1. Overview
We use Simple Network Management Protocol (SNMP) to facilitate the management and monitoring of network devices. In particular, managed devices can send asynchronous notifications called SNMP traps to a network management system (NMS) to actively alert administrators about specific events.
In this tutorial, we’ll explore how to send SNMP traps from the command line in Linux, utilizing various tools and libraries.
2. Installing SNMP
When a given event or condition takes place on the network device, it can generate an SNMP trap:
- system reboot
- link failure
- high CPU usage
Furthermore, the trap contains information about the event, such as the type of event and relevant data. They’re useful for monitoring and managing network devices. Moreover, they provide real-time notifications about critical events, enabling us to promptly respond to issues, troubleshoot problems, and ensure the smooth operation of the network infrastructure.
First, let’s tackle all the prerequisites needed to receive SNMP traps.
2.1. Package Installation
To begin with, we’ll check out how to install SNMP and verify a successful installation on Ubuntu version 22.10:
$ sudo apt update
$ sudo apt install -y snmp snmptrapd
In the above example, we use sudo along with apt to update the package lists on the system, ensuring that we have the latest information about available packages. Moreover, we also employ apt to install the snmp and snmptrapd packages. The -y flag automatically confirms any prompts during the installation process.
2.2. Validation Script
Now, let’s check whether the installation of the package is successful or not:
if dpkg -s snmp &> /dev/null && dpkg -s snmptrapd &> /dev/null; then
echo "SNMP is installed."
else
echo "SNMP installation failed."
exit 1
fi
We use an if-else statement to print SNMP is installed in the terminal using the echo command in case the package is installed successfully. On the other hand, if the installation fails, the statement printed will be SNMP installation failed. In addition, we terminate the script using exit 1 to return a non-zero exit code, indicating a failure.
In essence, we use the dpkg command with the -s option to report the status of the package. Since we’re installing the snmp and snmptrapd packages, we type in both packages in our if condition statement. Finally, the output is discarded to /dev/null.
2.3. Installation Validation
The next step is to save the script in the previous section in a file named snmp_installation.sh, and make it executable:
$ chmod +x snmp_installation.sh
We make the script executable via the x option of the chmod command. In this context, the + sign means we want to add the respective permission.
Let’s run the script and check the output:
$ ./snmp_installation.sh
SNMP is installed
The output from our script indicates the successful installation of our package.
3. Configuring SNMP
After installing the packages, let’s discuss what SNMP configuration file changes we need.
3.1. Creating the Trap Receiver Script
To handle the received SNMP traps, we create a new file /usr/bin/our_snmptrap_script.sh:
$ cat /usr/bin/our_snmptrap_script.sh
#!/bin/bash
# Log file to store received traps
LOG_FILE=/usr/bin/trap_log
# Timestamp for the trap reception
TIMESTAMP=$(date +"%Y-%m-%d %T")
# Append the received trap details to the log file
echo "Received trap at $TIMESTAMP:" >> $LOG_FILE
echo "----------------------------------" >> $LOG_FILE
echo "$*" >> $LOG_FILE
echo "----------------------------------" >> $LOG_FILE
echo >> $LOG_FILE
The above script initializes two new variables, LOG_FILE and TIMESTAMP:
- LOG_FILE: points to the newly created text file named /usr/bin/trap_log to store traps
- TIMESTAMP: formatted to store the date and time of traps
The lines after the initialization format the data about new traps, associate it with the respective TIMESTAMP value, and append it to LOG_FILE.
Lastly, we grant execution permission to the script with chmod:
$ chmod +x /usr/bin/our_snmptrap_script.sh
Now, let’s point to our trap handler via the configuration.
3.2. Editing the snmptrapd Configuration File
The snmptrapd configuration file is usually located at /etc/snmp/snmptrapd.conf.
Subsequently, we can edit this file using a text editor such as nano:
$ sudo nano /etc/snmp/snmptrapd.conf
Initially, we ensure three lines are present in the file:
$ cat /etc/snmp/snmptrapd.conf
[...]
disableAuthorization yes
authCommunity log,execute,net public
snmpTrapdAddr udp:1234
In the above example, there are some parameters that may vary from one environment to another:
- disableAuthorization value of yes disables authorization when sending traps to the SNMP manager
- authCommunity ensures proper communication between peers, so we might have to change public to the proper community group described in the SNMP trap package configuration
- snmpTrapdAddr sets the protocol and listening port of the SNMP Trap package
As already mentioned, we use traps to alert the NMS about specific events or conditions that occur on the network device. Accordingly, we uncomment or add a line starting with traphandle. Afterward, we append the actual path and filename of our trap receiver script, /usr/bin/our_snmptrap_script.sh.
So, all our changes are in four lines of /etc/snmp/snmptrapd.conf:
$ cat /etc/snmp/snmptrapd.conf
[...]
disableAuthorization yes
authcommunity log,execute,net public
snmpTrapdAddr udp:1234
traphandle default /usr/bin/our_snmptrap_script.sh
Finally, the configuration is ready, so we can apply it:
$ sudo service snmptrapd restart
We restart the service called snmtrapd to make all our changes effective.
4. Sending SNMP Traps
After finalizing the required installation and preparation needed to ensure the proper functioning of SNMP traps, it’s time to see how to send an actual SNMP trap:
$ snmptrap -v 2c -c public 192.168.0.1 '' SNMPv2-MIB::coldStart SNMPv2-MIB::sysName.0 s "MyDevice"
The snmptrap command sends an SNMP trap to the specified trap receiver, 192.168.0.1. We accomplish this using SNMP version 2c and the community string public. The trap sent is the coldstart trap from the SNMPv2-MIB module, along with the value for the sysName object set to MyDevice.
4.1. Timeticks
One type that we can use with the snmptrap command is t:
$ snmptrap -v 2c -c public 192.168.0.1 '' SNMPv2-MIB::coldStart SNMPv2-MIB::sysName.0 s "MyDevice" SNMPv2-MIB::snmpTrapTime.0 t 300
The 300 (t) TIMETICKS used in the above example measure the time duration between two events or epochs. The only difference here from the previous example is the definition of the SNMP trap time variable, which is SNMPv2-MIB::snmpTrapTime.0. After it, we define the type t that denotes that the value is of the TIMETICKS data type. Finally, the value of 300 represents 3 seconds. In particular, each timetick corresponds to a hundredth of a second.
4.2. Authentication and Encryption
Let’s see how to send an SNMPv3 trap with authentication and encryption:
$ snmptrap -v 3 -l authPriv -u username -a SHA -A auth_password -x AES -X priv_password -e 0x8000000001020304 192.168.0.1 '' SNMPv2-MIB::coldStart SNMPv2-MIB::sysName.0 s "MyDevice"
In the above code snippet, we use the -v 3 option to specify the SNMP version as SNMPv3. Moreover, the -l authPriv option sets the security level to include both authentication and encryption. The -u and -a options indicate the SNMPv3 username for authentication and encryption and auth_password respectively using the SHA protocol.
On the other hand, -x AES -X priv_password specifies the encryption protocol AES and provides the encryption password. Finally, the -e option followed by 0x8000000001020304 object ID (OID) sets the enterprise OID in hexadecimal format.
5. Conclusion
In this article, we followed the steps to install SNMP on a Ubuntu Linux system. We achieved this by using the apt package manager and verifying its successful installation.
Additionally, we edited the /etc/snmp/snmptrapd.conf file to tailor it to our environment and created a trap handler script.
Finally, we saw that by testing SNMP functionality by sending an actual SNMP trap, we can ensure that SNMP is functioning as expected.