Is there a way to trace a single trap OID?
Jim
On Dec 6, 2010, at 9:49 PM, James Donn wrote:
> Hi All,
>
> I am new to NetSNMP, and am trying to get a solid snmptrapd.conf put up.
> Most things seem to be working as designed, but I noticed that I am not
> processing Mac traps (1.3.6.1.4.1.9.9.215.2.01 - 3). I have a catchall in
> snmptrapd.conf that should log anything that falls through if I have the
> wrong OID, which does not catch the trap if I comment out the relevant
> traphandle section. Below is a summary of my snmptrapd.conf:
>
> doNotFork false
>
> logOption f /netmgt/log/snmptrapd.log
>
> outputOption SEX
>
> format1 v1 Trap from %B
>
> format2 v2 Trap from %B
>
> disableAuthorization yes
>
> traphandle 1.3.6.1.4.1.9.9.215.2.0.1 /netmgt/bin/trap_default.pl mac
> cmnMacChangedNotification 4 2
> traphandle 1.3.6.1.4.1.9.9.215.2.0.2 /netmgt/bin/trap_default.pl mac
> cmnMacMoveNotification 4 2
> traphandle 1.3.6.1.4.1.9.9.215.2.0.3 /netmgt/bin/trap_default.pl mac
> cmnMacThresholdExceedNotif 4 2
>
> traphandle default /netmgt/bin/trap_default.pl "undefined trap" UNDEFINED 0 0
>
>
> I see the traps coming in droves on the server when I do a tcpdump:
>
> tcpdump:
> 21:22:34.561674 IP (tos 0x0, ttl 252, id 54940, offset 0, flags [none],
> proto: UDP (17), length: 137) switch.XXX.edu.57704 >
> trapdev.XXX.edu.snmptrap: { SNMPv1 C=Trap { Trap(91) E:cisco.9.215.2
> 10.1.1.11 enterpriseSpecific s=1 3626105156 [|snmp] } }
> 21:23:48.045910 IP (tos 0x0, ttl 252, id 54941, offset 0, flags [none],
> proto: UDP (17), length: 137) switch.XXX.edu.57704 >
> trapdev.XXX.edu.snmptrap: { SNMPv1 C=Trap { Trap(91) E:cisco.9.215.2
> 10.1.1.11 enterpriseSpecific s=1 3626112504 [|snmp] } }
>
>
> iptables is wide open:
>
> iptables -L -n | grep 162
> ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:162
> ACCEPT udp -- 10.0.0.0/8 0.0.0.0/0 udp dpt:162
>
>
> I enabled debug options:
>
> /etc/sysconfig/snmptrapd.options:
> OPTIONS="-C -c "/netmgt/etc/snmptrapd.conf" -Leof -F
> \"element_name=%A;;event_name=%W;;varbinds=%#v;;trap=(%N)(%q)(%w);;\n\" -OSEX
> -D all"
>
>
> Every looks OK to my untrained eye:
>
> snmptrapd.log:
> trace: read_config(): read_config.c, 795:
> read_config: /netmgt/etc/snmptrapd.conf:132 examining: traphandle
> 1.3.6.1.4.1.9.9.215.2.0.1 /netmgt/bin/trap_default.pl mac
> cmnMacChangedNotification 4 2
> trace: run_config_handler(): read_config.c, 498:
> read_config: Found a parser. Calling it: traphandle /
> 1.3.6.1.4.1.9.9.215.2.0.1 /netmgt/bin/trap_default.pl mac
> cmnMacChangedNotification 4 2
> trace: snmptrapd_parse_traphandle(): snmptrapd_handlers.c, 85:
> read_config:traphandle: registering handler for:
> SNMPv2-SMI::enterprises.9.9.215.2.0.1
> trace: read_config(): read_config.c, 795:
> read_config: /netmgt/etc/snmptrapd.conf:135 examining: traphandle
> 1.3.6.1.4.1.9.9.215.2.0.2 /netmgt/bin/trap_default.pl mac
> cmnMacMoveNotification 4 2
>
>
> However, I still do not see the traps being logged from the traphandle script
> or in my log dir. What else can I do to troubleshoot? Am I missing
> something basic? Version info below:
>
> snmptrapd -v
>
> NET-SNMP Version: 5.3.2.2
> Web: http://www.net-snmp.org/
> Email: [email protected]
>
>
> uname -a
> Linux XXX.edu 2.6.18-194.11.4.el5 #1 SMP Fri Sep 17 04:57:05 EDT 2010 x86_64
> x86_64 x86_64 GNU/Linux
>
>
> Thank you in advance,
>
> Jim
>
>
> <ATT00001..txt><ATT00002..txt>
Jim
[email protected]
------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
