SNMP server installation.
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networksInstallation on debian
Install necessary packages
sudo apt-get install snmp snmp-mibs-downloader snmpd snmptt snmptrapd –y
Configuration
Edit the snmp configuration filesudo nano /etc/snmp/snmp.conf
Comment the mibs line
#mibs :
Edit the snmptrap demon configurationsudo nano /etc/snmp/snmptrapd.conf
Specify the community string for snmp v1 and v2c if that’s what you use
authCommunity log,execute,net fisi
Specify users and their authentication parameters for snmp v3 below user with no authenticaton
createUser mumuauthUser log,execute,net mumu noauth
To accept traps from device without using authorization add the below line
disableAuthorization yes
Since we are using snmptt (SNMP Trap Translator) we direct the incoming traps to snmptt by adding
traphandle default /usr/sbin/snmptt
Edit the snmpd configuration to allow trapssudo nano /etc/default/snmpd
Change the values as highlighted
TRAPDRUN=yes
TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'
Edit the snmptrapd configuration to allow trapssudo nano /etc/default/snmptrapd
Change the values as highlighted
TRAPDRUN=yes
TRAPDOPTS='-Lsd -Lf /var/log/snmptrapd.log -p /var/run/snmptrapd.pid'
Edit the snmptt settings to allow processing of unknown trapssudo nano /etc/snmp/snmptt.ini
Change the value as displayed below
unknown_trap_log_enable = 1
Restart the services
sudo service snmpd restart
sudo service snmptt restart
sudo service snmptrapd restart
For traps to work if you are using snmp v3 you must specify the engine id of the devices sending the traps when creating a user as displayed below. In this case the user lab uses SHA authentication and DES encryption on multiple devices (junos and ios) with different engine ids as well as one device without an engine IDroot@eve-ng:~# cat /etc/snmp/snmptrapd.conf
# snmp v3 users
createUser -e 800000090300CA0DF6690000 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0101 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0102 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0103 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0104 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0105 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0106 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0107 bag SHA snmppaul DES snmppaul
createUser -e 80000a4c010a0a0108 bag SHA snmppaul DES snmppaul
createUser bag SHA snmppaul DES snmppaul
authUser log,execute,net bag
createUser -e 80000a4c010a0a0124 fisi
authUser log,execute,net fisi noauth
createUser mumu
authUser log,execute,net mumu noauth
# snmp v1 and v2
authCommunity log,execute,net fisi
# handle traps with snmptt
traphandle default /usr/sbin/snmptt
To test the configuration run the snmptrapd on one terminal and open another terminal from which you will send a trap and check if it is received on the first terminal this is because I don’t currently have a device to send traps from if you already have a device that can send traps you can trigger that instead
Terminal1:
This terminal acts as server which listens for traps from devices therefore we run the command and will put the terminal in listening mode to exit use ctrl+c.
snmptrapd -f -C -c /etc/snmp/snmptrapd.conf -Le
Terminal2:
This terminal acts as a client that sends the trap we send a link up traps received
Send snmp v3 trapsnmptrap -Ci -v 3 -a SHA -A snmppaul -x DES -X snmppaul -l authPriv -u bag localhost 0 linkUp.0
Send snmpv1 trapsnmptrap -Ci -v 3 -l noauth -u mumu localhost 0 linkUp.0
Check the terminal1 and you should see the traps beign received in real time
root@eve-ng:~# snmptrapd -f -C -c /etc/snmp/snmptrapd.conf -Le
NET-SNMP version 5.7.3 AgentX subagent connected
NET-SNMP version 5.7.3
2019-09-25 12:31:18 localhost [UDP: [127.0.0.1]:39050->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkUp.0
Agent IP address was blank, so setting to the same as the host IP address of 127.0.0.1
Agent IP address (127.0.0.1) is the same as the host IP, so copying the host name: localhost
2019-09-25 12:32:01 localhost [UDP: [127.0.0.1]:43822->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkUp.0
Agent IP address was blank, so setting to the same as the host IP address of 127.0.0.1
Agent IP address (127.0.0.1) is the same as the host IP, so copying the host name: localhost
To check the snmptrapd log
root@eve-ng:~# cat /var/log/snmptrapd.log
NET-SNMP version 5.7.3 AgentX subagent connected
NET-SNMP version 5.7.3
2019-09-25 12:29:46 localhost [UDP: [127.0.0.1]:34187->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkUp.0
2019-09-25 12:29:48 localhost [UDP: [127.0.0.1]:34187->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkUp.0
2019-09-25 12:30:04 NET-SNMP version 5.7.3 Stopped.
Stopping snmptrapd
To check the snmptt handler
root@eve-ng:~# cat /var/log/snmptt/snmpttunknown.log
Wed Sep 25 12:31:18 2019: Unknown trap (IF-MIB::linkUp.0) received from localhost at:
Value 0: localhost
Value 1: 127.0.0.1
Value 2: 0:0:00:00.00
Value 3: IF-MIB::linkUp.0
Value 4: 127.0.0.1
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Wed Sep 25 12:32:01 2019: Unknown trap (IF-MIB::linkUp.0) received from localhost at:
Value 0: localhost
Value 1: 127.0.0.1
Value 2: 0:0:00:00.00
Value 3: IF-MIB::linkUp.0
Value 4: 127.0.0.1
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10: