When wanting to implement NMIS9 as trap and syslog receiver on Ubuntu 20.04 or greater.

Step-by-step guide

SNMPTRAP Steps

First you want to install snmptrapd. I also recommend going ahead and enabling snmptrapd to start automatically in case of server reboots
Install snmptrapd
```
apt-get install snmptrapd
systemctl enable snmptrapd
```
With NET-SNMP Version 5.8 and systemd you will need to override snmptrapd.service. This means that when starting snmptrapd the options you put in the override file will be what starts and not what snmptrapd defaults with.
Edit snmptrapd service
```
systemctl edit snmptrapd
```
In the edit window that appears you will want to paste the below text. Editor is nano, I recommend using the default file name so you just need to save and exit (ctl+o, ctl+w)
override.conf text
```
[Service]
ExecStart=
ExecStart=/usr/sbin/snmptrapd -f -n -Oq -Ls2 -m ALL -M /usr/local/nmis9/mibs/traps
```

Edit the /etc/default/snmptrapd file, replacing default TRAPDOPTS with the below:

edit snmptrapd

vi /etc/default/snmptrapd

/etc/default/snmptrapd

TRAPDOPTS='-n -LS2d -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps'
TRAPDRUN=yes

Edit the /etc/snmp/snmptrapd.conf file,

edit snmptrapd.conf

vi /etc/snmp/snmptrapd.conf

/etc/snmp/snmptrapd.conf

disableAuthorization yes
#If you have installed nmis9 in a different directory make sure to change below to match.
traphandle default /usr/local/nmis9/bin/traplog.pl

Now we need to reload the daemon and restart the service.

reload daemons

systemctl daemon-reload
systemctl restart snmptrapd
# Always a good idea to check status
systemctl status snmptrapd

Rsyslog Steps

First you want to make sure rsyslog is installed, I also recommend going ahead and making sure its enabled to start automatically in case of server reboots
Install snmptrapd
```
apt-get install rsyslog
systemctl enable rsyslog
```

Copy the rsyslog.conf file from nmis9/conf-default/rsyslog and replace the current rsyslog file.

rsyslog

#make a backup of the orginal
cp /etc/rsyslog.conf /etc/rsyslog.conf.bak
cp /usr/local/nmis9/conf-default/rsyslogd/rsyslog.conf /etc/rsyslog.conf

Now we will edit rsyslog.

rsyslog.conf edit

vi /etc/rsyslog.conf

rsyslog text add

# Go to the end of the file and add:

local7.*                                                /usr/local/nmis9/logs/device.log

Reload and restart Daemon

reload daemons rsyslog

systemctl daemon-reload
systemctl restart rsyslog
# Always a good idea to check status
systemctl status rsyslog

Time to test! To verify operation you can send a test trap either locally or from another Linux server, this example sends an Opmantek event trap.
test trap
```
sudo snmptrap -v 2c  -c public 127.0.0.1 80000 1.3.6.1.4.1.4818 1.3.6.1.4.1.4818.1 s Event
```

Add New SNMP MIBS for Trap Processing

If you are receiving SNMP traps from devices which are just numbers, then you will need to add the MIBS so that the SNMP trap daemon can decode them them for you. First you need to identify the required MIB files and any dependant MIB files and then copy those files to the directory /usr/local/nmis9/mibs/traps and restart the SNMP trap daemon.

service snmptrapd restart

You can test the decoding using the snmptranslate command, which was described in a previous section.

Documentation to understand snmptrap and its options

Related articles

opEvents - Centralized Logging Solution

opEvents - Syslog Handling - Adding a New Vendor

opEvents - Syslog Handling - Adding a New Format

Page:

Umbrales básicos y avanzados en NMIS9
Page:

Umbrales básicos y avanzados en NMIS
Page:

SNMP Trap and Rsyslog Setup for Ubuntu 20+
Page:

Automatically accept EULAs
Page:

Basic and Advanced Thresholds in NMIS8