You shouldn't need to define an ip address or any specific port for your trap host. For instance, I'm using port 0.

(2) It's probably a good idea to set the type to 'character' instead of 'numeric'. Using an 'allowed host' of 127.0.0.1 worked for me. I'm assuming that snmptrap.sh runs on the same computer as the zabbix server.

(3) Make that the port is the same as what you have in zabbix_trapperd.conf.

To test, you can modify the last line in snmptrap.sh to:

Then send a test trap again. If /tmp/testtrap.txt is blank, the problem is mostly likely with net-snmp or the trap itself; if it looks garbled, you may have to modify how snmptrap.sh parses the trap. If it looks alright, change it back and see if the trap can reach zabbix.

Hi Ken,

Ok it seems as though we are getting somewhere now. I have made the changes you suggested and this is what happens.

It seems as though zabbix is parsing the trap info fine becuase the contents of the testtrap.txt file is: ~zabbix/bin/zabbix_sender <ip address of zabbix server> 10003 snmpTraps:snmpTraps <ip address of sender> 131076 10.30.192.83 "public" IF-MIB::linkUp

BUT when i get rid of the line which is piping the trap info to the testtrap.txt file i.e just leaving echo $ZABBIX_SENDER $ZABBIX_SERVER $ZABBIX_PORT $HOST:$KEY "$str" nothing seems to happen. By this i mean again nothing is showing up in the latest values section and again the host status is monitored but availibility is "unknown". I also noticed yet again in the zabbix_trapperd.log file there is a line which says:
022429:20050322:201425 zabbix_trapperd started
022429:20050322:201425 Cannot bind to port 10003. Another zabbix_trapperd running ?

If you look at the output from "tail -f /var/log/messages" after sending a test trap (in this simply re-setting the snmp agent on a host). Then you can see the trap info coming to the zabbix server.

Something which has just come into my head which im not sure if it is off relivance (since there is trap info in the testtrap.txt file) is that i am running the Micrsoft SNMP agent on a win2k3 box which is in turn sending trap info to the zabbix server which is running net-snmp.

I know that the snmptrap.sh file parses the trap info into a form which zabbix can handle and from that you can particular email groups etc. But one other thing which I would be greatful if you could explain is that where is the info displayed so that you can see which email group your assigning to which trap? i.e zabbix i pressume gets the following info from the snmptrap.sh file:
$ZABBIX_SENDER $ZABBIX_SERVER $ZABBIX_PORT $HOST:$KEY $str
BUT where is the info displayed? Because on the LATEST DATA page the only fileds which are shown is:
DESCRIPTION ** Last check ** Last value ** Change ** History
snmpTraps - - - History

Could you please explain and help me solve this issue...

First, you shouldn't have the echo, it should just be:
Second, it looks like the point of failure is between zabbix_sender and zabbix_trapperd; try running this from your command line:
If it can't reach zabbix_trapperd, you should get an error message; make sure zabbix_trapperd is running. If it won't start, the culprit is probably the port number; you may have to just change it to something else.

Cheers,
Ken

Sorry it was a typo. I did just have $ZABBIX_SENDER $ZABBIX_SERVER $ZABBIX_PORT $HOST:$KEY "$str" in the snmptrap.sh file

How comes zabbix_trapperd.log is still saying
005230:20050323:102801 zabbix_trapperd started
005230:20050323:102801 Cannot bind to port 10003. Another zabbix_trapperd running?

Even though it seems to be running...incidently i have also tried changing the port back to 10005 but still no luck :-(

I think i am getting all my ports mixed up!!! Arghhhh
Can you please confirm:
the port number in zabbix_agentd.conf and zabbix_server.conf can be the same. However this can't be the same as the one in zabbix_trapperd.conf? -but the port in snmptrap.sh has to match the port number in zabbix_trapperd.conf

Can the port numbers in all the .conf and .sh file be the same or do they have to be different?

When i run: ~zabbix/bin/zabbix_sender localhost 10003 snmpTraps:snmpTraps "Test" from the command line, i get "OK" - I can also see details for "last value" and "last check" in the latest values section. SO THIS WORKS!!! BUT when i go and pull the redundant power cable out the back of the server...the value doesn't change..i.e the trap dont get recognised

I think I found what the problem is; I did some testing yesterday myself, and found that if you use zabbix_sender, the actual value shouldn't have any spaces in it unless you enclose the entire value with quotes, e.g.

You'll probably have to alter the section of snmptrap.sh with the cut commands to get the right results...depending on how familiar you are with unix, you could use grep and regular expressions instead of cut.

Cheers,
Ken

Could you tell me which line in snmptrap.sh i would have to alter? and what it needs to be changed to please? As i am not fimiliar with the syntax used

ORIGINAL CONFIG:
oid=`echo $oid|cut -f2 -d' '`
address=`echo $address|cut -f2 -d' '`
community=`echo $community|cut -f2 -d' '`
enterprise=`echo $enterprise|cut -f2 -d' '`

oid=`echo $oid|cut -f11 -d'.'`
community=`echo $community|cut -f2 -d'"'

Which one would i be changing oid, enterprise..?

The changes will vary by trap format...you may want to set snmptrapd to log to a file to see the full trap text.

As for syntax, basically the "<variable> = `echo $<variable> | cut <etc>`" lines are carving up the lines read from the trap earlier. Cut return the field specified by -f using the delimiter specified by -d. For example, if I used

it would return 'gladly', since I'm splitting it up by spaces(-d' ') and I want the third field(the fields would be I, will, gladly, ..etc).

Cheers,
Ken