Setup SNMP Traps
Video Lecture
Description
Receiving SNMP traps is the opposite of querying SNMP devices.
Information is sent from an SNMP device and is collected or "trapped" by Zabbix.
Firewall Settings
SNMP Traps are sent to the server on port 162 (as opposed to port 161 on the agent side that is used for queries).
So port 162 will need to be allowed on the Zabbix Server or Proxy, which ever will receive the SNMP traps.
Ubuntu, Raspbian, Debian
1 2 | iptables -A INPUT -p udp --dport 162 -j ACCEPT
sudo service iptables restart
|
Centos
1 2 | firewall-cmd --add-port=162/udp --permanent firewall-cmd --reload |
Zabbix Server or Proxy Configuration
For SNMP Traps to work, you need to configure some settings for either the Zabbix Server, or Zabbix Proxy.
Open zabbix_server.conf or zabbix_proxy.conf
And add/edit,
1 2 | SNMPTrapperFile=/tmp/zabbix_traps.tmp StartSNMPTrapper=1 |
Restart the Zabbix Server or Proxy
1 | sudo service zabbix-proxy restart |
Download the Zabbix Trap Receiver
Download zabbix_trap_receiver.pl
1 | sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl |
The above command will save it to the /usr/bin/ folder
Now give it execute permissions,
1 | sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl |
Install and Configure snmptrapd
snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages.
Ubuntu, Raspbian, Debian
1 | sudo apt install snmp, snmp-mibs-downloader, snmptrapd |
Centos
1 | yum install -y net-snmp-utils net-snmp-perl net-snmp |
Note
On CentOS 8, you may get the error that the perl snmp libs cannot be found. You can download the rpm first from rpm -ivh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm
and then try again.
Edit its configuration,
1 | sudo nano /etc/snmp/snmptrapd.conf |
and add the text below, replacing public with your actual SNMP community name if it is not public.
1 2 | authCommunity execute public perl do "/usr/bin/zabbix_trap_receiver.pl"; |
Save, restart and check its status
1 2 | sudo service snmptrapd restart sudo service snmptrapd status |
Test an Example SNMPTRAP
In my examples below, 192.168.1.70 is the ip address of the server with the SNMP Trap Daemon running on it. Any SNMP host that can access this ip address, can send an snmptrap message if it also has snmp installed.
1 2 3 4 5 6 7 | #version 1 snmptrap -v1 -cmycommunity 192.168.1.70 .1.3.6.1.6.3.1.1.5.3 '0.0.0.0' 6 1 '' .1.3.6.1.6.3.1.1.5.3 s "link down example v1" snmptrap -v1 -cmycommunity 192.168.1.70 SNMPv2-MIB::sysLocation.0 '0.0.0.0' 6 17 '' SNMPv2-MIB::sysLocation.0 s "I am here v1" #version 2c snmptrap -v2c -cmycommunity 192.168.1.70 '' .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.6.3.1.1.5.3 s "link down example v2c" snmptrap -v2c -cmycommunity 192.168.1.70 '' SNMPv2-MIB::sysLocation.0 SNMPv2-MIB::sysLocation.0 s "I am here v2c" |
Example Configure Traps on Cisco Switch
I demonstrate configuring my Cisco switch to send snmp traps to the server with snmptrapd listening. Zabbix proxy is also running on the same server, and will forward the messages onto the Zabbix server where the host is configured.
The commands below are for my settings. You will need to modify yours depending on the documentation of your SNMP device, and also use the IP address and community of the snmptrapd that you want to send to.
Telnet to SNMP device.
1 | telnet 192.168.1.1
|
Enter passwords when required.
1 2 3 4 5 6 7 8 9 | Switch>enable Switch#configure terminal Switch(config)#snmp-server enable traps Switch(config)#snmp-server host 192.168.1.70 version 2c mycommunity Switch(config)#exit Switch#copy run start Switch#disable Switch>show snmp Switch>exit |
Troubleshooting
The SNMP device, will send a snmptrap to the IP address configured. That IP should have the snmptrapd process running on it. It will be listening on port 162 by default. The firewall should not be blocking the snmp device from sending to it on that port. When the snmptrapd process receives a new trap message, it passes it to the zabbix_trap_receiver.pl script, which will reformat it, and save it into the folder. The zabbix proxy or server, will read it from that folder, and if the ip address or hostname matches a configured host than it will by default appear in the hosts snmp trap fallback item on the Zabbix server.
The host configuration on the Zabbix server should be configured with an SNMP interface and 1 or more snmptrap items.
If your custom mibs are not working and the snmptrapd is still showing the OID numbers. Place your custom mib files into one of the MIB search paths. To see the search paths type net-snmp-config --default-mibdirs
. Also comment out the mib :
line in /etc/snmp/snmp.conf
to look like #mib :
And then restart snmptrapd. sudo service snmptrapd restart
If when running zabbix_trap_receiver.pl, you get an error that perl is not installed,
On Ubuntu
1 | apt-get install perl libxml-simple-perl libsnmp-perl |
On Centos
1 | yum install "perl(SNMP)" "perl(XML::Simple)" |
Useful Links
Start with SNMP traps in Zabbix