{"id":9260,"date":"2023-05-30T22:02:45","date_gmt":"2023-05-30T20:02:45","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=9260"},"modified":"2024-07-23T23:01:14","modified_gmt":"2024-07-23T21:01:14","slug":"network-forwarding-snmp-traps-by-mail-with-snmptrapd-and-snmptt","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/network-forwarding-snmp-traps-by-mail-with-snmptrapd-and-snmptt\/","title":{"rendered":"Network: Forwarding SNMP Traps by mail with snmptrapd and snmptt"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_9260 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_9260')){$('.twoclick_social_bookmarks_post_9260').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Network%3A%20Forwarding%20SNMP%20Traps%20by%20mail%20with%20snmptrapd%20and%20snmptt\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Athis%20post%20describes%20a%20simply%20way%20to%20forward%20all%20traps%20by%20E-Mail%20received%20via%20SNMP.%0D%0A%0D%0AThis%20process%20is%20splited%20in%20several%20steps%0D%0A%0D%0A%20%20%20%20%20%20%20%20Receive%20the%20traps%20%3D%3E%20snmptrapd%0D%0A%0D%0A%09snmptrapd%20calls%20the%20trapshandler%20script%20after%20each%20received%20trap.%20The%20trap%20details%20are%20handed%20over%20to%20the%20script%20by%20STDIN%0D%0A%0D%0A%09The%20trap%20handler%20is%20%2Fusr%2Fsbin%2Fsnmptthandler.%20This%20script%20spools%20all%20traps%20to%20%2Fvar%2Fspool%2Fsn%20...\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/network-forwarding-snmp-traps-by-mail-with-snmptrapd-and-snmptt\\\/\",\"post_id\":9260,\"post_title_referrer_track\":\"Network%3A+Forwarding+SNMP+Traps+by+mail+with+snmptrapd+and+snmptt\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>this post describes a simply way to forward all traps by E-Mail received via SNMP.<\/p>\n<p>This process is splited in several steps<\/p>\n<ul>\n<li>Receive the traps => snmptrapd<\/li>\n<li>snmptrapd calls the trapshandler script after each received trap. The trap details are handed over to the script by STDIN<\/li>\n<li>The trap handler is \/usr\/sbin\/snmptthandler. This script spools all traps to \/var\/spool\/snmptt<\/li>\n<li>The snmptt gets the traps from the spool folder, translate them in a human readable format and calls a custum script defined by snmptt.conf<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<p>First of all setup a debian system and install all requiered packages.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # sudo su -\r\nroot@debdev ~ # apt install snmp snmptrapd snmptt libsnmp-perl\r\nroot@debdev ~ # apt update &amp;&amp; apt upgrade\r\n<\/pre>\n<p>Edit <strong>\/etc\/snmp\/snmptrapd.conf<\/strong>.<br \/>\nSet the community, udp port and the traphandler. Traphandler is the command snmptrapd passes its revceived traps by STDIN.<br \/>\n<code><br \/>\nauthcommunity log,execute,net MyCommunity<br \/>\nsnmpTrapdAddr udp:162<br \/>\ntraphandle default \/usr\/sbin\/snmptthandler<br \/>\n<\/code><br \/>\nFor snmptt snmptrapd output needs to be adjusted with an additional command line parameter: Copy the default systemd startup script and add the <a href=\"https:\/\/linux.die.net\/man\/1\/snmpcmd\" target=\"_blank\" rel=\"noopener\">-On<\/a> (Displays the OID numerically and symbolic) switch.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # cp \/usr\/lib\/systemd\/system\/snmptrapd.service \/etc\/systemd\/system\r\nroot@debdev ~ # vi \/etc\/systemd\/system\/snmptrapd.service\r\nroot@debdev ~ # systemctl daemon-reload\r\nroot@debdev ~ # systemctl enable snmptrapd\r\n<\/pre>\n<p><code><br \/>\n...<br \/>\nExecStart=\/usr\/sbin\/snmptrapd -LOw -Lf \/var\/log\/snmptrapd.log -On -f -p \/run\/snmptrapd.pid<br \/>\n...<br \/>\n<\/code><br \/>\nsnmptt converts the SNMP Traps into a readable string by its OIDs. To translate the OIDs into a string snmptt needs the related MIB files from the vendor and the standard (RFC) MIBs. A good starting point is the <a href=\"http:\/\/www.circitor.fr\/Mibs\/Mibs.php\" target=\"_blank\" rel=\"noopener\">circitor.fr<\/a> repository.<\/p>\n<p>Create a directory for additional mibs (default directory \/usr\/share\/snmp\/mibs and \/usr\/share\/snmp\/mibs\/iana)<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # mkdir -p \/var\/lib\/trapprocessing\/mibs\r\nroot@debdev ~ # chown -R michael \/var\/lib\/trapprocessing\/mibs\r\n<\/pre>\n<p>This script tries to download all.<br \/>\nGet the website. Extract all links.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # wget http:\/\/www.circitor.fr\/Mibs\/Mibs.php -O \/tmp\/circitor.fr.html\r\nmichael@debdev ~ # grep '&lt;a href=&quot;Html\/' \/tmp\/circitor.fr.html &gt; \/tmp\/circitor.fr_links_only.html\r\n<\/pre>\n<p>Build the whole URL list for all MIBs from an the downloaded html file (as of 31.05.2023)<br \/>\nReplace <strong>&lt;a href=&#8221;Html\/<\/strong> with <strong>https:\/\/www.circitor.fr\/Mibs\/Mib\/<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ #  sed -i -e's\/&lt;a href=&quot;Html\\\/\/https:\\\/\\\/www.circitor.fr\\\/Mibs\\\/Mib\\\/\/g' circitor.fr_links_only.html\r\n<\/pre>\n<p>Replace<strong> .php&#8221;&gt;[A-Za-z0-9-]+?&lt;\/a&gt;&lt;br&gt;<\/strong> with <strong>.mib<\/strong><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # sed -i -e's\/.php&quot;&gt;&#x5B;A-Za-z0-9-]\\+&lt;\\\/a&gt;&lt;br&gt;\/.mib\/g' circitor.fr_links_only.html\r\n<\/pre>\n<p>circitor.fr_links_only.html should now contains a list to all mibs<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # cat circitor.fr_links_only.html\r\n...\r\nhttps:\/\/www.circitor.fr\/Mibs\/Mib\/Z\/ZYXEL-SUBNET-BASED-VLAN-MIB.mib\r\nhttps:\/\/www.circitor.fr\/Mibs\/Mib\/Z\/ZYXEL-SYS-MEMORY-MIB.mib\r\nhttps:\/\/www.circitor.fr\/Mibs\/Mib\/Z\/ZYXEL-SYSLOG-MIB.mib\r\nhttps:\/\/www.circitor.fr\/Mibs\/Mib\/Z\/ZYXEL-SYSTEM-MGMT-MIB.mib\r\nhttps:\/\/www.circitor.fr\/Mibs\/Mib\/Z\/ZYXEL-SYSTEM-MIB.mib\r\n\r\n...\r\n<\/pre>\n<p>Download the whole list to \/var\/lib\/trapprocessing\/mibs<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # mkdir -p \/var\/lib\/trapprocessing\/mibs\r\nmichael@debdev ~ # wget -i circitor.fr_links_only.html -w 5 -P \/var\/lib\/trapprocessing\/mibs\r\n<\/pre>\n<p>Contact your hardware vendor for any device specific MIBs.<\/p>\n<p>Then set the path(es) and tell snmp backend to use all mibs. If you have MIBs in other pathes append it to the list.<\/p>\n<p>Edit \/etc\/snmp\/snmp.conf<br \/>\n<code><br \/>\nmibs +ALL<br \/>\nprintNumericOids 1<br \/>\nmibdirs \/var\/lib\/trapprocessing\/mibs:\/usr\/share\/snmp\/mibs:\/usr\/share\/snmp\/mibs\/iana:\/usr\/share\/snmp\/mibs\/ietf<br \/>\n<\/code><\/p>\n<p>Then define a simple script  snmptt calls after the conversion. This script can be modified to send mail etc.. later. <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # vi \/var\/lib\/trapprocessing\/trapprocessing.sh\r\n<\/pre>\n<p>The file \/var\/lib\/trapprocessing\/trapprocessing.sh simply appends all received traps to a file<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n#!\/bin\/bash\r\necho ########################################################################## &gt;&gt; \/tmp\/vars.txt\r\necho $@ &gt;&gt; \/tmp\/traps.txt\r\n<\/pre>\n<p>Now adjust the snmptt ini file <strong>\/etc\/snmp\/snmptt.ini<\/strong>. At least:<br \/>\n<code><br \/>\nmibs_environment = ALL<br \/>\nnet_snmp_perl_enable = 1<br \/>\nunknown_trap_log_enable = 1<br \/>\nduplicate_trap_window = 300<br \/>\n<\/code><\/p>\n<p>If you want to use snmptt in daemon mode and want to receive traps by snmptthandler then <strong>mode = daemon <\/strong>in snmptt ini must be set.<br \/>\n<code><br \/>\nmode = daemon<br \/>\n<\/code><\/p>\n<p>Enable unknown_trap_log_enable  so that missing MIB can be indentified otherwise the unknown traps will be dropped. duplicate_trap_window is also meaningful It groups same traps (recognized by a MD5 Hash) and send only 1one of the in the duplicate_trap_window (in seconds) time range.<\/p>\n<p>From the MIB files (downloaded and the ones delivered with debian) create a snmptt.conf file.<br \/>\nThe file is required from translating OID into a message and to define a script (here \/var\/lib\/trapprocessing\/trapprocessing.sh)  which is called after the translation.<br \/>\nThe properties send top the script can be set by $xx variables. See the whole list <a href=\"http:\/\/www.snmptt.org\/docs\/temp\/snmptt.shtml#SNMPTT.CONF-FORMAT\" rel=\"noopener\" target=\"_blank\">here<\/a>.<br \/>\nIf you call snmpttconvertmib multiple times it always appends to \/etc\/snmp\/snmptt.conf. So if you want to create a new one you have to delete it before.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # mv \/etc\/snmp\/snmptt.conf \/etc\/snmp\/snmptt.conf.org\r\nroot@debdev ~ # find -name \/var\/lib\/trapprocessing\/mibs -name \/usr\/share\/snmp\/mibs -name \/usr\/share\/snmp\/mibs\/iana  -exec snmpttconvertmib --in {} --out=\/etc\/snmp\/snmptt.conf --net_snmp_perl --exec '\/var\/lib\/trapprocessing\/trapprocessing.sh $x $X $r $ar $D $C $s $O $o $E $e' \\;\r\n<\/pre>\n<p>Then enable the snmptt daemom<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # systemctl enable snmptt\r\n<\/pre>\n<p>Test<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # snmptrap -v 2c -c MGMTRD3 127.0.0.1 .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.6.3.1.1.5.3 ifIndex i 2 ifAdminStatus i 1 ifOperStatus i 2\r\n<\/pre>\n<p>Logfiles Throubleshooting<\/p>\n<p>snmptrapd ->  \/var\/log\/snmptrapd.log<br \/>\nsnmptt -> \/var\/log\/snmptt\/snmptt.log   and \/var\/log\/snmptt\/snmpttunknown.log<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, this post describes a simply way to forward all traps by E-Mail received via SNMP. This process is splited in several steps Receive the traps => snmptrapd snmptrapd calls the trapshandler script after each received trap. The trap details are handed over to the script by STDIN The trap handler is \/usr\/sbin\/snmptthandler. This script &hellip; <a href=\"https:\/\/michlstechblog.info\/blog\/network-forwarding-snmp-traps-by-mail-with-snmptrapd-and-snmptt\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Network: Forwarding SNMP Traps by mail with snmptrapd and snmptt<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,754],"tags":[1446,224,1022,1968,1969],"class_list":["post-9260","post","type-post","status-publish","format-standard","hentry","category-linux","category-network","tag-forward","tag-linux-2","tag-mail","tag-snmp","tag-traps"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=9260"}],"version-history":[{"count":44,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9260\/revisions"}],"predecessor-version":[{"id":9309,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9260\/revisions\/9309"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=9260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=9260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=9260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}