SNMP Traps aren't getting processed

[ericssonvietnam]

Hi Team,

I am receiving the trap in my server.

+++++++++++++++++++++++++++++++++++
[root@nagiosxi snmptt]# tcpdump -i any -vv -A -T snmp -s 0 "(dst port 162) or (src port 161) or (dst port 161) and (host 10.10.172.104)"
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
15:10:33.398053 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.54083 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x7E0x040x1D0x190xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=588988497 system.sysUpTime.0=14134395 S:1.1.4.1.0=E:38204.2.2.4048 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.21 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

.h

.4.C...Y.q0..M...0...w...............301.......~....;q[............myuser....~x.......{..0.........~....;q[...........#[email protected]...+.......C....{0..
+...........+......<...P0O..+......<....@At Time :2018-08-13 15:05:01 Signaling link 10.10.96.21 is down.00..+......<....!HCM-SIGNALLING-1,IP:10.10.172.1040...+......<.....PARK10...+......<.....
15:10:33.462143 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.47665 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x2D0x3E0x460x530xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=1881756200 system.sysUpTime.0=14134401 S:1.1.4.1.0=E:38204.2.2.4050 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.25 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

.h

.4.1...Y..0..M...0...5.h.............301.......->FS.;q[............myuser..s..L ...~.....0.........->FS.;q[...........p)R(......0..0...+.......C.....0..
+...........+......<...R0O..+......<....@At Time :2018-08-13 15:05:01 Signaling link 10.10.96.25 is down.00..+......<....!HCM-SIGNALLING-1,IP:10.10.172.1040...+......<.....PARK10...+......<.....
15:10:33.527152 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.41100 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x910xFC0x440x750xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=1288002910 system.sysUpTime.0=14134408 S:1.1.4.1.0=E:38204.2.2.4052 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.29 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

+++++++++++++++++++++++++

while checking in the SNMP logs I am not getting the same logs in ant of the stated below.

snmptt.debug|| snmptthandler.debug snmptt.log || snmpttsystem.log || snmpttunknown.log


can you help me out as we are getting the V3 version of SNMP in the trap and initially I have configured the IP via SNMPv3 now when I trying to change or cross check the same I am not able to find the same on FE?

I am using Nagios XI.

[tgriep]

Did you setup the snmptrapd daemon on the Nagios server to receive SNMP version 3 traps?

If not, on your XI server, edit the file /etc/snmp/snmptrapd.conf
At these two lines to the top:

Code: Select all

createUser -e 0x8000000001020304 traptest SHA mypassword AES mypassword
authuser log traptest

The -e 0x8000000001020304 is the engine ID the remote system is using to send the traps. If it is not using it, you can remove it from the createUser option.

This section are the credentials for the user name and encryption passwords used in the traps. Make sure they are updated.

Code: Select all

traptest SHA mypassword AES mypassword

These lines still need to be in the snmptrapd.conf file

Code: Select all

disableAuthorization yes
traphandle default /usr/sbin/snmptthandler

Save the file and then:

Code: Select all

service snmptrapd restart

Then test the traps again to see if they are received.