Setup SNMP Traps

Video Lecture

Setup SNMP Traps Setup SNMP Traps

Description

Receiving SNMP traps is the opposite of querying SNMP devices.

Information is sent from an SNMP device and is collected or "trapped" by Zabbix.

Firewall Settings

SNMP Traps are sent to the server on port 162 (as opposed to port 161 on the agent side that is used for queries).

So port 162 will need to be allowed on the Zabbix Server or Proxy, which ever will receive the SNMP traps.

Ubuntu, Raspbian, Debian

1
2
iptables -A INPUT -p udp --dport 162 -j ACCEPT
sudo service iptables restart

Centos

1
2
firewall-cmd --add-port=162/udp --permanent
firewall-cmd --reload

Zabbix Server or Proxy Configuration

For SNMP Traps to work, you need to configure some settings for either the Zabbix Server, or Zabbix Proxy.

Open zabbix_server.conf or zabbix_proxy.conf

And add/edit,

1
2
SNMPTrapperFile=/tmp/zabbix_traps.tmp
StartSNMPTrapper=1

Restart the Zabbix Server or Proxy

1
sudo service zabbix-proxy restart

Download the Zabbix Trap Receiver

Download zabbix_trap_receiver.pl

1
sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl

The above command will save it to the /usr/bin/ folder

Now give it execute permissions,

1
sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl

Install and Configure snmptrapd

snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages.

Ubuntu, Raspbian, Debian

1
sudo apt install snmp, snmp-mibs-downloader, snmptrapd

Centos

1
yum install -y net-snmp-utils net-snmp-perl net-snmp

Note

On CentOS 8, you may get the error that the perl snmp libs cannot be found. You can download the rpm first from rpm -ivh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm and then try again.

Edit its configuration,

1
sudo nano /etc/snmp/snmptrapd.conf

and add the text below, replacing public with your actual SNMP community name if it is not public.

1
2
authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";

Save, restart and check its status

1
2
sudo service snmptrapd restart
sudo service snmptrapd status

Test an Example SNMPTRAP

In my examples below, 192.168.1.70 is the ip address of the server with the SNMP Trap Daemon running on it. Any SNMP host that can access this ip address, can send an snmptrap message if it also has snmp installed.

1
2
3
4
5
6
7
#version 1
snmptrap -v1 -cmycommunity 192.168.1.70 .1.3.6.1.6.3.1.1.5.3 '0.0.0.0' 6 1 '' .1.3.6.1.6.3.1.1.5.3 s "link down example v1"
snmptrap -v1 -cmycommunity 192.168.1.70 SNMPv2-MIB::sysLocation.0 '0.0.0.0' 6 17 '' SNMPv2-MIB::sysLocation.0 s "I am here v1"

#version 2c
snmptrap -v2c -cmycommunity 192.168.1.70 '' .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.6.3.1.1.5.3 s "link down example v2c"
snmptrap -v2c -cmycommunity 192.168.1.70 '' SNMPv2-MIB::sysLocation.0 SNMPv2-MIB::sysLocation.0 s "I am here v2c"

Example Configure Traps on Cisco Switch

I demonstrate configuring my Cisco switch to send snmp traps to the server with snmptrapd listening. Zabbix proxy is also running on the same server, and will forward the messages onto the Zabbix server where the host is configured.

The commands below are for my settings. You will need to modify yours depending on the documentation of your SNMP device, and also use the IP address and community of the snmptrapd that you want to send to.

Telnet to SNMP device.

1
telnet 192.168.1.1

Enter passwords when required.

1
2
3
4
5
6
7
8
9
Switch>enable
Switch#configure terminal 
Switch(config)#snmp-server enable traps
Switch(config)#snmp-server host 192.168.1.70 version 2c mycommunity
Switch(config)#exit
Switch#copy run start
Switch#disable
Switch>show snmp
Switch>exit

Troubleshooting

The SNMP device, will send a snmptrap to the IP address configured. That IP should have the snmptrapd process running on it. It will be listening on port 162 by default. The firewall should not be blocking the snmp device from sending to it on that port. When the snmptrapd process receives a new trap message, it passes it to the zabbix_trap_receiver.pl script, which will reformat it, and save it into the folder. The zabbix proxy or server, will read it from that folder, and if the ip address or hostname matches a configured host than it will by default appear in the hosts snmp trap fallback item on the Zabbix server.

The host configuration on the Zabbix server should be configured with an SNMP interface and 1 or more snmptrap items.

If your custom mibs are not working and the snmptrapd is still showing the OID numbers. Place your custom mib files into one of the MIB search paths. To see the search paths type net-snmp-config --default-mibdirs. Also comment out the mib : line in /etc/snmp/snmp.conf to look like #mib : And then restart snmptrapd. sudo service snmptrapd restart

If when running zabbix_trap_receiver.pl, you get an error that perl is not installed,

On Ubuntu

1
apt-get install perl libxml-simple-perl libsnmp-perl

On Centos

1
yum install "perl(SNMP)" "perl(XML::Simple)"

zabbix_trap_receiver.pl

Start with SNMP traps in Zabbix

Cisco IOS SNMP Traps Configuration

Net-SNMP Tutorial -- traps