Zabbix SNMP Traps with logrotate
May 22, 2023
Update firewall rules
First thing we need to do is make sure the firewall is allowed to accept our traps. SNMP is normaly sending traps on UDP port 162.
[zabbixserver ~]# firewall-cmd --add-port=162/udp --permanent
[zabbixserver ~]# firewall-cmd --reload
Setting up Zabbix to receive SNMP traps using zabbix_trap_receiver.pl
Now that our firewall is configured to receive traps we need to configure our OS to accept traps and sent them to a preprocessing script so that Zabbix is able to read the traps. You could also use SNMPTT but then you need to create some manual rules.
Let’s install the packages that are needed.
[zabbixserver ~]# yum install -y net-snmp-utils net-snmp-perl
We will be using zabbix_trap_receiver.pl, This is a perl script from Zabbix SIA
and it can be downloaded from the latest Zabbix sources
HERE
Copy the file to /usr/bin
[zabbixserver ~]# cp zabbix_trap_receiver.pl /usr/bin`
[zabbixserver ~]# chmod +x /usr/bin/zabbix_trap_receiver.pl`
Update snmptrapd.conf make sure it points to our perl script. Also we need to
add here the traps we will accept. This is done by specifying the
snmpTrapCommunity string. In this case public.
[zabbixserver ~]# vi /etc/snmp/snmptrapd.conf
Append below lines to snmptrapd.conf
authCommunity execute public perl do "/usr/bin/zabbix_trap_receiver.pl";
Enable Zabbix SNMP trapper in Zabbix server configuration file.
[zabbixserver ~]# vi /etc/zabbix/zabbix_server.conf
StartSNMPTrapper=1
SNMPTrapperFile should be configured in the same file and it should be the same as like it was set in zabbix_trap_receiver.pl file
SNMPTrapperFile=/var/log/zabbix_traps.tmp
Once done we can restart the Zabbix Server. This is needed to activate the
new configuration.
[zabbixserver ~]# service zabbix-server restart
We now have to enable and start snmptrapd
[zabbixserver ~]# systemctl enable snmptrapd --now
SNMP trap transmission file rotation (optional)
It’s not needed but highly advised to configure logrotate so that the log file gets cleaned up from time to time. Let’s first start by creating a directory to store the data
[zabbixserver ~]# mkdir -p /var/log/zabbix_traps_archive
[zabbixserver ~]# chmod 770 /var/log/zabbix_traps_archive
Add the below content to /etc/logrotate.d/zabbix_traps
/var/logs/zabbix_traps.tmp {
weekly
size 10M
compress
notifempty
dateext
dateformat -%Y%m%d
missingok
olddir /var/log/zabbix_traps_archive
maxage 365
rotate 10
}
Testing
Let’s test to see if we can receive traps by sending a test trap.
[zabbixserver ~]# snmptrap -v 1 -c public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.4' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.4 s "eth0"- zabbixserver ~]# snmptrap -v 2c -c public localhost ’’ 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456
Check that trap received in the file /var/log/zabbix_traps.tmp
It should look a bit like this:
PDU INFO:
notificationtype TRAP
version 0
receivedfrom UDP: [127.0.0.1]:41840->[127.0.0.1]
errorstatus 0
messageid 0
community public
transactionid 2
errorindex 0
requestid 0
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (55) 0:00:00.55
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: IF-MIB::linkUp.0.33
IF-MIB::linkUp type=4 value=STRING: "eth0"
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID: IF-MIB::linkUp
Conclusion
That’s it we have set up our OS to accept traps and configured the trap receiver to sent traps to Zabbix in a format it can read. The only thing left now is to create those items.
Also if you need help optimizing your Zabbix environment, or you need a support contract, some consultancy, or training, feel free to contact sales@open-future.be or visit us at https://www.open-future.be.
We are always available to help!