Difference between revisions of "TUT:Configuring snmptrapd"
(added numeric OIDs; added generic trap list; repeated snmptrap command, to understand the examples better; added two links to TUT:snmptrap) |
m (Fix generic/specific type - reported by Jacek Poplawski) |
||
Line 60: | Line 60: | ||
==== Matching SNMPv1 OIDs ==== | ==== Matching SNMPv1 OIDs ==== | ||
− | SNMPv1 traps fall into two broad categories: ''generic'' and ''enterprise specific''. Generic traps use ''trap types'' 0 through 5, and do not use the ''specific type''. To match a generic trap, the traphandle OID should be the SNMPv2-MIB::snmpTraps OID, with an additional final OID of the ''trap type'' + 1. For example, to match linkDown traps ('' | + | SNMPv1 traps fall into two broad categories: ''generic'' and ''enterprise specific''. Generic traps use ''trap types'' 0 through 5, and do not use the ''specific type''. To match a generic trap, the traphandle OID should be the SNMPv2-MIB::snmpTraps OID, with an additional final OID of the ''trap type'' + 1. For example, to match linkDown traps (''trap type'' 2), the correct OID would be "1.3.6.1.6.3.1.1.5.3" (or SNMPv2-MIB::snmpTraps.3, which is also IF-MIB::linkDown). |
''SNMPv2-MIB::snmpTraps 1.3.6.1.6.3.1.1.5'' | ''SNMPv2-MIB::snmpTraps 1.3.6.1.6.3.1.1.5'' | ||
Line 69: | Line 69: | ||
SNMPv2-MIB::authenticationFailure 1.3.6.1.6.3.1.1.5.'''5''' | SNMPv2-MIB::authenticationFailure 1.3.6.1.6.3.1.1.5.'''5''' | ||
− | When the '' | + | When the ''trap type'' is 6, the trap is an ''enterprise specific'' trap. When matching these traps, the traphandle OID is constructed using the enterprise OID and ''specific type'' specified in the trap. Earlier in the tutorial, we sent a SNMPv1 enterprise specific trap with an enterprise OID of UCD-TRAP-TEST-MIB::demotraps, a ''trap type'' of 6 and a ''specific type'' of 17. To match this trap type, the traphandle OID should be the enterprise OID, plus 0, plus the ''specific type''. So the correct OID would be ".1.3.6.1.4.1.2021.13.990.0.17" (or UCD-TRAP-TEST-MIB::demoTrap). |
==== Matching SNMPv2 OIDs ==== | ==== Matching SNMPv2 OIDs ==== |
Latest revision as of 12:34, 19 January 2011
snmptrapd is a Net-SNMP application that lets operators receive SNMP notifications (informs and traps) and process them.
Contents
Configuring snmptrapd to allow traps in the door
By default, snmptrapd does not do anything with received notifications. You have to tell it what you want to receive notifications.
Configuring snmptrapd to accept SNMPv1 or SNMPv2c notifications
To receive SNMPv1 or SNMPv2c notifications you need to tell snmptrapd your community strings. The easiest way to do this is by using the authCommunity snmptrapd.conf configuration file token. For example, this line:
authCommunity log,execute,net public
Will let snmptrapd process notifications received using the "public" community string. Those notifications may be logged, allowed to trigger executable actions (see below), and resend data to the network (forward).
Configuring snmptrap to accept SNMPv3 notifications
SNMPv3 adds security to the SNMP protocol and is a safer way to receive notification data. But, it's a bit more complex to set up. Configuration of SNMPv3 notifications is described fully on a separate page:
Processing Notifications
Generating traps is only half of the battle. We also need something
to receive the notification, and respond accordingly.
The Net-SNMP suite includes an application snmptrapd
which can accept and process such notifications.
By default, it will simply log all incoming notifications via syslog.
The two snmptrap
commands described in TUT:snmptrap#SNMPv1_Traps:
$ snmptrap -v 1 -c public host UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" \ SNMPv2-MIB::sysLocation.0 s "Just here"
and
$ snmptrap -v 2c -c public host "" UCD-NOTIFICATION-TEST-MIB::demoNotif \ SNMPv2-MIB::sysLocation.0 s "Just here"
would be logged as:
1999-11-12 23:26:07 localhost [127.0.0.1] UCD-TRAP-TEST-MIB::demotraps: Enterprise Specific Trap (demoTrap) Uptime: 1 day, 5:34:06 SNMPv2-MIB::sysLocation.0 = "Just here"
and
1999-11-13 08:31:33 localhost [127.0.0.1]: SNMPv2-MIB::sysUpTime.0 = Timeticks: (13917129) 1 day, 14:39:31.29 SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-NOTIFICATION-TEST-MIB::demoNotif SNMPv2-MIB::sysLocation.0 = "just here"
respectively (MIB is defined in TUT:snmptrap#Trap_Definitions).
Trap Handlers
The snmptrapd utility also has the ability to execute other programs on the reception of a trap. This is controlled by the traphandle directive, with the syntax
traphandle OID command
Notice, that this only takes an OID to determine which trap (or notification) is received. This means that SNMPv1 traps, which have a trap type and specific type, need to be represented in SNMPv2 format, which is described in RFC 2089.
Matching SNMPv1 OIDs
SNMPv1 traps fall into two broad categories: generic and enterprise specific. Generic traps use trap types 0 through 5, and do not use the specific type. To match a generic trap, the traphandle OID should be the SNMPv2-MIB::snmpTraps OID, with an additional final OID of the trap type + 1. For example, to match linkDown traps (trap type 2), the correct OID would be "1.3.6.1.6.3.1.1.5.3" (or SNMPv2-MIB::snmpTraps.3, which is also IF-MIB::linkDown).
SNMPv2-MIB::snmpTraps 1.3.6.1.6.3.1.1.5 SNMPv2-MIB::coldStart 1.3.6.1.6.3.1.1.5.1 SNMPv2-MIB::warmStart 1.3.6.1.6.3.1.1.5.2 IF-MIB::linkDown 1.3.6.1.6.3.1.1.5.3 IF-MIB::linkUp 1.3.6.1.6.3.1.1.5.4 SNMPv2-MIB::authenticationFailure 1.3.6.1.6.3.1.1.5.5
When the trap type is 6, the trap is an enterprise specific trap. When matching these traps, the traphandle OID is constructed using the enterprise OID and specific type specified in the trap. Earlier in the tutorial, we sent a SNMPv1 enterprise specific trap with an enterprise OID of UCD-TRAP-TEST-MIB::demotraps, a trap type of 6 and a specific type of 17. To match this trap type, the traphandle OID should be the enterprise OID, plus 0, plus the specific type. So the correct OID would be ".1.3.6.1.4.1.2021.13.990.0.17" (or UCD-TRAP-TEST-MIB::demoTrap).
Matching SNMPv2 OIDs
SNMPv2 traps and informs are much easier, because they include the correct OID in the SNMPv2-MIB::snmpTrapOID.0 variable in the trap.
Example handler script
The command specifies a command to be executed by snmptrapd upon reception by the command. This command is executed with the data of the trap as its standard input. The first line is the host name, the second the IP address of the trap sender, and the following lines consists of an OID VALUE pair with the data from the received trap.
A simple shell script to be called from snmptrapd is the following:
#!/bin/sh read host read ip vars= while read oid val do if [ "$vars" = "" ] then vars="$oid = $val" else vars="$vars, $oid = $val" fi done echo trap: $1 $host $ip $vars
Now, given the following sample snmptrapd.conf file,
# the generic traps traphandle SNMPv2-MIB::coldStart /home/nba/bin/traps cold traphandle SNMPv2-MIB::warmStart /home/nba/bin/traps warm traphandle IF-MIB::linkDown /home/nba/bin/traps down traphandle IF-MIB::linkUp /home/nba/bin/traps up traphandle SNMPv2-MIB::authenticationFailure /home/nba/bin/traps auth # this one is deprecated traphandle .1.3.6.1.6.3.1.1.5.6 /home/nba/bin/traps egp-neighbor-loss # enterprise specific traps traphandle UCD-TRAP-TEST-MIB::demoTrap /home/nba/bin/traps demo-trap traphandle UCD-NOTIFICATION-TEST-MIB::demoNotif /home/nba/bin/traps demo-notif
The following snmptrap invocation, to issue a generic Link down trap (OID 1.3.6.1.6.3.1.1.5.3),
% snmptrap -v 1 -c public localhost TRAP-TEST-MIB::demotraps localhost 2 0 "" \ IF-MIB::ifIndex i 1
results in the following output from snmptrapd:
1999-11-13 12:46:49 localhost [127.0.0.1] TRAP-TEST-MIB::traps: Link Down Trap (0) Uptime: 1 day, 18:54:46.27 IF-MIB::ifIndex.0 = 1
and the following output from the handler:
trap: down localhost 127.0.0.1 SNMPv2-MIB::sysUpTime = 1:18:54:46.27, SNMPv2-MIB::snmpTrapOID = IF-MIB::linkDown, IF-MIB::ifIndex.0 = 1, SNMPv2-MIB::snmpTrapEnterprise = TRAP-TEST-MIB::traps
and issuing our enterprise specific trap (.1.3.6.1.4.1.2021.13.990.0.17) gives this output from our handler:
trap: demoTrap localhost 127.0.0.1 SNMPv2-MIB::sysUpTime = 1:19:00:48.01, SNMPv2-MIB::snmpTrapOID = UCD-TRAP-TEST-MIB::demoTrap, SNMPv2-MIB::sysLocation.0 = "just here", SNMPv2-MIB::snmpTrapEnterprise = UCD-TRAP-TEST-MIB::traps
and finally our enterprise specific notification:
trap: demoNotif localhost 127.0.0.1 SNMPv2-MIB::sysUpTime.0 = 1:19:02:06.33, SNMPv2-MIB::snmpTrapOID.0 = UCD-NOTIFICATION-TEST-MIB::demoNotif, SNMPv2-MIB::sysLocation.0 = "just here"
Tutorial Sections
About the SNMP Protocol
These tutorial links talk about SNMP generically and how the protocol itself works. They are good introductory reading material and the concepts are important to understand before diving into the later tutorials about Net-SNMP itself.
- How SNMP Works: About the protocol itself (GETs, GETNEXTs, etc)
- What data is in SNMP: All about SNMP Management Information Bases (MIBs)
- Securing SNMP: How to use the SNMP protocol securely
Net-SNMP Command Line Applications
These tutorial pages discuss the command line tools provided in the Net-SNMP suite of tools. Nearly all the example commands in these tutorials works if you try it yourself, as they're all examples that talk to our online Net-SNMP test agent. Given them a shot!
- snmptranslate: learning about the MIB tree.
- snmpget: retrieving data from a host.
- snmpgetnext: retrieving unknown indexed data.
- snmpwalk: retrieving lots of data at once!
- snmptable: displaying a table.
- snmpset: peforming write operations.
- snmpbulkget: communicates with a network entity using SNMP GETBULK request
- snmpbulkwalk: retrieve a sub-tree of management values using SNMP GETBULK requests.
- snmptrap: Sending and receiving traps, and acting upon them.
- Traps/informs with SNMPv3/USM: Sending and receiving SNMPv3/USM TRAPs and INFORMs
- Sending Traps/Informs via AgentX: Sending notifications from the command line through snmpd
- Common command line options:
- Writing mib2c config files
Application Configuration
All of our applications support configuration to allow you to customize how they behave.
Net-SNMP Daemons
Net-SNMP comes with two long-running daemons: a SNMP agent (snmpd) for responding to management requests and a notification receiver (snmptrapd) for receiving SNMP notifications.
- SNMP Agent (snmpd) Configuration
- SNMP Notification Receiver (snmptrapd)
- Agent Monitoring
Coding Tutorials
Net-SNMP comes with a highly flexible and extensible API. The API allows you to create your own commands, add extensions to the agent to support your own MIBs and perform specialized processing of notifications.
- Client / Manager Coding Tutorials
- Agent Coding Tutorials
- The Agent Architecture page might be worth reading before or after the agent coding tutorials, and describes how the Agent Helpers work under the hood.
- Writing a mib module to serve information described by an SNMP MIB, and how to compile it into the net-snmp snmpd agent.
- Writing a Dynamically Loadable Object that can be loaded into the SNMP agent.
- Writing a Subagent that can be run to attach to the snmpd master agent.
- Writing a perl plugin to extend the agent using the NetSNMP::agent module.
- Writing shell scripts to extend the agent
- Using mib2c to help write an agent code template for you
- Header files and autoconf
Debugging SNMP Applications and Agents
All our tools and applications have extensive debugging output. These tutorials talk about how the debugging system works and how you can add your own debugging statements to you code:
- Debugging output printed using the -D command line option
- Using -Ddump to display packet breakdowns
- Debugging using GDB
Operating System Specific Tutorials
- Building With Visual Studio 2005 Express
- Building Net-SNMP 64-bit with Visual C++ 2010 Express
- Net-Snmp on Ubuntu
- Net-SNMP and lm-sensors on Ubuntu 10.04
- Net-SNMP for windows: