Configure SNMP Traps
Video Lecture
Description
Receiving SNMP traps is the opposite of querying SNMP devices.
Information is sent from an SNMP device to an SNMP Trap Daemon, and is collected or "trapped" by Zabbix server or Zabbix proxy.
Zabbix Server or Proxy Configuration
For SNMP Traps to work, you need to configure some settings for either the Zabbix Server or Zabbix Proxy.
Open zabbix_server.conf or zabbix_proxy.conf (if using the Zabbix proxy)
And add/edit,
SNMPTrapperFile=/tmp/zabbix_traps.tmp
StartSNMPTrapper=1
Restart the Zabbix Server/Proxy
sudo service zabbix-proxy restart
Download the Zabbix Trap Receiver
Download zabbix_trap_receiver.pl
sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl
The above command will save it to the /usr/bin/ folder
Now give it execute permissions,
sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl
Install and Configure snmptrapd
snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages.
Ubuntu, Raspbian, Debian
sudo apt install snmp snmp-mibs-downloader snmptrapd
Centos
yum install -y net-snmp-utils net-snmp-perl net-snmp
Note
On CentOS 8, you may get the error that the perl snmp libs cannot be found. You can download the rpm first from rpm -ivh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm and then try again.
Edit the SNMP Trap daemon configuration,
sudo nano /etc/snmp/snmptrapd.conf
and add the text below, replacing public with your actual SNMP community name if it is not public.
authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";
Optionally, you can also enable MIBs descriptions in the SNMP trap messages if you have installed snmp-mibs-downloader from earlier onto the same server where snmptrapd is running.
sudo nano /etc/snmp/snmp.conf
Comment out the line
mibs :
to be
#mibs :
Save, restart and check its status
sudo service snmptrapd restart
sudo service snmptrapd status
Example Configure Traps on Cisco Switch
I demonstrate configuring my Cisco switch to send SNMP traps to the server with snmptrapd listening.
Zabbix proxy is also running on the same server as the SNMP Trapper, and will read updates from the /tmp/zabbix_traps.tmp file and forward them onto the Zabbix server into the SNMP trapper items for the particular host configuration.
The commands below are for my settings. You will need to modify yours depending on the documentation of your SNMP device, and also use the IP address and community of the snmptrapd that you want to send to.
Telnet to SNMP device.
telnet 192.168.1.2
Enter passwords when required.
Switch>enable
Switch#configure terminal
Switch(config)#snmp-server enable traps
Switch(config)#snmp-server host 192.168.1.109 version 2c mycommunity
Switch(config)#exit
Switch#copy run start
Switch#disable
Switch>show snmp
Switch>exit
Troubleshooting
The SNMP device, will send a snmptrap to the IP address configured. That IP should have the snmptrapd process running on it. It will be listening on port 162 by default. The firewall should not be blocking the SNMP device from sending to it on that port on that host. When the snmptrapd process receives a new trap message, it passes it to the zabbix_trap_receiver.pl script, which will reformats it, and save it into the /tmp/zabbix_traps.tmp folder. The Zabbix proxy or server, will then read the updates from that file, and if the IP address or hostname matches a configured host inside Zabbix, then it will by default appear in the hosts snmptrap.fallback item on the Zabbix server.
The host configuration on the Zabbix server should be configured with an SNMP interface and 1 or more snmptrap items.
If your custom MIBs are not working and the snmptrapd is still showing the OID numbers. Place your custom MIB files into one of the MIB search paths. To see the search paths type net-snmp-config --default-mibdirs. Also comment out the mib : line in /etc/snmp/snmp.conf to look like #mib :
And then restart snmptrapd.
sudo service snmptrapd restart
If when running zabbix_trap_receiver.pl, you get an error that Perl is not installed,
On Ubuntu
apt-get install perl libxml-simple-perl libsnmp-perl
On CentOS
yum install "perl(SNMP)" "perl(XML::Simple)"
Useful Links
Start with SNMP traps in Zabbix
Cisco IOS SNMP Traps Configuration