Receiving SNMP traps is the opposite to querying SNMP-enabled devices. In this case the information is sent from a SNMP-enabled device and is collected or “trapped” by Zabbix. Usually traps are sent upon some condition change and the agent connects to the server on port 162 (as opposed to port 161 on the agent side that is used for queries). Using traps may detect some short problems that occur amidst the query interval and may be missed by the query data.
Receiving SNMP traps in Zabbix is designed to work with snmptrapd and one of the built-in mechanisms for passing the traps to Zabbix - either a perl script or SNMPTT.
The workflow of receiving a trap:
- snmptrapd receives a trap
- snmptrapd passes the trap to SNMPTT or calls Perl trap receiver
- SNMPTT or Perl trap receiver parses, formats and writes the trap to a file
- Zabbix SNMP trapper reads and parses the trap file
- For each trap Zabbix finds all “SNMP trapper” items with host interfaces matching the received trap address. Note that only the selected “IP” or “DNS” in host interface is used during the matching.
- For each found item, the trap is compared to regexp in “snmptrap[regexp]”. The trap is set as the value of all matched items. If no matching item is found and there is an “snmptrap.fallback” item, the trap is set as the value of that. If the trap was not set as the value of any item, Zabbix by default logs the unmatched trap. (This is configured by “Log unmatched SNMP traps” in Administration -> General -> Other.)
Update firewall rules.
Setting up firewall 162 port should be opened. Add the following line in /etc/sysconfig/iptables:
-A INPUT -p udp -m udp --dport 162 -j ACCEPT
Restart Firewall.
[ahmed@nms ~]# service iptables restart
Setting up Zabbix to receive SNMP traps using zabbix_trap_receiver.pl.
Install additional packages
[ahmed@nms ~]# yum install -y net-snmp-utils net-snmp-perl
We will be using zabbix_trap_receiver.pl, File can be downloaded from HERE.
Copy the file to /usr/bin
[ahmed@nms ~]# cp zabbix_trap_receiver.pl /usr/bin
[ahmed@nms ~]# chmod +x /usr/bin/zabbix_trap_receiver.pl
Update snmptrapd.conf
[ahmed@nms ~]# vi /etc/snmp/snmptrapd.conf
Append below lines to snmptrapd.conf
authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";
Enable Zabbix SNMP trapper in Zabbix server configuration.
[ahmed@nms ~]# vi /etc/zabbix/zabbix_server.conf
Enable SNMP trap in zabbix_server.conf
StartSNMPTrapper=1
SNMPTrapperFile should be same as what it is in zabbix_trap_receiver.pl file.
SNMPTrapperFile=/tmp/zabbix_traps.tmp
Restart Zabbix Server.
[ahmed@nms ~]# service zabbix-server restart
Setting snmptrapd to start on reboot.
Configure snmptrapd to start automatically:
[ahmed@nms ~]# chkconfig snmptrapd on
and restart snmptrapd service:
[ahmed@nms ~]# service snmptrapd restart
SNMP trap transmission file rotation (optional)
Create a directory to store the data.
[ahmed@nms ~]# mkdir -p /var/log/zabbix_traps_archive
[ahmed@nms ~]# chmod 777 /var/log/zabbix_traps_archive
Add below contents to /etc/logrotate.d/zabbix_traps.
/tmp/zabbix_traps.tmp {
weekly
size 10M
compress
compresscmd /usr/bin/bzip2
compressoptions -9
notifempty
dateext
dateformat -%Y%m%d
missingok
olddir /var/log/zabbix_traps_archive
maxage 365
rotate 10
}
Testing
Send test trap
[ahmed@nms ~]# snmptrap -v 1 -c public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.4' '0.0.0.0' 6 33 '55' \
.1.3.6.1.6.3.1.1.5.4 s "eth0"
and check that trap received in the /tmp/zabbix_traps.tmp.
PDU INFO:
notificationtype TRAP
version 0
receivedfrom UDP: [127.0.0.1]:41840->[127.0.0.1]
errorstatus 0
messageid 0
community public
transactionid 2
errorindex 0
requestid 0
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (55) 0:00:00.55
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: IF-MIB::linkUp.0.33
IF-MIB::linkUp type=4 value=STRING: "eth0"
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID: IF-MIB::linkUp
We are done with setting up SNMP trapper.
Create a Template called “Template SNMP trap fallback”
Creating Item called “SNMP trap fallback” in template “Template SNMP trap fallback”
- Name:
SNMP trap fallback - Type:
SNMP trap - Key:
snmptrap.fallback - Type of information:
Log
This item will collect all unmatched traps. Create trigger which will inform administrator about new unmatched traps:
- Name:
Unmatched SNMP trap received from {HOST.NAME} - Expression:
{Template SNMP trap fallback:snmptrap.fallback.nodata(300)}=0
Complete zabbix_trap_receiver.pl File.
You can find the latest file from the link below.
#!/usr/bin/perl
#
# Zabbix
# Copyright (C) 2000-2011 Zabbix SIA
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#########################################
#### ABOUT ZABBIX SNMP TRAP RECEIVER ####
#########################################
# This is an embedded perl SNMP trapper receiver designed for sending data to the server.
# The receiver will pass the received SNMP traps to Zabbix server or proxy running on the
# same machine. Please configure the server/proxy accordingly.
#
# Read more about using embedded perl with Net-SNMP:
# http://net-snmp.sourceforge.net/wiki/index.php/Tut:Extending_snmpd_using_perl
#################################################
#### ZABBIX SNMP TRAP RECEIVER CONFIGURATION ####
#################################################
### Option: SNMPTrapperFile
# Temporary file used for passing data to the server (or proxy). Must be the same
# as in the server (or proxy) configuration file.
#
# Mandatory: yes
# Default:
$SNMPTrapperFile = '/tmp/zabbix_traps.tmp';
### Option: DateTimeFormat
# The date time format in strftime() format. Please make sure to have a corresponding
# log time format for the SNMP trap items.
#
# Mandatory: yes
# Default:
$DateTimeFormat = '%H:%M:%S %Y/%m/%d';
###################################
#### ZABBIX SNMP TRAP RECEIVER ####
###################################
use Fcntl qw(O_WRONLY O_APPEND O_CREAT);
use POSIX qw(strftime);
sub zabbix_receiver
{
my (%pdu_info) = %{$_[0]};
my (@varbinds) = @{$_[1]};
# open the output file
unless (sysopen(OUTPUT_FILE, $SNMPTrapperFile, O_WRONLY|O_APPEND|O_CREAT, 0666))
{
print STDERR "Cannot open [$SNMPTrapperFile]: $!\n";
return NETSNMPTRAPD_HANDLER_FAIL;
}
# get the host name
my $hostname = $pdu_info{'receivedfrom'} || 'unknown';
if ($hostname ne 'unknown') {
$hostname =~ /\[(.*?)\].*/; # format: "UDP: [127.0.0.1]:41070->[127.0.0.1]"
$hostname = $1 || 'unknown';
}
# print trap header
# timestamp must be placed at the beggining of the first line (can be omitted)
# the first line must include the header "ZBXTRAP [IP/DNS address] "
# * IP/DNS address is the used to find the corresponding SNMP trap items
# * this header will be cut during processing (will not appear in the item value)
printf OUTPUT_FILE "%s ZBXTRAP %s\n", strftime($DateTimeFormat, localtime), $hostname;
# print the PDU info
print OUTPUT_FILE "PDU INFO:\n";
foreach my $key(keys(%pdu_info))
{
printf OUTPUT_FILE " %-30s %s\n", $key, $pdu_info{$key};
}
# print the variable bindings:
print OUTPUT_FILE "VARBINDS:\n";
foreach my $x (@varbinds)
{
printf OUTPUT_FILE " %-30s type=%-2d value=%s\n", $x->[0], $x->[2], $x->[1];
}
close (OUTPUT_FILE);
return NETSNMPTRAPD_HANDLER_OK;
}
NetSNMP::TrapReceiver::register("all", \&zabbix_receiver) or
die "failed to register Zabbix SNMP trap receiver\n";
print STDOUT "Loaded Zabbix SNMP trap receiver\n";