Linux snmp trap receiver

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

snmp trap collector with mysql database

n0braist/snmp_trap_collector

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

SNMP trap collector with mysql database

SNMP Trap receiver (former EventDB) on RedHat

yum install net-snmp net-snmp-utils 

now we have to decide if Variant 1 or 2 (2 is preferred because of translated traps)

Creating just a normal trap database

Now, we need to create the database the traps will be stored in, as well as the database user we will use when logging traps.

Create the database we will log traps to:

MariaDB [(none)]> create database net_snmp; MariaDB [(none)]> create user 'netsnmp'@'localhost' identified by 'sekritpass'; MariaDB [(none)]> grant all on net_snmp.* to 'netsnmp'@'localhost' identified by 'sekritpass'; 

Create the schema we will enter data into.

A database schema is the actual structure we write data to, including the tables. Consider it the ‘shape’ and ‘function’ of the database. The file describing the database schema is, as far as I can tell, not installed with snmpd. But it is present in the net-snmp source code distribution.

Copy and paste this at the MariaDB prompt:

USE net_snmp; DROP TABLE IF EXISTS notifications; CREATE TABLE IF NOT EXISTS `notifications` ( `trap_id` int(11) unsigned NOT NULL AUTO_INCREMENT, `date_time` datetime NOT NULL, `host` varchar(255) NOT NULL, `auth` varchar(255) NOT NULL, `type` ENUM('get','getnext','response','set','trap','getbulk','inform','trap2','report') NOT NULL, `version` ENUM('v1','v2c', 'unsupported(v2u)','v3') NOT NULL, `request_id` int(11) unsigned NOT NULL, `snmpTrapOID` varchar(1024) NOT NULL, `transport` varchar(255) NOT NULL, `security_model` ENUM('snmpV1','snmpV2c','USM') NOT NULL, `v3msgid` int(11) unsigned, `v3security_level` ENUM('noAuthNoPriv','authNoPriv','authPriv'), `v3context_name` varchar(32), `v3context_engine` varchar(64), `v3security_name` varchar(32), `v3security_engine` varchar(64), PRIMARY KEY (`trap_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; DROP TABLE IF EXISTS varbinds; CREATE TABLE IF NOT EXISTS `varbinds` ( `trap_id` int(11) unsigned NOT NULL default '0', `oid` varchar(1024) NOT NULL, `type` ENUM('boolean','integer','bit','octet','null','oid','ipaddress','counter','unsigned','timeticks','opaque','unused1','counter64','unused2') NOT NULL, `value` blob NOT NULL, KEY `trap_id` (`trap_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 

mibdirs +/etc/snmp/translatedMIBS # mibwarninglevel: Should warnings about mibs be displayed when the mibs are loaded # arguments: 1|2 mibwarninglevel 1 

# Example configuration file for snmptrapd # # No traps are handled by default, you must edit this file! # # authCommunity log,execute,net public # traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold #authCommunity log YOURCOMMUNITYSTRING disableAuthorization yes sqlMaxQueue 1 sqlSaveInterval 9 

[snmptrapd] user=USER password=PASSSWORD host=localhost 

So you can send traps to the database using:

snmptrap -v 2c -c public IPofTRAPRECEIVER "TEXT" 1.2.3.4.0 

Database with trap translator: (PREFERED)

Install necessary packages:

yum install perl-NetAddr-IP perl-DBI perl-DBD-MySQL perl-Text-ParseWords perl-Getopt-Long perl-Time-HiRes perl-Sys-Syslog perl-Socket perl-AppConfig perl-Config-Tiny perl-Config-Simple perl-Scalar-List-Utils perl-Test-Simple perl-IO-stringy perl-List-MoreUtils net-snmp-perl perl-SNMP_Session 

optional: perl-DBD-Pg perl-Net-SNMP perl-threads perl-Digest-MD5 

(no install package in redhat repository)

> tar xvfz snmptt_1.4.tgz >useradd -g icinga -s /bin/false snmptt >install -o root -g root snmptt /usr/sbin >install -o root -g root snmptthandler /usr/sbin >install -o root -g root snmpttconvertmib /usr/sbin >install -o root -g root snmptt-init.d /etc/rc.d/init.d/snmptt 

Add the service using chkconfig:

Configure the service to start at runlevel 2345:

chkconfig --level 2345 snmptt on Snmptt will be started at the next reboot, or can be started immediately with: service snmptt start or /etc/rc.d/init.d/snmptt start 

To manually start snmptt, use:

snmptt --daemon install -o root -g root snmptt.ini /etc/snmp/ install -d -o snmptt -g icinga -m 4775 /var/spool/snmptt install -d -o snmptt -g root -m 755 /var/log/snmptt 

configure the snmptt.ini (see part Konfigurationen below)

We use a additional script /etc/sysconfig/snmptrapd to configure the start process of the snmptrap daemon.

SNMPTRAPD_PID=/var/run/snmptrapd.pid SNMPTRAPD_OPTS=»-On» SNMPTRAPD_CONFIG=»/etc/snmp/snmptrapd.conf» umask 002 OPTIONS=»-On -Lsd» umask 002

Important: We have to set the umask. The traps are stored from the snmptrapd as owner root and with gid icinga to the spool directory /var/spool/snmptt. The snmptt will run as user snmptt and the process have to be able to delete the traps are spooled.

Before we could start snmptrapd, we have to write the real configfile of snmptrapd to */etc/snmp/snmptrapd.conf. (later described again!)

disableAuthorization yes traphandle default /usr/sbin/snmptthandler 

grant all privileges on eventdb.* to ‘eventdb’@’localhost’ identified by ‘YOURPASSWORD’;

grant select on eventdb.* to ‘eventdb_r’@’localhost’ identified by ‘YOURPASSWORD_r’;

##### For database scheme we use the scheme from eventdb

To configure SNMPTT for MySQL, modify the following variables in the snmptt.ini file.

 mysql_dbi_enable mysql_dbi_host mysql_dbi_port mysql_dbi_database mysql_dbi_table mysql_dbi_table_unknown mysql_dbi_username mysql_dbi_password 

Note: Sample values are defined in the default ini file. Defining mysql_dbi_table_unknown is optional.

The following MySQL script can create the database and table. Permissions etc should also be defined. Run ‘mysql’ as root and enter:

 CREATE DATABASE snmptt; grant all privileges on snmptt.* to 'YOURUSER'@'localhost' identified by 'YOURPASSWORD'; 

USE snmptt; DROP TABLE snmptt; CREATE TABLE snmptt ( id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, eventname VARCHAR(50), eventid VARCHAR(50), trapoid VARCHAR(100), enterprise VARCHAR(100), community VARCHAR(20), hostname VARCHAR(100), agentip VARCHAR(16), category VARCHAR(20), severity VARCHAR(20), uptime VARCHAR(20), traptime VARCHAR(30), formatline VARCHAR(255)); 

Note: To store the traptime as a real date/time (DATETIME data type), change ‘traptime VARCHAR(30),’ to ‘traptime DATETIME,’ and set date_time_format_sql in snmptt.ini to %Y-%m-%d %H:%M:%S.

Note: If you do not want the auto-incrementing id column, remove the ‘id INT. ‘ line.

Note: To store the traptime as a real date/time (DATETIME data type), change ‘traptime VARCHAR(30),’ to ‘traptime DATETIME,’ and set date_time_format_sql in snmptt.ini to %Y-%m-%d %H:%M:%S.

If logging of statistics to a SQL table is required, create the snmptt_statistics table using:

USE snmptt; DROP TABLE snmptt_statistics; CREATE TABLE snmptt_statistics ( stat_time VARCHAR(30), total_received BIGINT, total_translated BIGINT, total_ignored BIGINT, total_unknown BIGINT); 

Now it’s time to convert some MIBS for the snmptt:

cd /usr/share/snmp/mibs/ snmpttconvertmib --in=NET-SNMP-AGENT-MIB.txt --out=/etc/snmp/translatedMIBS/snmptt.conf snmpttconvertmib --in=SNMPv2-MIB.txt --out=/etc/snmp/translatedMIBS/snmptt.conf 

configure the snmptrapd.conf (see part Konfigurationen below)

start snmptt service snmptt start Starting snmptt (via systemctl): Job for snmptt.service failed because the control process exited with error code. See "systemctl status snmptt.service" and "journalctl -xe" for details. [FAILED] 

If this error occurs install/update Scalar::List > 1.33

tar xvf Scalar-List-Utils-1.47.tar.gz cd Scalar-List-Utils-1.47 perl Makefile.PL make make test make install 

tar xvf Config-IniFiles-2.94.tar.gz cd Config-IniFiles-2.94 perl Build.PL Build Build test Build install 

change startscript for snmptrapd:

original file: [Unit] Description=Simple Network Management Protocol (SNMP) Trap Daemon. After=syslog.target network.target [Service] Type=notify Environment=OPTIONS="-Lsd" EnvironmentFile=-/etc/sysconfig/snmptrapd ExecStart=/usr/sbin/snmptrapd $OPTIONS -f ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target 

Do the changes in/etc/snmp/snmptrapd.conf (see part Konfigurationen below)

service snmptrapd restart service snmptt restart 

snmptrap -v 2c -c COMMUNITYSTRING IPofTRAPRECEIVER "" .1.3.6.1.6.3.1.1.5.1 

/etc/snmp/snmp.conf Leave empty, it is not needed.

/etc/my.cnf.d/snmptrapd.cnf Leave empty, it is not needed.

vi /etc/snmp/snmptrapd.conf disableAuthorization yes traphandle default /usr/sbin/snmptthandler 

If you want to get it more secure define here your specified communities your tarp receiver lsiten to:

 There are currently three types of processing that can be specified: log log the details of the notification - either in a specified file, to standard output (or stderr), or via syslog (or similar). execute pass the details of the trap to a specified handler program, including embedded perl. Net forward the trap to another notification receiver. 

 authCommunity log,net,execute YOURCOMMUNITYSTRING #disableAuthorization yes traphandle default /usr/sbin/snmptthandler 

also add all converted mibs with path between

[TrapFiles] # A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path # and filename. Ex: '/etc/snmp/snmptt.conf' snmptt_conf_files =  

# snmptrapd command line options # '-f' is implicitly added by snmptrapd systemd unit file # OPTIONS="-Lsd" OPTIONS="-On -Lsd" umask 002 

./check_eventdb_BSH.sh -u eventdb -p YOURPASSWORD -d DATABASENAME -t TABLENAME -C "distinct hostname,formatline,traptime,severity" -D traptime -P 120m -w 1 -c 5 -S "host_name = '%hostname%' ORDER BY traptime DESC" -M 'TEST_Alarms:' 2>/dev/null 

wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz tar xzf loganalyzer-3.6.6.tar.gz 

mv loganalyzer-3.6.6/src /var/www/html/loganalyzer 

cd /var/www/html/loganalyzer touch config.php chown apache:apache config.php chmod 777 config.php 

#n0braist Alias /loganalyzer/ /var/www/html/loganalyzer/ Options All AllowOverride All Require all granted 

 [http://yourhost/loganalyzer/install.php]