CS> format1 '%y-%m-%l ?%h:%j:%k ?%b ?%P ?%N ?%W ?%v\n' format2 '%y-%m-%l
CS> ?%h:%j:%k ?%b ?%P ?%N ?%W ?%v\n' authCommunity log Cisco logOption f
CS> /var/run/snmp-traps

CS> But I tried loads of different settings for the formats already.

WH> 1) Did you set the formatting for the SNMPv2 traps too? IE, are you
sure you're getting SNMPv1 traps in the first place?

WH> 2) Make sure your config file is being read. Run snmptrapd with "-f -Le
-Dread_config" to see what it's doing.

Greetings Wes,

Thanks for your reply.

I thought that was what the format2 was for? It is also in my original request, but I am very certain I get both SNMPv1 and SNMPv2 traps and neither work. Here is an excerpt of the config_read:

read_config: reading normal configuration tokens
read_config: config path used for snmptrapd:/etc/snmp:/usr/share/snmp:/usr/lib/ snmp:/root/.snmp (persistent path:/var/lib/snmp)
read_config: config dir: /etc/snmp
read_config: Reading configuration /etc/snmp/snmptrapd.conf
read_config: /etc/snmp/snmptrapd.conf:19 examining: format1 %V\n% Agent Address: %A \n Agent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID : %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n U ptime: %T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n --------- ----- \n
read_config: Found a parser. Calling it: format1 / %V\n% Agent Address: %A \n A gent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID: %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n Uptime: % T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n -------------- \n
read_config: /etc/snmp/snmptrapd.conf:20 examining: format2 %V\n% Agent Address: %A \n Agent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID : %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n U ptime: %T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n --------- ----- \n
read_config: Found a parser. Calling it: format2 / %V\n% Agent Address: %A \n A gent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID: %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n Uptime: % T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n -------------- \n
read_config: /etc/snmp/snmptrapd.conf:21 examining: authCommunity log Cisco
read_config: Found a parser. Calling it: authCommunity / log Cisco
read_config: /etc/snmp/snmptrapd.conf:22 examining: logOption s 1
read_config: Found a parser. Calling it: logOption / s 1
read_config: /etc/snmp/snmptrapd.conf:23 examining: logOption f /var/run/snmp-tr aps
read_config: Found a parser. Calling it: logOption / f /var/run/snmp-traps
read_config: /etc/snmp/snmptrapd.local.conf: No such file or directory

I cannot see any error messages or such in there. As I mentioned, I have tried different formatting options, even very basic ones but nothing seems to work.

Thanks again,

Chris Schaatsbergen

OK - I think I've tracked down the problem.

If logging is specified on the command line, this is set up relatively
early (as part of the option processing - around line 837 of snmptrapd.c).

If logging is specified via the config file, this is set up by the library
config processing, which is triggered by "init_snmp()" - around line 1062

However, in between the two - immediately after the option processing
comes a block of code

if (0 == snmp_get_do_logging()) {
traph = netsnmp_add_global_traphandler(NETSNMPTRAPD_PRE_HANDLER,
syslog_handler);
traph->authtypes = TRAP_AUTH_LOG;
snmp_enable_syslog();
} else {
traph = netsnmp_add_global_traphandler(NETSNMPTRAPD_PRE_HANDLER,
print_handler);
traph->authtypes = TRAP_AUTH_LOG;
}

(lines 954-963).
This has the effect of defaulting to using the "syslog_handler" (which
ignores the
format1/format2 directives), rather than the "print_handler" (which
does use them).

I'm attaching a patch which seems to fix this problem,
though it would merit further study before we can apply it to the code.

Dave