Re: [net-snmp] How to log traps using snmptrad daemon

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I managed to have the right configuration. I was missing the EngineID in
snmptrapd.conf file.
I was not understanding exactly what is this for, and did not see it in my
device configuration which got me even more "confused".

A good thing I found in another thread was to debug properly. For that in
snmp.conf:

dumpPacket true
doDebugging 1

I found out the error was with the User not being properly registered and
found the missing part.
So in my snmptrapd.conf the correct line should look like this (with same
EngineID as the device sending the traps)

createUser -e xxxxxxxxxx TestSNMP

This also helped me:
http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications

KR
Ruth

On Fri, Jan 20, 2017 at 2:55 PM, Ruth Garzón <ab...@gm...> wrote:

> Hi!
>
> First I have to say I have no experience with SNMP traps at all, but I
> need to have some trap service receiving traps from a device and logging
> them into our systems so we can monitor the device.
>
> I have the following installed:
> - Windows server 2012 R2 Standard
> - I downloaded this package: net-snmp-5.7-1.win32.exe
>
> I have a vendor MIB which I placed in C:\usr\share\snmp\mibs
> I think that part is fine because I could run successfully commands like
> this which return the proper OID:
> C:\usr\bin>snmptranslate -IR -On trapAccessAuthFail
> .1.3.6.1.4.1.23629.3.1.1.11
>
> I have registered snmptrad trap receiver with this command:
> snmptrapd.exe -register -Lf 7 d:/LogFiles/snmptrap/snmptrapd.log
> 10.155.3.30
>
> I am trying to test to log some trap by using this example:
> snmptrap -v 3 -c public -n "" -l noAuthNoPriv -u TestSNMP 10.155.3.30
> uptime .1.3.6.1.4.1.23629.3.1.1.11
>
>
> I have only configured the snmptrapd.conf file and place there options
> like this:
> createUser TestSNMP
> authUser log TestSNMP noauth
> format2 "%02.2h:%02.2j:%02.%k TRAP%W.%P from %A\n"
> outputOption -Os
>
> And my snmp.conf like this:
> defSecuritylevel noAuthNoPriv
> defSecurityName TestSNMP
> mibs +SAFENET-LunaEFT-MIB
> mibdirs C:/usr/share/snmp/mibs
> defVersion 3
> showMibErrors yes
> logTimestamp no
> dumpPacket true
>
> The only way I can see something being logged in my log file is when I set
> this:
> dumpPacket true
>
> And I think this output in my logs with the dump enabled is correct:
> Received 131 byte packet from UDP: [10.155.3.30]:49272->[0.0.0.0]:0
> 0000: 30 81 80 02  01 03 30 0F  02 02 39 5F  02 03 00 FF
> 0.....0...9_...
> 0016: E3 04 01 00  02 01 03 04  29 30 27 04  11 80 00 1F
> γ.......)0'.....
> 0032: 88 80 94 35  00 00 C1 11  82 58 00 00  00 00 02 01
> ..”5..Α.‚X......
> 0048: 01 02 01 00  04 08 54 65  73 74 53 4E  4D 50 04 00
> ......TestSNMP..
> 0064: 04 00 30 3F  04 11 80 00  1F 88 80 94  35 00 00 C1
> ..0?.......”5..Α
> 0080: 11 82 58 00  00 00 00 04  00 A7 28 02  02 35 95 02
> .‚X......§(..5•.
> 0096: 01 00 02 01  00 30 1C 30  1A 06 0A 2B  06 01 06 03
> .....0.0...+....
> 0112: 01 01 04 01  00 06 0C 2B  06 01 04 01  81 B8 4D 03
> .......+.....ΈM.
> 0128: 01 01 0B                                              ...
>
> I am curious to know how can I log the trap information to have at the end
> something like this or at least not Hex info like above:
> #<SNMP::SNMPv1_Trap:0x5161ac1d @enterprise=[1.3.6.1.4.1.2854],
> @timestamp=#<SNMP::TimeTicks:0x5fa65841 @value=59948346>,
> @varbind_list=[], @specific_trap=1, @source_ip="10.155.3.30",
> @agent_addr=#<SNMP::IpAddress:0x5b99c76d @value="\n\x9B\x03\x1E">,
> @generic_trap=6>
>
>
> I have been not successful so far with the man files for snmptrapd.conf,
> snmpd.conf, snmpcmd... maybe I am totally wrong with my understanding of
> how to make this package work?
>
> I don't have any other configuration files, or any other services from the
> package installed/running at the same time as snmptrapd daemon.
>
> Thanks a lot and kind regards,
> Ruth
>
>
>
>