When wanting to implement NMIS9 as trap and syslog receiver on Ubuntu 20.04 or greater. This guide is based on the assumption that you will want to ingest traps as a syslog, to make changes please refer to NET-SNMP snmptrap documentation.
Table of Contents |
---|
Step-by-step guide
...
SNMPTRAP Steps
First you want to install snmptrapd. I also recommend going ahead and enabling snmptrapd to start automatically in case of server reboots
Code Block language bash title Install snmptrapd apt-get install snmptrapd systemctl enable snmptrapd
With NET-SNMP Version 5.8 and systemd you will need to override snmptrapd.service. This means that when starting snmptrapd the options you put in the override file will be what starts and not what snmptrapd defaults with.
Code Block language bash title Edit snmptrapd service systemctl edit snmptrapd
In the edit window that appears you will want to paste the below text. Editor is nano, I recommend using the default file name so you just need to save and exit (ctl+o, ctl+w)
Code Block language text title override.conf text [Service] ExecStart= ExecStart=/usr/sbin/snmptrapd -f -n -OQOq -Ls2 -m ALL -M /usr/local/nmis9/mibs/traptraps
Edit the /etc/default/snmptrapd file, replacing default TRAPDOTS with the below:
Code Block language bash title edit snmptrapd vi /etc/default/snmptrapd
Code Block language text title /etc/default/snmptrapd TRAPDOPTS='-n -LS2d -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps' TRAPDRUN=yes
- Edit the /etc/snmp/snmptrapd.conf file,
Code Block language bash title edit snmptrapd.conf vi /etc/snmp/snmptrapd.conf
Code Block language text title /etc/snmp/snmptrapd.conf disableAuthorization yes #If you have installed nmis9 in a different directory make sure to change below to match. traphandle default /usr/local/nmis9/bin/traplog.pl
Now we need to reload the daemon and restart the service.
Code Block language bash title reload daemons systemctl daemon-reload systemctl restart snmptrapd # Always a good idea to check status systemctl status snmptrapd
Rsyslog Steps
First you want to make sure rsyslog is installed, I also recommend going ahead and making sure its enabled to start automatically in case of server reboots
Code Block language bash title Install snmptrapd apt-get install rsyslog systemctl enable rsyslog
Copy the rsyslog.conf file from nmis9/conf-default/rsyslog and replace the current rsyslog file.
Code Block language bash title rsyslog #make a backup of the orginal cp /etc/rsyslog.conf /etc/rsyslog.conf.bak cp /usr/local/nmis9/conf-default/rsyslogd/rsyslog.conf /etc/rsyslog.conf
Now we will edit rsyslog to add in our snmptrap processing.
Code Block language bash title rsyslog.conf edit vi /etc/rsyslog.conf
Code Block language text title rsyslog text add # Go to the end of the file and add: local2local7.* /usr/local/nmis9/logs/snmptrapdevice.log
Reload and restart Daemon
Code Block language bash title reload daemons rsyslog systemctl daemon-reload systemctl restart rsyslog # Always a good idea to check status systemctl status rsyslog
Time to test! To verify operation you can send a test trap either locally or from another Linux server, this example sends an Opmantek event trap.
The trap will appear in either /usr/local/nmis9/logs/snmptrap.logCode Block language bash title test trap sudo snmptrap -v 2c -c public 127.0.0.1 80000 1.3.6.1.4.1.4818 1.3.6.1.4.1.4818.1 s Event
Add New SNMP MIBS for Trap Processing
If you are receiving SNMP traps from devices which are just numbers, then you will need to add the MIBS so that the SNMP trap daemon can decode them them for you. First you need to identify the required MIB files and any dependant MIB files and then copy those files to the directory /usr/local/nmis9/mibs/traps and restart the SNMP trap daemon.
...
Info |
---|
Documentation to understand snmptrap and its options |
Related articles
opEvents - Centralized Logging Solution
...