Configure SNMP Trap Notification

SNMP trap is an asynchronous alert or notification sent by the Agent to the SNMP Manager about network connectivity, activity, and events such as an error or failure, has occurred.

SNMP Trap (snmptrapd) is a SNMP application (daemon) that receives and logs the SNMP trap messages.

SNMP Manager Configuration

To configure the SNMP Manager for trap notification, follow the below steps:

  1. Log in to SNMP Manager as root user.

  2. Open the /var/lib/net-snmp/snmptrapd.conf file and edit the file to add the following line:

    createUser -e <engine Id> <snmpuser name> SHA <passphrase> DES <passphrase>

    Note:

    • engine Id: engine Id of the SNMP Agent (VRA). To get the engine Id, run the below command on the SNMP Agent.

      Copy 
      grep oldEngineID /var/lib/snmp/snmpd.conf

    • snmpusername: Name of the "User" created on your SNMP Agent (VRA) who sends the trap message.

  3. Open the /etc/snmp/snmptrap.conf file and edit the file to add the following line:

    authtrapenable 1

    authUser log,execute,net <snmp user name>

    Note: There should not be any space between log,execute,net. Also, net is required if the trap information is to be forwarded to any other monitoring server.
    Note:

    If the firewall is running, allow the connection from the SNMP Agent (VRA).

    • For IPTABLES:

      iptables -A INPUT -s <SNMP_AGENT_IP> -p udp --dport 162 -j ACCEPT -m comment --comment "Allow SNMP Traps Messages to be logged"

    • If the above IPTABLES rule does not work, then use the below mentioned firewall rules:

      sudo firewall-cmd --zone=public --add-port=162/tcp –permanent

      sudo firewall-cmd --zone=public --add-port=162/udp –permanent

      sudo firewall-cmd --reload

  4. You can change the log file location and/or name by editing the below line in the /etc/snmp/snmptrapd.conf file.

    [snmp] logOption f /var/log/snmptrapd.log

  5. Restart the SNMP trap service and SNMP service with the following commands.

    Copy
    For SNMP Trap Service:
    service snmptrapd restart
    Copy
    For SNMP Service:
    service snmpd restart

  6. A sample output of the SNMP trap is shown below: 

    [root@varhel8 log]# cat snmptrapd.log
NET-SNMP version 5.8
2022-12-26 19:13:26 <UNKNOWN> [UDP: [10.40.34.211]:48935->[10.40.34.221]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0 
SNMPv2-MIB::coldStart = STRING: "This is a notification that the Proof Directory is not updated in the last 24 hrs"