What Is The Service Name For Snmp Trap?

SNMP Trap - snmptrapd Service

Commodity Number: 88 | Rating: iii/5 from six votes | Terminal Updated past rspielman on Wed, Jan 13, 2021 at iv:41 PM

snmptrapd Service

The snmptrapd service is what receives an SNMP Trap from the networking stack and then places information technology into a spool directory for the snmptt service to process.

These steps help confirm that the snmptrapd service is working correctly. Earlier proceeding you would have followed the other troubleshooting manufactures "Inbound UDP Traffic" and "Firewall Rules".

Editing Files

In many steps of this commodity you will be required to edit files. This documentation will use the vi text editor. When using the half dozen
editor:

• To make changes press i on the keyboard beginning to enter insert mode
• Press Esc to leave insert way
• When you have finished, relieve the changes in vi by typing :wq and press Enter

Is The snmptrapd Service Running?

Establish an SSH session to the Nagios server that is receiving SNMP Traps and execute the command for your operating organisation (OS):

RHEL seven+ | CentOS 7+ | Oracle Linux seven+ | Debian | Ubuntu sixteen/18/20

systemctl status snmptrapd.service                

If snmptrapd is running, it should produce output similar:

                  snmptrapd (pid  11612) is running...                

If snmptrapd is Non running, it will produce output similar:

                  snmptrapd is stopped                

If the snmptrapd service is Non running, this means that spooled SNMP Traps volition not exist rejected. To ENABLE snmptrapd on boot and to first it, execute the post-obit commands depending on your Bone:

RHEL 7+ | CentOS vii+ | Oracle Linux seven+ | Debian | Ubuntu sixteen/eighteen/twenty

systemctl enable snmptrapd.service
systemctl start snmptrapd.service                

If snmptrapd is NOT installed, it will produce output like:

                  snmptrapd: unrecognized service                

If you find that snmptrapd is not installed, you lot need to follow the guide "How to Integrate SNMP Traps With Nagios XI".

Also, yous should confirm that the snmptt service is installed, if information technology is non so the snmptrapd service is going to have problems. Execute the command for your operating system (Bone):

RHEL 7+ | CentOS vii+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/twenty

systemctl status snmptt.service                

If snmptt is running, it should produce output like:

                  snmptt (pid  11612) is running...                

If snmptt is Not running, information technology volition produce output similar:

                  snmptt is stopped                

If you find that snmptt is not installed, you need to follow the guide "How to Integrate SNMP Traps With Nagios Xi".

Restart snmptrapd Service

Steps below volition require you to restart the snmptrapd service, the commands for your OS are as follows:

RHEL seven+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu sixteen/18/twenty

systemctl restart snmptrapd.service                

Finish snmptrapd Service

Steps beneath will require you to stop the snmptrapd service, the commands for your Bone are as follows:

RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/xviii/twenty

systemctl stop snmptrapd.service                

Confirm Traps Are Spooled

When SNMP Traps are working correctly they are placed into the spool folder by snmptrapd and almost instantly snmptt processes the spooled trap and and then deletes it. In the following steps, we are going to stop the snmptt service so it does not process the trap. This lets you ostend that the received traps are really being spooled.

To stop the snmptt service execute the command for your operating arrangement (OS):

RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/eighteen/20

systemctl stop snmptt.service                

Which should produce the output similar:

Stopping snmptt:                                           [  OK  ]

Next, from the device that sends SNMP Traps, get it to transport through a trap.

In one case received, it will be created equally a file in /var/spool/snmptt/

To see if the file exists blazon the following control:

ls -al /var/spool/snmptt/

Which should show a directory listing of the spooled traps, for example they are named:

-rw-r--r--  1 root   root    395 Mar 25 11:43 #snmptt-trap-1427244215674243

Y'all can view the contents of the trap with the following control:

cat /var/spool/snmptt/#snmptt-trap-1427244215674243

Which should output something like:

1427244215
snmpsender.domain.local
UDP: [10.25.5.twenty]:50655->[x.25.v.30]
DISMAN-Event-MIB::sysUpTimeInstance 0:one:10:08.85
SNMPv2-MIB::snmpTrapOID.0 SNMPv2-SMI::enterprises.20006.one.7
SNMPv2-SMI::enterprises.20006.i.3.i.2 "CentOS"
SNMPv2-SMI::enterprises.20006.1.3.1.6 "Users"
SNMPv2-SMI::enterprises.20006.one.three.ane.7 0
SNMPv2-SMI::enterprises.20006.1.three.1.17 "USERS OK - 0 users currently logged in"

The start line is the number 1427244215, this is the time stamp of when the trap was received (epoch value).

Files Created in /var/spool/snmptt/

If you are seeing files being created in the directory /var/spool/snmptt/, then this confirms that snmptrap is correctly working.

Files Not beingness created in /var/spool/snmptt/

If you are NOT seeing files being created in the directory /var/spool/snmptt/, then at that place may be a permissions issue. To check the permissions execute the command:

ls -dl /var/spool/snmptt/

Which should show the permissions as follows:

drwxrwxr-x 2 snmptt snmptt 4096 Mar 25 11:51 /var/spool/snmptt/

If the permissions and owner are not correct so execute these commands:

chown snmptt:snmptt /var/spool/snmptt/
chmod u+rwx,yard+rwx,o+rx /var/spool/snmptt/

And so confirm the permissions are now correct:

ls -dl /var/spool/snmptt/

One time you have washed this, from the device that sends SNMP Traps, get information technology to ship through a trap. Then confirm it is created as a file in /var/spool/snmptt/.

If you lot are all the same Non seeing files being created in the directory /var/spool/snmptt/, so there may be an issue with the snmptrapd configuration. To see the configuration execute the following command:

cat /etc/snmp/snmptrapd.conf

This shows the snmptrapd configuration file. This is a very basic file and should look similar this:

                  disableAuthorization yes                  
                  traphandle default /usr/sbin/snmptthandler                

If your snmptrapd.conf is unlike, please right information technology (using an editor like "vi") and so restart the snmptrapd service.

You should too ostend that the following file exists and is at least version 1.2 past executing the following command:

/usr/sbin/snmptthandler --version

Which would produce this output:

                  SNMPTTHANDLER v1.2
(c) 2002-2007 Alex Burger                

If y'all are still non receiving SNMP traps in the snmptt spool directory, please confirm the spool directory setting used past executing the following control:

grep spool_directory /etc/snmp/snmptt.ini

Which should produce this output:

                  spool_directory = /var/spool/snmptt/
                                  

Delight confirm this directory exists AND the permissions are correct (covered in an before section in this article).

Another problem which tin delay SNMP traps arriving in the snmptt spool directory can be acquired by slow DNS lookups.

In some implementations it has been observed that it took four hours from when the UDP traffic was observed hitting the Nagios server to when the trap file was created in the spool directory. In this specific example the customer was using an external DNS server (8.8.8.8 = Google public DNS server).

To stop snmptrapd from performing DNS lookups edit the file:

/etc/init.d/snmptrapd

Change the OPTIONS (line 29) so it has the -north argument:

OPTIONS="-north -Lsd -p /var/run/snmptrapd.pid"

Relieve the file and restart the snmptrapd service.

If you are all the same having issues, your next step is to enable logging.

snmptrapd Logging

These steps explain how to enable the snmptrapd daemon to logging it's output to a file. This is useful for determining exactly what snmptrapd is doing with the SNMP Traps it receives.

To enable the option you need to edit the INIT script to add an extra option. The steps are slightly different depending on the operating system version beingness used:

RHEL six | CentOS 6 | Oracle Linux 6

Edit the /etc/sysconfig/snmptrapd file:

Find this line:

OPTIONS="-Ln -p /var/run/snmptrapd.pid"

Add -Lf /var/log/snmptrapd.log to the line:

OPTIONS="-Ln                  -Lf /var/log/snmptrapd.log                  -p /var/run/snmptrapd.pid"                

Now restart the SNMPTRAPD service:

service snmptrapd restart                

You tin can now continue to the Check Log File section below.

RHEL vii | CentOS 7 | Oracle Linux vii

Edit the /etc/sysconfig/snmptrapd file:

Add this line:

OPTIONS="-Lsd -Lf /var/log/snmptrapd.log"                

At present restart the SNMPTRAPD service:

systemctl daemon-reload
systemctl restart snmptrapd.service                

You tin now proceed to the Bank check Log File section below.

Ubuntu 16

Edit the /etc/default/snmptrapd file:

Find this line:

TRAPDOPTS='-Lsd -p /run/snmptrapd.pid'

Add -Lf /var/log/snmptrapd.log to the line:

TRAPDOPTS='-Lsd                  -Lf /var/log/snmptrapd.log                  -p /run/snmptrapd.pid'                

At present restart the SNMPTRAPD service:

systemctl daemon-reload
systemctl restart snmptrapd.service                

You can now proceed to the Check Log File section below.

Debian nine | Ubuntu 18

Execute the following command:

systemctl edit snmptrapd.service                

Paste the following into the new file:

[Service]
ExecStart=
ExecStart=/usr/sbin/snmptrapd -Ln -f -Lf /var/log/snmptrapd.log                

Now restart the SNMPTRAPD service:

systemctl daemon-reload
systemctl restart snmptrapd.service                

You tin at present continue to the Check Log File department below.

Check Log File

This adds a line to the snmptrapd.conf file to enable logging. The snmptrapd activity is now logged in :

/var/log/snmptrapd.log

You can picket the log information by running this command:

tail -f /var/log/snmptrapd.log

Which should product output similar:

                  Net-SNMP version 5.seven.2
2015-03-25 13:25:45 snmpsender.box293.local [UDP: [10.25.5.20]:53145->[ten.25.5.xxx]]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1033824) ii:52:18.24    SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.20006.1.7    SNMPv2-SMI::enterprises.20006.i.iii.ane.ii = String: "CentOS"    SNMPv2-SMI::enterprises.20006.1.3.1.half dozen = STRING: "Users"    SNMPv2-SMI::enterprises.20006.1.3.1.7 = INTEGER: 1SNMPv2-SMI::enterprises.20006.1.3.ane.17 = String: "USERS WARNING - i users currently logged in"                

snmptrapd Debug Output

These steps explicate how to start the snmptrapd daemon to log more verbose debug output to the screen. This is useful for determining exactly what snmptrapd is doing with the SNMP Traps it receives.

Commencement you need to stop the snmptrapd service. past executing the command for your Bone.

Now execute the following command to get-go snmptrapd in the console:

snmptrapd -D -f -Loe

Any traps received will now exist output on the screen. Y'all can use this output to aid troubleshoot snmptrapd issues you may be having.

When you have finished, press CTRL + C to stop snmptrapd then start the service and so information technology resumes normal operation.

Beginning snmptt Service

One time you've completed troubleshooting make sure yous showtime the snmptt service again with the following command for your operating arrangement (OS):

RHEL seven+ | CentOS seven+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/20

systemctl first snmptt.service                

Then confirm the spooled files have been candy with the following command:

ls -al /var/spool/snmptt/

Which should show an empty directory listing.

Decision

With these steps you volition be able to ostend if the snmptrapd service is correctly receiving SNMP Traps from a remote server.

Your adjacent troubleshooting step would be to refer to the snmptt Service troubleshooting.

Concluding Thoughts

For any support related questions delight visit the Nagios Support Forums at:

http://back up.nagios.com/forum/

Posted by: tlea on Tue, Mar 24, 2015 at 8:38 PM. This article has been viewed 44845 times.
Filed Nether: SNMP Traps, Troubleshooting

Attachments

There are no attachments for this article.

Related Articles

SNMP Traps - Understanding Trap Variables

Viewed 14052 times since Monday, Oct 24, 2016

Nagios XI - SNMP Traps with NXTI

Viewed 3234 times since Tue, Sep 18, 2018

Nagios Eleven - SNMP Trap v3 Configuration

Viewed 19620 times since Tue, Nov 13, 2018

SNMP Trap - Firewall Rules

Viewed 18768 times since Tue, Mar 24, 2015

SNMP Trap - Entering UDP Traffic

Viewed 17807 times since Tue, Mar 24, 2015

SNMP Trap - snmptt Service

Viewed 19301 times since Tue, Mar 24, 2015

Nagios XI - Receiving IPv6 SNMP Traps

Viewed 6172 times since Thu, Apr 28, 2016

Nagios XI - How SNMP Traps Work

Viewed 3467 times since Mon, Nov 18, 2019

What Is The Service Name For Snmp Trap?,

Source: https://support.nagios.com/kb/article/snmp-trap-snmptrapd-service-88.html

Posted by: cainthournes.blogspot.com

Share this post