#2610 snmptrapd logOption upper case F not logging to file
snmptrapd --version
NET-SNMP Version: 5.5
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net
CentOS 6.5
Linux snmpreceiver.box293.local 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Using snmptrapd.conf, when logging to file, using the upper case option to specify the prioritiy, nothing is logged to the file.
First, to prove it works with the lowercase option:
logOption f /var/log/snmptrapd.log
service restart snmptrapd
Then I send a trap which logs the following:
NET-SNMP version 5.5
2015-03-31 11:09:44 snmpsender.box293.local [UDP: [10.25.5.20]:46671->[10.25.5.30]]:
.1.3.6.1.2.1.1.3.0 = Timeticks: (825880) 2:17:38.80 .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.8072.2.3.0.1 .1.3.6.1.4.1.8072.2.3.2.1 = INTEGER: 123456
So I have confirmed that using the lowercase option, I have logged it into the file.
Using the uppercase option:
logOption F 0-7 /var/log/snmptrapd.log
service restart snmptrapd
the log file log records the following (from the previous lower case option)
2015-03-31 11:11:36 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
But the log file is not truncated and no longer records anything.
So I send a test trap and nothing is logged.
I've also tried
logOption F 0 /var/log/snmptrapd.log
or
logOption F 7 /var/log/snmptrapd.log
But nothing is ever logged. There are no errors reported when restarting the service.
I've also tried using the syslog facility however I don't notice any difference between what is logged normally and what is logged when I define the priorities.
So in /etc/rsyslog.conf I have defined
*.info;mail.none;authpriv.none;cron.none;daemon.debug /var/log/messages
First a test trap with no logging options defined in snmptrapd.conf
Mar 31 11:20:48 snmpreceiver snmptrapd[7429]: 2015-03-31 11:20:48 snmpsender.box293.local [UDP: [10.25.5.20]:46608->[10.25.5.30]]:#012.1.3.6.1.2.1.1.3.0 = Timeticks: (892275) 2:28:42.75#011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.8072.2.3.0.1#011.1.3.6.1.4.1.8072.2.3.2.1 = INTEGER: 123456
Then in snmptrapd.conf:
logOption S 0-7 d
service restart snmptrapd
Exact same message is logged:
Mar 31 11:21:39 snmpreceiver snmptrapd[7668]: 2015-03-31 11:21:39 snmpsender.box293.local [UDP: [10.25.5.20]:49619->[10.25.5.30]]:#012.1.3.6.1.2.1.1.3.0 = Timeticks: (897393) 2:29:33.93#011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.8072.2.3.0.1#011.1.3.6.1.4.1.8072.2.3.2.1 = INTEGER: 123456
So I can't see the difference of logging when adding the option.
With either logging option (file or syslog), I beleive that as per the documentation, only LOG_NOTICE messages are logged as per:
http://www.net-snmp.org/docs/man/snmpcmd.html
"Normal output is (or will be!) logged at a priority level of LOG_NOTICE"
Could you please try the attached patch?
Thanks for the patch. I'm a bit of a newbie but I appear to have it applied correctly.
However I'm having basic issues getting it to work now, the patch no longer recognises the logOption setting in the snmptrapd.conf file.
I ran up a clean CentOS 6.5 system to test it on.
Linux localhost.localdomain 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Applied the patch, did the compile, install etc.
snmptrapd --version
NET-SNMP Version: 5.7.3
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net
I'm used to running snmptrapd from an init script however one didn't exist.
So I have been starting it with:
snmptrapd -p /var/run/snmptrapd.pid
And I see the following in /var/log/messages
Apr 16 13:36:00 localhost snmptrapd[1968]: Warning: no access control information configured.#012 (Config search path: /usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/root/.snmp)#012This receiver will NOT accept any incoming notifications.
Apr 16 13:36:00 localhost snmptrapd[1969]: NET-SNMP version 5.7.3
So I kill the process.
I create the file /usr/local/etc/snmp/snmptrapd.conf which has only one line:
disableAuthorization yes
Then I start it
snmptrapd -p /var/run/snmptrapd.pid
And I see the following in /var/log/messages
Apr 16 13:38:47 localhost snmptrapd[1975]: NET-SNMP version 5.7.3
Great, so it's starting OK and reading the config file.
So I kill the process.
Next I add in the known working logging option to /usr/local/etc/snmp/snmptrapd.conf
logOption f /var/log/snmptrapd.log
Then I start it
snmptrapd -p /var/run/snmptrapd.pid
And I see the following in /var/log/messages
Apr 16 13:40:41 localhost snmptrapd[1995]: /usr/local/etc/snmp/snmptrapd.conf: line 2: Warning: Unknown token: logOption.
Apr 16 13:40:41 localhost snmptrapd[1996]: NET-SNMP version 5.7.3
So I kill the process.
Next I remove the logOption line from /usr/local/etc/snmp/snmptrapd.conf
Then I start it like this:
snmptrapd -p /var/run/snmptrapd.pid -Lf /var/log/snmptrapd.log
It is now logging to /var/log/snmptrapd.log instead of /var/log/messages
So I kill the process.
Then I start it like this:
snmptrapd -p /var/run/snmptrapd.pid -LF d /var/log/snmptrapd.log
It is now logging to /var/log/snmptrapd.log instead of /var/log/messages
And yes, traps are being logged in /var/log/snmptrapd.log
On that note, I can confirm that only d,i,7,6 produce any output in the logs. All other priorities do nothing.
Also "-LF 0-7" works, but to do "-LF !-d" it needs to be done as "-LF !-d" otherwise bash errors with "-bash: !-d: event not found"
Summary:
The patch no longer recognises the logOption setting in the snmptrapd.conf file. My original test system on CentOS 6.5 used NET-SNMP version 5.5 and this previously worked.
I noticed in my previous response a character was removed.
it needs to be done as "-LF !-d"
there should be a back slash before the !
"-LF back_slash!-d"
I have applied the patch.
The logOption directive is not meant to go into snmpdtrapd.conf or snmpd.conf, but snmp.conf. If you put in the other conf files you must indicate that it is a snmp.conf directive by using
[snmp] logOption ...
quote:
The logOption directive is not meant to go into snmpdtrapd.conf or snmpd.conf, but snmp.conf.
I disagree as this is not what the snmptrapd.conf documentation states.
http://www.net-snmp.org/docs/man/snmptrapd.conf.html
LOGGING
logOption string
specifies where notifications should be logged - to standard output, standard error, a specified file or via syslog. See the section LOGGING OPTIONS in the snmpcmd(1) manual page for details.
Note: it works in CentOS 6.5 using the built in NET-SNMP version 5.5
Last edit: Box293 2015-04-16
Just to be clear, I tried
in the file /etc/snmp/snmptrapd.conf. I restarted the snmptrapd service (daemon) with the command
systemctl restart snmptrapdfollowed bysystemctl status snmptrapdto verify that the service started and I didn't make any stupid mistaeks. Then, to test it, I used the commandsnmpinform -v 2c -m ALL -c public 2601:602:8500:1b2:5a74:16a3:770f:40ce 800 coldStart.0where
2601:602:8500:1b2:5a74:16a3:770f:40ceis my own IPv6 address. I could have usedsnmpinform -v 2c -m ALL -c public 127.0.0.1 856 coldStart.0andsnmpinform -v 2c -m ALL -c public 192.168.1.149 863 coldStart.0I would consider this a problem with the documentation. It is not clear from the documentation that the [snmp] is required.
Last edit: Jeff Silverman 2021-01-11