What Is The Service Name For Snmp Trap?
SNMP Trap - snmptrapd Service
Commodity Number: 88 | Rating: iii/5 from six votes | Terminal Updated past rspielman on Wed, Jan 13, 2021 at iv:41 PM
snmptrapd Service
The snmptrapd service is what receives an SNMP Trap from the networking stack and then places information technology into a spool directory for the snmptt service to process.
These steps help confirm that the snmptrapd service is working correctly. Earlier proceeding you would have followed the other troubleshooting manufactures "Inbound UDP Traffic" and "Firewall Rules".
Editing Files
In many steps of this commodity you will be required to edit files. This documentation will use the vi text editor. When using the half dozen
editor:
- To make changes press i on the keyboard beginning to enter insert mode
- Press Esc to leave insert way
- When you have finished, relieve the changes in vi by typing :wq and press Enter
Is The snmptrapd Service Running?
Establish an SSH session to the Nagios server that is receiving SNMP Traps and execute the command for your operating organisation (OS):
RHEL seven+ | CentOS 7+ | Oracle Linux seven+ | Debian | Ubuntu sixteen/18/20
systemctl status snmptrapd.service
If snmptrapd is running, it should produce output similar:
snmptrapd (pid 11612) is running...
If snmptrapd is Non running, it will produce output similar:
snmptrapd is stopped
If the snmptrapd service is Non running, this means that spooled SNMP Traps volition not exist rejected. To ENABLE snmptrapd on boot and to first it, execute the post-obit commands depending on your Bone:
RHEL 7+ | CentOS vii+ | Oracle Linux seven+ | Debian | Ubuntu sixteen/eighteen/twenty
systemctl enable snmptrapd.service
systemctl start snmptrapd.service
If snmptrapd is NOT installed, it will produce output like:
snmptrapd: unrecognized service
If you find that snmptrapd is not installed, you lot need to follow the guide "How to Integrate SNMP Traps With Nagios XI".
Also, yous should confirm that the snmptt service is installed, if information technology is non so the snmptrapd service is going to have problems. Execute the command for your operating system (Bone):
RHEL 7+ | CentOS vii+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/twenty
systemctl status snmptt.service
If snmptt is running, it should produce output like:
snmptt (pid 11612) is running...
If snmptt is Not running, information technology volition produce output similar:
snmptt is stopped
If you find that snmptt is not installed, you need to follow the guide "How to Integrate SNMP Traps With Nagios Xi".
Restart snmptrapd Service
Steps below volition require you to restart the snmptrapd service, the commands for your OS are as follows:
RHEL seven+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu sixteen/18/twenty
systemctl restart snmptrapd.service
Finish snmptrapd Service
Steps beneath will require you to stop the snmptrapd service, the commands for your Bone are as follows:
RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/xviii/twenty
systemctl stop snmptrapd.service
Confirm Traps Are Spooled
When SNMP Traps are working correctly they are placed into the spool folder by snmptrapd and almost instantly snmptt processes the spooled trap and and then deletes it. In the following steps, we are going to stop the snmptt service so it does not process the trap. This lets you ostend that the received traps are really being spooled.
To stop the snmptt service execute the command for your operating arrangement (OS):
RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/eighteen/20
systemctl stop snmptt.service
Which should produce the output similar:
Stopping snmptt: [ OK ]
Next, from the device that sends SNMP Traps, get it to transport through a trap.
In one case received, it will be created equally a file in /var/spool/snmptt/
To see if the file exists blazon the following control:
ls -al /var/spool/snmptt/
Which should show a directory listing of the spooled traps, for example they are named:
-rw-r--r-- 1 root root 395 Mar 25 11:43 #snmptt-trap-1427244215674243
Y'all can view the contents of the trap with the following control:
cat /var/spool/snmptt/#snmptt-trap-1427244215674243
Which should output something like:
1427244215
snmpsender.domain.local
UDP: [10.25.5.twenty]:50655->[x.25.v.30]
DISMAN-Event-MIB::sysUpTimeInstance 0:one:10:08.85
SNMPv2-MIB::snmpTrapOID.0 SNMPv2-SMI::enterprises.20006.one.7
SNMPv2-SMI::enterprises.20006.i.3.i.2 "CentOS"
SNMPv2-SMI::enterprises.20006.1.3.1.6 "Users"
SNMPv2-SMI::enterprises.20006.one.three.ane.7 0
SNMPv2-SMI::enterprises.20006.1.three.1.17 "USERS OK - 0 users currently logged in"
The start line is the number 1427244215, this is the time stamp of when the trap was received (epoch value).
Files Created in /var/spool/snmptt/
If you are seeing files being created in the directory /var/spool/snmptt/, then this confirms that snmptrap is correctly working.
Files Not beingness created in /var/spool/snmptt/
If you are NOT seeing files being created in the directory /var/spool/snmptt/, then at that place may be a permissions issue. To check the permissions execute the command:
ls -dl /var/spool/snmptt/
Which should show the permissions as follows:
drwxrwxr-x 2 snmptt snmptt 4096 Mar 25 11:51 /var/spool/snmptt/
If the permissions and owner are not correct so execute these commands:
chown snmptt:snmptt /var/spool/snmptt/
chmod u+rwx,yard+rwx,o+rx /var/spool/snmptt/
And so confirm the permissions are now correct:
ls -dl /var/spool/snmptt/
One time you have washed this, from the device that sends SNMP Traps, get information technology to ship through a trap. Then confirm it is created as a file in /var/spool/snmptt/.
If you lot are all the same Non seeing files being created in the directory /var/spool/snmptt/, so there may be an issue with the snmptrapd configuration. To see the configuration execute the following command:
cat /etc/snmp/snmptrapd.conf
This shows the snmptrapd configuration file. This is a very basic file and should look similar this:
disableAuthorization yes
traphandle default /usr/sbin/snmptthandler
If your snmptrapd.conf is unlike, please right information technology (using an editor like "vi") and so restart the snmptrapd service.
You should too ostend that the following file exists and is at least version 1.2 past executing the following command:
/usr/sbin/snmptthandler --version
Which would produce this output:
SNMPTTHANDLER v1.2
(c) 2002-2007 Alex Burger
If y'all are still non receiving SNMP traps in the snmptt spool directory, please confirm the spool directory setting used past executing the following control:
grep spool_directory /etc/snmp/snmptt.ini
Which should produce this output:
spool_directory = /var/spool/snmptt/
Delight confirm this directory exists AND the permissions are correct (covered in an before section in this article).
Another problem which tin delay SNMP traps arriving in the snmptt spool directory can be acquired by slow DNS lookups.
In some implementations it has been observed that it took four hours from when the UDP traffic was observed hitting the Nagios server to when the trap file was created in the spool directory. In this specific example the customer was using an external DNS server (8.8.8.8 = Google public DNS server).
To stop snmptrapd from performing DNS lookups edit the file:
/etc/init.d/snmptrapd
Change the OPTIONS (line 29) so it has the -north argument:
OPTIONS="-north -Lsd -p /var/run/snmptrapd.pid"
Relieve the file and restart the snmptrapd service.
If you are all the same having issues, your next step is to enable logging.
snmptrapd Logging
These steps explain how to enable the snmptrapd daemon to logging it's output to a file. This is useful for determining exactly what snmptrapd is doing with the SNMP Traps it receives.
To enable the option you need to edit the INIT script to add an extra option. The steps are slightly different depending on the operating system version beingness used:
RHEL six | CentOS 6 | Oracle Linux 6
Edit the /etc/sysconfig/snmptrapd file:
Find this line:
OPTIONS="-Ln -p /var/run/snmptrapd.pid"
Add -Lf /var/log/snmptrapd.log to the line:
OPTIONS="-Ln -Lf /var/log/snmptrapd.log -p /var/run/snmptrapd.pid"
Now restart the SNMPTRAPD service:
service snmptrapd restart
You tin can now continue to the Check Log File section below.
RHEL vii | CentOS 7 | Oracle Linux vii
Edit the /etc/sysconfig/snmptrapd file:
Add this line:
OPTIONS="-Lsd -Lf /var/log/snmptrapd.log"
At present restart the SNMPTRAPD service:
systemctl daemon-reload
systemctl restart snmptrapd.service
You tin now proceed to the Bank check Log File section below.
Ubuntu 16
Edit the /etc/default/snmptrapd file:
Find this line:
TRAPDOPTS='-Lsd -p /run/snmptrapd.pid'
Add -Lf /var/log/snmptrapd.log to the line:
TRAPDOPTS='-Lsd -Lf /var/log/snmptrapd.log -p /run/snmptrapd.pid'
At present restart the SNMPTRAPD service:
systemctl daemon-reload
systemctl restart snmptrapd.service
You can now proceed to the Check Log File section below.
Debian nine | Ubuntu 18
Execute the following command:
systemctl edit snmptrapd.service
Paste the following into the new file:
[Service]
ExecStart=
ExecStart=/usr/sbin/snmptrapd -Ln -f -Lf /var/log/snmptrapd.log
Now restart the SNMPTRAPD service:
systemctl daemon-reload
systemctl restart snmptrapd.service
You tin at present continue to the Check Log File department below.
Check Log File
This adds a line to the snmptrapd.conf file to enable logging. The snmptrapd activity is now logged in :
/var/log/snmptrapd.log
You can picket the log information by running this command:
tail -f /var/log/snmptrapd.log
Which should product output similar:
Net-SNMP version 5.seven.2
2015-03-25 13:25:45 snmpsender.box293.local [UDP: [10.25.5.20]:53145->[ten.25.5.xxx]]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1033824) ii:52:18.24 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.20006.1.7 SNMPv2-SMI::enterprises.20006.i.iii.ane.ii = String: "CentOS" SNMPv2-SMI::enterprises.20006.1.3.1.half dozen = STRING: "Users" SNMPv2-SMI::enterprises.20006.1.3.1.7 = INTEGER: 1SNMPv2-SMI::enterprises.20006.1.3.ane.17 = String: "USERS WARNING - i users currently logged in"
snmptrapd Debug Output
These steps explicate how to start the snmptrapd daemon to log more verbose debug output to the screen. This is useful for determining exactly what snmptrapd is doing with the SNMP Traps it receives.
Commencement you need to stop the snmptrapd service. past executing the command for your Bone.
Now execute the following command to get-go snmptrapd in the console:
snmptrapd -D -f -Loe
Any traps received will now exist output on the screen. Y'all can use this output to aid troubleshoot snmptrapd issues you may be having.
When you have finished, press CTRL + C to stop snmptrapd then start the service and so information technology resumes normal operation.
Beginning snmptt Service
One time you've completed troubleshooting make sure yous showtime the snmptt service again with the following command for your operating arrangement (OS):
RHEL seven+ | CentOS seven+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/20
systemctl first snmptt.service
Then confirm the spooled files have been candy with the following command:
ls -al /var/spool/snmptt/
Which should show an empty directory listing.
Decision
With these steps you volition be able to ostend if the snmptrapd service is correctly receiving SNMP Traps from a remote server.
Your adjacent troubleshooting step would be to refer to the snmptt Service troubleshooting.
Concluding Thoughts
For any support related questions delight visit the Nagios Support Forums at:
http://back up.nagios.com/forum/
Attachments
There are no attachments for this article.
Related Articles
SNMP Traps - Understanding Trap Variables
Viewed 14052 times since Monday, Oct 24, 2016
Nagios XI - SNMP Traps with NXTI
Viewed 3234 times since Tue, Sep 18, 2018
Nagios Eleven - SNMP Trap v3 Configuration
Viewed 19620 times since Tue, Nov 13, 2018
SNMP Trap - Firewall Rules
Viewed 18768 times since Tue, Mar 24, 2015
SNMP Trap - Entering UDP Traffic
Viewed 17807 times since Tue, Mar 24, 2015
SNMP Trap - snmptt Service
Viewed 19301 times since Tue, Mar 24, 2015
Nagios XI - Receiving IPv6 SNMP Traps
Viewed 6172 times since Thu, Apr 28, 2016
Nagios XI - How SNMP Traps Work
Viewed 3467 times since Mon, Nov 18, 2019
What Is The Service Name For Snmp Trap?,
Source: https://support.nagios.com/kb/article/snmp-trap-snmptrapd-service-88.html
Posted by: cainthournes.blogspot.com
0 Response to "What Is The Service Name For Snmp Trap?"
Post a Comment