LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-26-2012, 03:18 AM   #1
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Rep: Reputation: Disabled
How to receive SNMP TRAP from Network Device


Hi ,

Greetings !!!

This is my first post in linux questions.org.

I am in searching for a script that to receive SNMP trap from IDS/ IPS device.I have searched in many websites that gives "snmptrap -v 1 -c public 136.170.195.178 UCD-TRAP-TEST-MIB::demoTrap 136.170.195.178 2 0 "" IF-MIB::ifIndex i 1" this syntax.I can guess this is the command to send the SNMP trap.But at least i need a command that receives SNMP trap from IDS device.

Thank you !!
 
Old 07-26-2012, 02:09 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,698

Rep: Reputation: 143Reputation: 143
Do you know whether the IDS/IPS device send out SNMP trap when the event you want happen?
 
Old 07-26-2012, 10:50 PM   #3
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
Do you know whether the IDS/IPS device send out SNMP trap when the event you want happen?

Hi ..Thanks for your response!

Yes , it sends the traps from the IDS / IPS device .
Actually , I am trying from Unix Server which has been set as destination from IDS/IPS device. So, i wish to know how to receive those traps in UNIX server end and save the same in Database.
 
Old 07-27-2012, 02:32 PM   #4
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,698

Rep: Reputation: 143Reputation: 143
The snmptrap is correct tool to receive incoming trap. You can use SNMP client to verify SNMP module work correctly on the server at first and then deal with trap later.
 
Old 07-30-2012, 05:19 AM   #5
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
The snmptrap is correct tool to receive incoming trap. You can use SNMP client to verify SNMP module work correctly on the server at first and then deal with trap later.

Yes..Thanks for your support.Will get post if any help....!
 
Old 08-01-2012, 02:49 AM   #6
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Boopathiraj View Post
Yes..Thanks for your support.Will get post if any help....!
Hi i tried with some of the trail versions for SNMP Monitoring applications....But I wish to do my own from Linux machine.

It would be great full if anybody suggest me the
command (LINUX SHELL COMMAND ) to receive the SNMP traps which send by the Network devices.

Last edited by Boopathiraj; 08-01-2012 at 02:51 AM.
 
Old 08-02-2012, 02:36 PM   #7
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,698

Rep: Reputation: 143Reputation: 143
yum install net-snmp net-snmp-utils
snmptrapd -A -d -n -Lf trap.log
 
Old 08-09-2012, 08:09 AM   #8
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
yum install net-snmp net-snmp-utils
snmptrapd -A -d -n -Lf trap.log

Hi .. I am getting below error message..

-----------------------------------------------------------------------------------
Warning: no access control information configured.
This receiver will *NOT* accept any incoming notifications.
NET-SNMP version 5.3.2.2
couldn't open udp:162 -- errno 98 ("Address already in use")
-----------------------------------------------------------------------------------

I guess below..

1) have to configure SNMP CONF file
2) have to open port 162

To overcome above mentioned..i wish to know...

1) where is the snmpconf file ..
2) how to configure it
3) what is the meaning of "snmptrapd -A -d -n -Lf trap.log". that is in this command are we mentioning ip of IDS/IPS...


Requesting you to suggest and help me.....
 
Old 08-09-2012, 02:16 PM   #9
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,698

Rep: Reputation: 143Reputation: 143
Yes, you have to open port 162 in your firewall.
Normally SNMP config file is in following directory.
/usr/local/etc/snmp/snmp.conf, /usr/local/etc/snmp/snmp.local.conf - common configuration settings
~/.snmp/snmp.conf - user-specific configuration settings

snmptrapd -A -d -n -Lf trap.log
Options

-a

Ignore authenticationFailure traps.

-A

Append to the log file rather than truncating it.
Note that this needs to come before any -Lf options that it should apply to.
-c FILE

Read FILE as a configuration file.

-C

Do not read any configuration files except the one optionally specified by the -c option.

-d

Dump (in hexadecimal) the sent and received SNMP packets.
-D TOKEN[,...]
Turn on debugging output for the given TOKEN(s). Try ALL for extremely verbose output.
-f

Do not fork() from the calling shell.
-F FORMAT
When logging to standard output, use the format in the string FORMAT. See the section FORMAT SPECIFICATIONS below for more details.
-h, --help
Display a brief usage message and then exit.
-H

Display a list of configuration file directives understood by the trap daemon and then exit.
-I [-]INITLIST
Specifies which modules should (or should not) be initialized when snmptrapd starts up. If the comma-separated INITLIST is preceded with a '-', it is the list of modules that should not be started. Otherwise this is the list of the only modules that should be started.

To get a list of compiled modules, run snmptrapd with the arguments -Dmib_init -H (assuming debugging support has been compiled in).
-L[efos]
Specify where logging output should be directed (standard error or output, to a file or via syslog). See LOGGING OPTIONS in snmpcmd(1) for details.
-m MIBLIST
Specifies a colon separated list of MIB modules to load for this application. This overrides the environment variable MIBS. See snmpcmd(1) for details.
-M DIRLIST
Specifies a colon separated list of directories to search for MIBs. This overrides the environment variable MIBDIRS. See snmpcmd(1) for details.
-n

Do not attempt to translate source addresses of incoming packets into hostnames.

-p FILE

Save the process ID of the trap daemon in FILE.
-O [abeEfnqQsStTuUvxX]
Specifies how MIB objects and other output should be displayed. See the section OUTPUT OPTIONS in the snmpcmd(1) manual page for details.
-t

Do not log traps to syslog. This disables logging to syslog. This is useful if you want the snmptrapd application to only run traphandle hooks and not to log any traps to any location.
-v, --version
Print version information for the trap daemon and then exit.
-x ADDRESS
 
Old 08-13-2012, 06:47 AM   #10
Boopathiraj
LQ Newbie
 
Registered: Jul 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
Yes, you have to open port 162 in your firewall.
Normally SNMP config file is in following directory.
/usr/local/etc/snmp/snmp.conf, /usr/local/etc/snmp/snmp.local.conf - common configuration settings
~/.snmp/snmp.conf - user-specific configuration settings

snmptrapd -A -d -n -Lf trap.log
Options

-a

Ignore authenticationFailure traps.

-A

Append to the log file rather than truncating it.
Note that this needs to come before any -Lf options that it should apply to.
-c FILE

Read FILE as a configuration file.

-C

Do not read any configuration files except the one optionally specified by the -c option.

-d

Dump (in hexadecimal) the sent and received SNMP packets.
-D TOKEN[,...]
Turn on debugging output for the given TOKEN(s). Try ALL for extremely verbose output.
-f

Do not fork() from the calling shell.
-F FORMAT
When logging to standard output, use the format in the string FORMAT. See the section FORMAT SPECIFICATIONS below for more details.
-h, --help
Display a brief usage message and then exit.
-H

Display a list of configuration file directives understood by the trap daemon and then exit.
-I [-]INITLIST
Specifies which modules should (or should not) be initialized when snmptrapd starts up. If the comma-separated INITLIST is preceded with a '-', it is the list of modules that should not be started. Otherwise this is the list of the only modules that should be started.

To get a list of compiled modules, run snmptrapd with the arguments -Dmib_init -H (assuming debugging support has been compiled in).
-L[efos]
Specify where logging output should be directed (standard error or output, to a file or via syslog). See LOGGING OPTIONS in snmpcmd(1) for details.
-m MIBLIST
Specifies a colon separated list of MIB modules to load for this application. This overrides the environment variable MIBS. See snmpcmd(1) for details.
-M DIRLIST
Specifies a colon separated list of directories to search for MIBs. This overrides the environment variable MIBDIRS. See snmpcmd(1) for details.
-n

Do not attempt to translate source addresses of incoming packets into hostnames.

-p FILE

Save the process ID of the trap daemon in FILE.
-O [abeEfnqQsStTuUvxX]
Specifies how MIB objects and other output should be displayed. See the section OUTPUT OPTIONS in the snmpcmd(1) manual page for details.
-t

Do not log traps to syslog. This disables logging to syslog. This is useful if you want the snmptrapd application to only run traphandle hooks and not to log any traps to any location.
-v, --version
Print version information for the trap daemon and then exit.
-x ADDRESS


Hi..Thanks for your Continues support

I could not find /usr/local/etc/snmp/snmp.conf, /usr/local/etc/snmp/snmp.local.conf

files in concern folders.

I find some blogs and did the below changes ..But still i could not fine where the Traps received.

===================================================================================
In /etc/default/snmpd :

export MIBDIRS=/usr/share/snmp/mibs
SNMPDRUN=yes
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
TRAPDRUN=yes
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
SNMPDCOMPAT=yes



in /etc/snmp/snmpd.conf :

agentAddress udp:172.20.35.70:162
rocommunity weareone localhost
rocommunity pweareone default -V systemonly
rocommunity secret 172.20.35.70


in /etc/snmp/snmpd.conf :

donotlogtraps false
logOption f /var/log/snmptraps.log
authCommunity log,execute,net weareone
traphandle default /opt/nedi/trap.pl


===================================================================================
 
1 members found this post helpful.
Old 08-13-2012, 02:26 PM   #11
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,698

Rep: Reputation: 143Reputation: 143
You can install net-snmp-utils package and use snmpconf tool to configure SNMP. The package include some other tools to help you debug your SNMP configuration.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
snmp trap lamou23 Linux - Networking 4 08-03-2010 04:04 PM
how to send snmp trap & recieve trap in C program minil Programming 3 07-10-2010 09:22 AM
How can I receive only from one network device? FabM Linux - Newbie 1 04-09-2009 05:18 PM
SNMP Trap metallica1973 Linux - Networking 1 11-28-2007 09:14 AM
Snmp Trap shan_nathan Linux - Server 2 09-01-2007 05:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration