There are plenty of guides on installing and configuring SNMPTRAPS, however I seem to have run into several pit falls so thought I would put them here in case it helps someone.
It’s more of a list of things to check..
I installed Ubuntu snmpd version: 5.4.3~dfsg-2.5ubuntu1
Commands that help to test things are working.
To display the path being searched for MIBS, this is created via the export option.
Sudo net-snmp-config --default-mibdirs
Test OID translation is working? If it is you will get sysUptime.0 as output.
Sudo snmptranslate .18.104.22.168.22.214.171.124.0SNMPv2-MIB::sysUpTime.0
Does the reverse translation work?
Sudo snmptranslate –On SNMPv2-MIB::sysUpTime.0.1.3.6.126.96.36.199.3.0
Do you have any MIBS?
MIBS do not come with the install! There is another package that will fetch the MIBs for you. This is because of copyright issues apparently.
Search for anything with MIB in its name.
sudo find * / |grep MIB
Else install snmp-mibs-downloader (I installed version 1.1)
sudo aptitude install snmp-mibs-downloaderThen download the MIBS
I found I still had missing MIBs so had to Google for them and download them. Ensure if you do this that the file name does not have an extension .txt or whatever, else it will be ignored. Also check the first line of the MIB to confirm it is indeed a MIB..
sudo head nameofmib
It should have something like DEFINITIONS ::= BEGIN as its first line.
Now because I spent a lot of time and made many config changes install / reinstall to get it working I gave up trying to get multiple mibdirs working. I decided instead to move all mibs to the first search location /root/.snmp/mibs.
Config files and starting and stopping the service.
Snmptrapd is started and stopped by snmpd,
Service snmpd start / Service snmpd stop
There are two config files you will also need to visit, this is the contents of mine.
# Run trap.TRAPDRUN=yes# Disable authorisation, it’s on by default, though if you have time you should use this!disableAuthorization yes# the IP address you want the trap to run on ( will use port udp 162)snmpTrapdAddr 192.168.192.168# Output to the following file.logOption f /var/log/snmptrap.log# You will not need the following line unless you are using JFFNMS (Just For Fun Network Monitoring System)traphandle default /usr/share/jffnms/engine/trap_receiver.sh
# Make sure this works, some guides say to use export MIBS, some export MIBDIRS, if you have# more than one location, you can add a second location using a : as a separator.# export MIBS=/root/.snmp/mibs <- did not work for me!export MIBDIRS=/root/.snmp/mibs# SNMP Bit.# snmpd control (yes means start daemon).SNMPDRUN=yesSNMPDOPTS='-LS6d -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'#SNMPTRAP bit# snmpd control (yes means start daemon).TRAPDRUN=yesTRAPDOPTS='-Lsd -m ALL -p /var/run/snmptrapd.pid -c /etc/snmp/snmptrapd.conf 172.18.100.7'# Note the –m ALL load all MIBS, if your location export works.# See MAN page for a full list of options:# create symlink on Debian legacy location to official RFC pathSNMPDCOMPAT=yes
When things don't work.
I used nmap to confirm the trap ports were open (or not) you could of course send a trap from another device which is the point of this exercise.
nmap -sU -p 161,162 192.168.192.186To confirm you are being sent a trap, you can use tcpdump to look for the incoming packets.
tcpdump -i eth2 dst port 162Or watch the log live
tail -f /var/log/snmptrap.logYou can search for the process, this is useful because you can also see the commands its running.
ps -aux |grep snmpYou can also stop the process using kill -9 (process id)
To run the trap from the cli and output to /var/log/snmptrap.log
snmptrapd -m +ALL -Lf /var/log/snmptrap.log --disableAuthorization=yes
I had a problem in that running the command from the cli meant that the OID was translated, but running it as a process meant the OID was not translated. This was fixed by changing the "export" option in /etc/default/snmpd but took me sometime to work out that was the problem.