Re: snmptrapd forwarding
Hi. This thread is coming up periodically, SNMP trap forwarding is not preserving the original sender's IP address. I created a patch, to enable special mode, which adds the IP of sender on each forwarder, so at the end of the chain the original sender's IP is in OID .1.3.6.1.6.3.18.1.3.0 (SNMP-COMMUNITY-MIB::snmpTrapAddress.0 Here is the link to the patch http://sourceforge.net/p/net-snmp/patches/1320/#6afe Pik -- ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmptrapd forwarding
I am currently attempting to configure snmptrapd to do trap forwarding. With my current configuration, snmptrapd is receiving and logging incoming traps, but it it does not appear to be forwarding them. The contents of my snmptrapd.conf file are as follows: authCommunity log,execute,net public forward default udp:192.168.0.253:1620 public When I run snmptrapd as follows: snmptrapd -f -Le -d I can see traps being received, but I never see any log messages indicating that they are forwarded. Moreover, I am running wireshark on the destination host to further verify that traps are not being sent to that host. Also...I have no firewall configured on the Ubuntu host on which snmptrapd is executing. I would appreciate any assistance with further debugging and ultimately addressing this issue. Thank you. --- Brandon E Taylor -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd forwarding
Hi Brett, The directive "traphandle " in snmptrapd.conf file will invoke an executable if it receives a trap with OID . The inputs to execuatble from snmptrapd is the ip adddress of trap sender and variable binding. In executable you can put the logic to read ip-address and variable-binding and you can use snmptrap utility to send the trap to any manager. One thing to note here is that input to executable from snmptrapd is SNMPv2-style notification format,with SNMPv1 traps being converted as per RFC 2576, before being passed to the execuatble. In Snmpv1 trap apart from ipaddress of manger and var-binding,you have to fields generic trap and specific trap. I don't exactly how to determine these two fields. For more info read snmptrapd.conf and snmptrapd. Thanks, -mushtaq On 11/13/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > I read through the READMEs and it looks like snmptrapd can forward traps to > another device listening for snmp traps. What I would like to do is forward > SNMP v1/2/2c/3 traps to the Microsoft SNMP Trap Service as SNMP v1 traps. > Is this possible or is there an alternative? > > I am using NetIQ AppManager to monitor for SNMP Traps, but AppManager only > supports the Microsoft SNMP Trap Service. > > Thanks, > Brett Carroll > IT Specialist > Bureau of the Public Debt > (304)480-7731 > [EMAIL PROTECTED] > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Net-snmp-users mailing list > [email protected] > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmptrapd forwarding
I read through the READMEs and it looks like snmptrapd can forward traps to another device listening for snmp traps. What I would like to do is forward SNMP v1/2/2c/3 traps to the Microsoft SNMP Trap Service as SNMP v1 traps. Is this possible or is there an alternative? I am using NetIQ AppManager to monitor for SNMP Traps, but AppManager only supports the Microsoft SNMP Trap Service. Thanks, Brett Carroll IT Specialist Bureau of the Public Debt (304)480-7731 [EMAIL PROTECTED]- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd forwarding with OID wildcards [SEC=UNCLASSIFIED]
On Thu, May 03, 2007 at 10:40:53AM +1000, Hart, Matthew MR 2 wrote: > Thanks Wayne, > > We use a big correlation engine here (not open-source unfortunately), > but we wanted to filter out the superflous messages before they get to > it (our setup is too large to send every single event to the central > correlation engine and let it sort them out). Now that the Dave S. has > added the wildcard functionality to snmptrapd, we should be able to do > some simple filtering. I'll have a hunt around for more advanced methods > of filtering traps when the need arises :) > -Original Message- > [mailto:net-snmp-users-bounces at lists.sourceforge.net] On Behalf Of > Tackabury, Wayne > Sent: Tuesday, 1 May 2007 23:12 > Subject: RE: snmptrapd forwarding with OID wildcards [sec:unclass] > > > > -Original Message- > >In the meantime, does anyone know about a tool available that can do > >what I'm trying to achieve (forward traps to a different server, if the > > >OID matches a pattern with wildcards)? > > We didn't find one in a fair amount of looking (through open source > options, anyways). Moreover, while we were looking, as much as we tried > to constrain the use case to *just* being about OID's, or issuing agent > address, we always found some new condition which became an essential > constraint for forwarding. > > This falls under the general rubric of "event correlation", and we ended > up writing our own little policy rule manager to take this on. I do > know of certain open source rules engines (e.g., Jess Rules for Java) > that provide a lot of what you need for that if you can write the event > handler (incoming trap), condition handler and matcher (does an included > varbind match this OID?) and action handler (forward to this other trap > recipient). > > On the other hand, there's a fair of adaptation of the gestalt of any > open source rules engine to meet this kind of relatively minimal > application, I've found. I don't know if you folks have looked at using SEC (Simple Event Correlator), but people have used it for just such event correlation. If I remember properly somebody successfully used snmptrap called from SEC to forward traps. There may even be an example in the SEC mailing list archives. -- -- rouilj John Rouillard System Administrator Renesys Corporation 603-643-9300 x 111 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: snmptrapd forwarding with OID wildcards [SEC=UNCLASSIFIED]
Thanks Wayne, We use a big correlation engine here (not open-source unfortunately), but we wanted to filter out the superflous messages before they get to it (our setup is too large to send every single event to the central correlation engine and let it sort them out). Now that the Dave S. has added the wildcard functionality to snmptrapd, we should be able to do some simple filtering. I'll have a hunt around for more advanced methods of filtering traps when the need arises :) -Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tackabury, Wayne Sent: Tuesday, 1 May 2007 23:12 To: [email protected] Subject: RE: snmptrapd forwarding with OID wildcards [sec:unclass] -Original Message- >In the meantime, does anyone know about a tool available that can do >what I'm trying to achieve (forward traps to a different server, if the >OID matches a pattern with wildcards)? We didn't find one in a fair amount of looking (through open source options, anyways). Moreover, while we were looking, as much as we tried to constrain the use case to *just* being about OID's, or issuing agent address, we always found some new condition which became an essential constraint for forwarding. This falls under the general rubric of "event correlation", and we ended up writing our own little policy rule manager to take this on. I do know of certain open source rules engines (e.g., Jess Rules for Java) that provide a lot of what you need for that if you can write the event handler (incoming trap), condition handler and matcher (does an included varbind match this OID?) and action handler (forward to this other trap recipient). On the other hand, there's a fair of adaptation of the gestalt of any open source rules engine to meet this kind of relatively minimal application, I've found. Regards, Wayne - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: snmptrapd forwarding with OID wildcards [SEC=UNCLASSIFIED]
I've tested it out, and it all seems to be working. Thank you very much for the quick response and update! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Shield Sent: Tuesday, 1 May 2007 21:38 To: Hart, Matthew MR 2 Cc: [email protected] Subject: Re: snmptrapd forwarding with OID wildcards [sec:unclass] On 01/05/07, Hart, Matthew MR 2 <[EMAIL PROTECTED]> wrote: > Would it be possible for the developers to add wildcard handling for > the forward directive in a future release? Done. See SVN revision 16330. I'll attach the relevant patch. Dave - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: snmptrapd forwarding with OID wildcards [sec:unclass]
-Original Message- >In the meantime, does anyone know about a tool available that can do >what I'm trying to achieve (forward traps to a different server, if the >OID matches a pattern with wildcards)? We didn't find one in a fair amount of looking (through open source options, anyways). Moreover, while we were looking, as much as we tried to constrain the use case to *just* being about OID's, or issuing agent address, we always found some new condition which became an essential constraint for forwarding. This falls under the general rubric of "event correlation", and we ended up writing our own little policy rule manager to take this on. I do know of certain open source rules engines (e.g., Jess Rules for Java) that provide a lot of what you need for that if you can write the event handler (incoming trap), condition handler and matcher (does an included varbind match this OID?) and action handler (forward to this other trap recipient). On the other hand, there's a fair of adaptation of the gestalt of any open source rules engine to meet this kind of relatively minimal application, I've found. Regards, Wayne - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd forwarding with OID wildcards [sec:unclass]
On 01/05/07, Hart, Matthew MR 2 <[EMAIL PROTECTED]> wrote:
Would it be possible for the developers to add wildcard handling for the
forward directive in a future release?
Done.
See SVN revision 16330.
I'll attach the relevant patch.
Dave
Index: apps/snmptrapd_handlers.c
===
--- apps/snmptrapd_handlers.c (revision 16306)
+++ apps/snmptrapd_handlers.c (working copy)
@@ -135,9 +135,12 @@
charbuf[STRINGMAX];
oid obuf[MAX_OID_LEN];
size_t olen = MAX_OID_LEN;
-char *cptr;
+char *cptr, *cp;
netsnmp_trapd_handler *traph;
+int flags = 0;
+memset( buf, 0, sizeof(buf));
+memset(obuf, 0, sizeof(obuf));
cptr = copy_nword(line, buf, sizeof(buf));
DEBUGMSGTL(("read_config:forward", "registering forward for: "));
if (!strcmp(buf, "default")) {
@@ -147,6 +150,18 @@
else
traph = netsnmp_add_default_traphandler( forward_handler );
} else {
+cp = buf+strlen(buf)-1;
+if ( *cp == '*' ) {
+flags |= NETSNMP_TRAPHANDLER_FLAG_MATCH_TREE;
+*(cp--) = '\0';
+if ( *cp == '.' ) {
+/*
+ * Distinguish between 'oid.*' & 'oid*'
+ */
+flags |= NETSNMP_TRAPHANDLER_FLAG_STRICT_SUBTREE;
+*(cp--) = '\0';
+}
+}
if (!read_objid(buf, obuf, &olen)) {
charbuf1[STRINGMAX];
@@ -166,6 +181,7 @@
DEBUGMSG(("read_config:forward", "\n"));
if (traph) {
+traph->flags = flags;
traph->authtypes = TRAP_AUTH_NET;
traph->token = strdup(cptr);
}
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: snmptrapd forwarding with OID wildcards [sec:unclass]
Thanks for your response Thomas, Would it be possible for the developers to add wildcard handling for the forward directive in a future release? In the meantime, does anyone know about a tool available that can do what I'm trying to achieve (forward traps to a different server, if the OID matches a pattern with wildcards)? I guess it would work with the traphandle directive, parse the trap and forward it only if it matches a set of patterns. The more basic to tool the better, I can't really install something like OpenNMS or Nagios. Thanks, -Matt -Original Message- From: Thomas Anders [mailto:[EMAIL PROTECTED] Sent: Monday, 30 April 2007 19:40 To: Hart, Matthew MR 2 Cc: [email protected] Subject: Re: snmptrapd forwarding with OID wildcards [sec:unclass] Hart, Matthew MR 2 wrote: > According to the snmptrapd.conf man > page, the 'OID' token for the 'forward' directive is the same as for > the 'traphandle' directive ("The interpretation of OID (and default) > is the same as for the traphandle directive)."). The documentation for 'OID' > token for the 'traphandle' directive says "[The OID token] supports a > simple form of wildcard suffixing. By appending the character > notification based within subtree rooted at the specified OID". > > So, by this I'm thinking that the 'forward' directive supports > wildcards too. Th 'OID' handling had been the same earlier, until the "traphandle" handling introduced wildcard support which rendered this part of the documentation invalid, I fear. +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrapd forwarding with OID wildcards [sec:unclass]
Hart, Matthew MR 2 wrote:
> According to the snmptrapd.conf man
> page, the 'OID' token for the 'forward' directive is the same as for the
> 'traphandle' directive ("The interpretation of OID (and default) is the
> same as for the traphandle directive)."). The documentation for 'OID'
> token for the 'traphandle' directive says "[The OID token] supports a
> simple form of wildcard suffixing. By appending the character
> notification based within subtree rooted at the specified OID".
>
> So, by this I'm thinking that the 'forward' directive supports wildcards
> too.
Th 'OID' handling had been the same earlier, until the "traphandle"
handling introduced wildcard support which rendered this part of the
documentation invalid, I fear.
+Thomas
--
Thomas Anders (thomas.anders at blue-cable.de)
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
snmptrapd forwarding with OID wildcards [sec:unclass]
Hi there,
I'm trying to set up some servers that forward traps with specific OID
prefixes to other trap servers. According to the snmptrapd.conf man
page, the 'OID' token for the 'forward' directive is the same as for the
'traphandle' directive ("The interpretation of OID (and default) is the
same as for the traphandle directive)."). The documentation for 'OID'
token for the 'traphandle' directive says "[The OID token] supports a
simple form of wildcard suffixing. By appending the character
notification based within subtree rooted at the specified OID".
So, by this I'm thinking that the 'forward' directive supports wildcards
too.
However, if I enter the following line into snmptrapd.conf:
"forward 1.3.6.1.4.1.9.0.* 1.1.1.1"
And restart snmptrapd, I get the following error message in the log:
"/etc/snmp/snmptrapd.conf: line 9: Error: Bad trap OID in forward
directive: 1.3.6.1.4.1.9.0.*"
If I replace the line with:
"forward 1.3.6.1.4.1.9.0.1 1.1.1.1"
I get no error message.
Is this on purpose, is it a bug, or am I doing something wrong? I'm
using Net-SNMP version 5.4 on linux.
Thanks for your help in advance,
-Matthew
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
