What about a simple (yet functional) example ?
Code:
[root@agente86 ~]# more /etc/snmp/snmpdtrapd.conf
authCommunity log,execute LiebertEM
authCommunity log pfSense
traphandle default /bin/bash /usr/local/sbin/myactionscript.sh
In my network I have two sources of SNMP traps: a firewall and a no-break. The firewall is configured to send SNMP traps to this machine (agente86) using the community string "pfSense". The same with no-break, but using the community string "LiebertEM".
For both I want to log the traps.
For SNMP traps from no-break I want to analyze the SNMP trap and if it is just info messages (battery tests, for instances) I discard those messages. Otherwise I want to receive those messages by e-mail. To do that, I use the line "authCommunity log,execute LiebertEM" and traphandle line specifies the script which will decide if the received trap (in standart input) is test related or not. In the last case, it will basically send the msg by e-mail using the helper program traptoemail:
(I'm hiding the dirty details)
Code:
#!/bin/bash
# if the community is not LiebertEM, exit.
....
#create a temporary file to store the input from snmptrap handler.
TMPFILE=$(mktemp /tmp/snmptraphandle.XXXXXXXXXX) || exit 1
# the output of snmptrap handler
cat > $TMPFILE
...
# if the message is test related, exit.
# (process/analyze the msg in $TMPFILE)
...
# else
...
# send the output to traptoemail
cat $TMPFILE | traphandle default /usr/bin/perl /usr/bin/traptoemail -s smtp.yourdomain.com.br -f smtpdtrap@yourdomain.com.br you@yourdomain.com.br
You need to start the snmptrapd daemon and open the firewall ports to be able to receive the SNMP trap messages.
On the sources you need to specify the IP of the machine which is running the snmpttrapd.
I hope this can help you to start with snmptrap.
good luck !
