Discussion:
[net-snmp] How to log traps using snmptrad daemon
Ruth Garzón
2017-01-20 13:55:53 UTC
Permalink
Hi!

First I have to say I have no experience with SNMP traps at all, but I need
to have some trap service receiving traps from a device and logging them
into our systems so we can monitor the device.

I have the following installed:
- Windows server 2012 R2 Standard
- I downloaded this package: net-snmp-5.7-1.win32.exe

I have a vendor MIB which I placed in C:\usr\share\snmp\mibs
I think that part is fine because I could run successfully commands like
this which return the proper OID:
C:\usr\bin>snmptranslate -IR -On trapAccessAuthFail
.1.3.6.1.4.1.23629.3.1.1.11

I have registered snmptrad trap receiver with this command:
snmptrapd.exe -register -Lf 7 d:/LogFiles/snmptrap/snmptrapd.log 10.155.3.30

I am trying to test to log some trap by using this example:
snmptrap -v 3 -c public -n "" -l noAuthNoPriv -u TestSNMP 10.155.3.30
uptime .1.3.6.1.4.1.23629.3.1.1.11


I have only configured the snmptrapd.conf file and place there options like
this:
createUser TestSNMP
authUser log TestSNMP noauth
format2 "%02.2h:%02.2j:%02.%k TRAP%W.%P from %A\n"
outputOption -Os

And my snmp.conf like this:
defSecuritylevel noAuthNoPriv
defSecurityName TestSNMP
mibs +SAFENET-LunaEFT-MIB
mibdirs C:/usr/share/snmp/mibs
defVersion 3
showMibErrors yes
logTimestamp no
dumpPacket true

The only way I can see something being logged in my log file is when I set
this:
dumpPacket true

And I think this output in my logs with the dump enabled is correct:
Received 131 byte packet from UDP: [10.155.3.30]:49272->[0.0.0.0]:0
0000: 30 81 80 02 01 03 30 0F 02 02 39 5F 02 03 00 FF 0.....0...9_...
0016: E3 04 01 00 02 01 03 04 29 30 27 04 11 80 00 1F γ.......)0'.....
0032: 88 80 94 35 00 00 C1 11 82 58 00 00 00 00 02 01 ..”5..Α.‚X......
0048: 01 02 01 00 04 08 54 65 73 74 53 4E 4D 50 04 00 ......TestSNMP..
0064: 04 00 30 3F 04 11 80 00 1F 88 80 94 35 00 00 C1 ..0?.......”5..Α
0080: 11 82 58 00 00 00 00 04 00 A7 28 02 02 35 95 02 .‚X......§(..5•.
0096: 01 00 02 01 00 30 1C 30 1A 06 0A 2B 06 01 06 03 .....0.0...+....
0112: 01 01 04 01 00 06 0C 2B 06 01 04 01 81 B8 4D 03 .......+.....ΈM.
0128: 01 01 0B ...

I am curious to know how can I log the trap information to have at the end
something like this or at least not Hex info like above:
#<SNMP::SNMPv1_Trap:0x5161ac1d @enterprise=[1.3.6.1.4.1.2854],
@timestamp=#<SNMP::TimeTicks:0x5fa65841 @value=59948346>, @varbind_list=[],
@specific_trap=1, @source_ip="10.155.3.30",
@agent_addr=#<SNMP::IpAddress:0x5b99c76d @value="\n\x9B\x03\x1E">,
@generic_trap=6>


I have been not successful so far with the man files for snmptrapd.conf,
snmpd.conf, snmpcmd... maybe I am totally wrong with my understanding of
how to make this package work?

I don't have any other configuration files, or any other services from the
package installed/running at the same time as snmptrapd daemon.

Thanks a lot and kind regards,
Ruth
Ruth Garzón
2017-01-27 10:16:47 UTC
Permalink
Hi,

I managed to have the right configuration. I was missing the EngineID in
snmptrapd.conf file.
I was not understanding exactly what is this for, and did not see it in my
device configuration which got me even more "confused".

A good thing I found in another thread was to debug properly. For that in
snmp.conf:

dumpPacket true
doDebugging 1



I found out the error was with the User not being properly registered and
found the missing part.
So in my snmptrapd.conf the correct line should look like this (with same
EngineID as the device sending the traps)

createUser -e xxxxxxxxxx TestSNMP


This also helped me:
http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications


KR
Ruth
Post by Ruth Garzón
Hi!
First I have to say I have no experience with SNMP traps at all, but I
need to have some trap service receiving traps from a device and logging
them into our systems so we can monitor the device.
- Windows server 2012 R2 Standard
- I downloaded this package: net-snmp-5.7-1.win32.exe
I have a vendor MIB which I placed in C:\usr\share\snmp\mibs
I think that part is fine because I could run successfully commands like
C:\usr\bin>snmptranslate -IR -On trapAccessAuthFail
.1.3.6.1.4.1.23629.3.1.1.11
snmptrapd.exe -register -Lf 7 d:/LogFiles/snmptrap/snmptrapd.log 10.155.3.30
snmptrap -v 3 -c public -n "" -l noAuthNoPriv -u TestSNMP 10.155.3.30
uptime .1.3.6.1.4.1.23629.3.1.1.11
I have only configured the snmptrapd.conf file and place there options
createUser TestSNMP
authUser log TestSNMP noauth
format2 "%02.2h:%02.2j:%02.%k TRAP%W.%P from %A\n"
outputOption -Os
defSecuritylevel noAuthNoPriv
defSecurityName TestSNMP
mibs +SAFENET-LunaEFT-MIB
mibdirs C:/usr/share/snmp/mibs
defVersion 3
showMibErrors yes
logTimestamp no
dumpPacket true
The only way I can see something being logged in my log file is when I set
dumpPacket true
Received 131 byte packet from UDP: [10.155.3.30]:49272->[0.0.0.0]:0
0000: 30 81 80 02 01 03 30 0F 02 02 39 5F 02 03 00 FF
0.....0...9_...
0016: E3 04 01 00 02 01 03 04 29 30 27 04 11 80 00 1F
γ.......)0'.....
0032: 88 80 94 35 00 00 C1 11 82 58 00 00 00 00 02 01
..”5..Α.‚X......
0048: 01 02 01 00 04 08 54 65 73 74 53 4E 4D 50 04 00
......TestSNMP..
0064: 04 00 30 3F 04 11 80 00 1F 88 80 94 35 00 00 C1
..0?.......”5..Α
0080: 11 82 58 00 00 00 00 04 00 A7 28 02 02 35 95 02
.‚X......§(..5•.
0096: 01 00 02 01 00 30 1C 30 1A 06 0A 2B 06 01 06 03
.....0.0...+....
0112: 01 01 04 01 00 06 0C 2B 06 01 04 01 81 B8 4D 03
.......+.....ΈM.
0128: 01 01 0B ...
I am curious to know how can I log the trap information to have at the end
@timestamp=#<SNMP::TimeTicks:0x5fa65841 @value=59948346>,
@varbind_list=[], @specific_trap=1, @source_ip="10.155.3.30",
@agent_addr=#<SNMP::IpAddress:0x5b99c76d @value="\n\x9B\x03\x1E">,
@generic_trap=6>
I have been not successful so far with the man files for snmptrapd.conf,
snmpd.conf, snmpcmd... maybe I am totally wrong with my understanding of
how to make this package work?
I don't have any other configuration files, or any other services from the
package installed/running at the same time as snmptrapd daemon.
Thanks a lot and kind regards,
Ruth
Chris Fowler
2017-01-27 14:16:00 UTC
Permalink
I'm using vs 5.6.1.

The struggle for me debugging SNMPv3 traps to snmptrapd was that
snmptrapd wouid simply ignore v3 traps if the authentication was
wrong. This is fine and expected. It would not even behave as if it
had seen anything an log it. with tcpudmp I saw that I was receiving
the traps. Is there a config option I missed?

Chris
Post by Ruth Garzón
Hi,
I managed to have the right configuration. I was missing the EngineID in
snmptrapd.conf file.
I was not understanding exactly what is this for, and did not see it in my
device configuration which got me even more "confused".
A good thing I found in another thread was to debug properly. For that in
dumpPacket true
doDebugging 1
I found out the error was with the User not being properly registered and
found the missing part.
So in my snmptrapd.conf the correct line should look like this (with same
EngineID as the device sending the traps)
createUser -e xxxxxxxxxx TestSNMP
http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications
KR
Ruth
Post by Ruth Garzón
Hi!
First I have to say I have no experience with SNMP traps at all, but I
need to have some trap service receiving traps from a device and logging
them into our systems so we can monitor the device.
- Windows server 2012 R2 Standard
- I downloaded this package: net-snmp-5.7-1.win32.exe
I have a vendor MIB which I placed in C:\usr\share\snmp\mibs
I think that part is fine because I could run successfully commands like
C:\usr\bin>snmptranslate -IR -On trapAccessAuthFail
.1.3.6.1.4.1.23629.3.1.1.11
snmptrapd.exe -register -Lf 7 d:/LogFiles/snmptrap/snmptrapd.log 10.155.3.30
snmptrap -v 3 -c public -n "" -l noAuthNoPriv -u TestSNMP 10.155.3.30
uptime .1.3.6.1.4.1.23629.3.1.1.11
I have only configured the snmptrapd.conf file and place there options
createUser TestSNMP
authUser log TestSNMP noauth
format2 "%02.2h:%02.2j:%02.%k TRAP%W.%P from %A\n"
outputOption -Os
defSecuritylevel noAuthNoPriv
defSecurityName TestSNMP
mibs +SAFENET-LunaEFT-MIB
mibdirs C:/usr/share/snmp/mibs
defVersion 3
showMibErrors yes
logTimestamp no
dumpPacket true
The only way I can see something being logged in my log file is when I set
dumpPacket true
Received 131 byte packet from UDP: [10.155.3.30]:49272->[0.0.0.0]:0
0000: 30 81 80 02 01 03 30 0F 02 02 39 5F 02 03 00 FF
0.....0...9_...
0016: E3 04 01 00 02 01 03 04 29 30 27 04 11 80 00 1F
γ.......)0'.....
0032: 88 80 94 35 00 00 C1 11 82 58 00 00 00 00 02 01
..”5..Α.‚X......
0048: 01 02 01 00 04 08 54 65 73 74 53 4E 4D 50 04 00
......TestSNMP..
0064: 04 00 30 3F 04 11 80 00 1F 88 80 94 35 00 00 C1
..0?.......”5..Α
0080: 11 82 58 00 00 00 00 04 00 A7 28 02 02 35 95 02
.‚X......§(..5•.
0096: 01 00 02 01 00 30 1C 30 1A 06 0A 2B 06 01 06 03
.....0.0...+....
0112: 01 01 04 01 00 06 0C 2B 06 01 04 01 81 B8 4D 03
.......+.....ΈM.
0128: 01 01 0B ...
I am curious to know how can I log the trap information to have at the end
@timestamp=#<SNMP::TimeTicks:0x5fa65841 @value=59948346>, @varbind_list=[],
@specific_trap=1, @source_ip="10.155.3.30",
@agent_addr=#<SNMP::IpAddress:0x5b99c76d @value="\n\x9B\x03\x1E">,
@generic_trap=6>
I have been not successful so far with the man files for snmptrapd.conf,
snmpd.conf, snmpcmd... maybe I am totally wrong with my understanding of how
to make this package work?
I don't have any other configuration files, or any other services from the
package installed/running at the same time as snmptrapd daemon.
Thanks a lot and kind regards,
Ruth
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Loading...