On Tue, 13 Jan 2015 16:23, Carlos E. R. <robin.listas@...> wrote:
On 2015-01-13 08:28, Per Jessen wrote:
Carlos E. R. wrote: [snip]
This is what I used when I was playing with snmptrapd:
snmptrapd -A -Lf /var/log/snmptraps
Well... I changed that, and restarted the service:
case "$1" in start) echo -n "Starting snmptrapd: " # startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -LF ${SNMPD_LOGLEVEL:-n} $SNMPTRAPD_LOGFILE -p $SNMPTRAPD_PID #CER startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -Lf ${SNMPD_LOGLEVEL:-n} $SNMPTRAPD_LOGFILE -p $SNMPTRAPD_PID rc_status -v ;; stop)
First error here: either you remove the part "${SNMPD_LOGLEVEL:-n}", or edit the config-file where this is defined: In file "/etc/init.d/snmptrapd" line 26 says: "SNMPD_CONFIG=/etc/sysconfig/net-snmp" File "/etc/sysconfig/net-snmp": SNMPD_LOGLEVEL="i" (default is "n") [snip]
The log changes:
AmonLanc:~ # l /var/log/net-snmpd.log srwxr-xr-x 1 root root 0 Jan 13 15:57 /var/log/net-snmpd.log= AmonLanc:~ #
The result is that I can not even try to read it:
AmonLanc:~ # less /var/log/net-snmpd.log /var/log/net-snmpd.log is not a regular file (use -f to see it) AmonLanc:~ # less -f /var/log/net-snmpd.log /var/log/net-snmpd.log: No such device or address AmonLanc:~ #
Now, this is just wrong. That should be a plain test file, not a socket. Remove file, create empty file as root, set mode: " rm /var/log/net-snmpd.log touch /var/log/net-snmpd.log chmod ug=rw,o=r /var/log/net-snmpd.log "
## Path: System/Net-SNMP ## Description: Log level of the snmp server. ## Type: string(!,a,c,e,w,n,i,d,0,1,2,3,4,5,6,7) ## Default: n # # Defines the log level for snmpd. # # The default is "n" (5, LOG_NOTICE) # SNMPD_LOGLEVEL="a"
With this you only log the highest level, alert = a = 0 = LOG_ALERT anything lower, e.g. notice = n = 5 = LOG_NOTICE, or the even lower info = i = 6 = LOG_INFO will NOT be logged. Thus shooting your own foot. Better chnge that to "i" for info, or go the full mounty with "d" for debug.
But repeating the send doesn't produce another. Then I changed the value in "/etc/sysconfig/net-snmp" to "7", and finally I get entries in the log!
AmonLanc:~ # cat /var/log/net-snmpd.log
NET-SNMP version 5.7.2 2015-01-13 16:11:25 Telcontar.valinor [192.168.1.14] (via UDP: [192.168.1.14]:44398->[192.168.1.15]:162) TRAP, SNMP v1, community public NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification Enterprise Specific Trap (17) Uptime: 4 days, 3:13:44.59 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatRate = INTEGER: 123456 AmonLanc:~ #
Bingo!
So I disable/enable snmp in the router, which I knew produced a message, and got it in the log:
2015-01-13 16:13:00 router [UDP: [192.168.1.1]:161->[192.168.1.15]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (804792300) 93 days, 3:32:03.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::warmStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: SNMPv2-SMI::enterprises.16972.2.10
(what it means exactly, I dunno :-) ) (just the uptime is clear)
Which is what I wanted, find out what traps my router sends by capturing them in a log. :-) Whether the info is interesting or not, or even useful, is still to be found.
I'd like to see traffic info, or disconnections... disconnections I see in syslog, anyway.
Lets look at the full picture: snmpwalk -v 2c -c public 192.168.1.1 The output will be long, maybe use a redirect into a file, or pipe into a pager. This gives you a hint (OID) to what to define a trap for. e.g. for my easy.box router a grepped output of above: IF-MIB::ifDescr.12 = STRING: PPPoE1 IF-MIB::ifDescr.13 = STRING: PPPoE2 IF-MIB::ifMtu.12 = INTEGER: 1492 IF-MIB::ifMtu.13 = INTEGER: 1492 IF-MIB::ifSpeed.12 = Gauge32: 6909000 IF-MIB::ifSpeed.13 = Gauge32: 6909000 IF-MIB::ifAdminStatus.12 = INTEGER: up(1) IF-MIB::ifAdminStatus.13 = INTEGER: up(1) IF-MIB::ifOperStatus.12 = INTEGER: up(1) IF-MIB::ifOperStatus.13 = INTEGER: up(1) IF-MIB::ifLastChange.12 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.13 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.12 = Counter32: 4273396241 IF-MIB::ifInOctets.13 = Counter32: 120249109 IF-MIB::ifInUcastPkts.12 = Counter32: 9964923 IF-MIB::ifInUcastPkts.13 = Counter32: 899379 IF-MIB::ifInNUcastPkts.12 = Counter32: 0 IF-MIB::ifInNUcastPkts.13 = Counter32: 0 IF-MIB::ifInDiscards.12 = Counter32: 0 IF-MIB::ifInDiscards.13 = Counter32: 0 IF-MIB::ifInErrors.12 = Counter32: 0 IF-MIB::ifInErrors.13 = Counter32: 0 IF-MIB::ifInUnknownProtos.12 = Counter32: 0 IF-MIB::ifInUnknownProtos.13 = Counter32: 0 IF-MIB::ifOutOctets.12 = Counter32: 396091514 IF-MIB::ifOutOctets.13 = Counter32: 191153470 IF-MIB::ifOutUcastPkts.12 = Counter32: 6608037 IF-MIB::ifOutUcastPkts.13 = Counter32: 899394 IF-MIB::ifOutNUcastPkts.12 = Counter32: 0 IF-MIB::ifOutNUcastPkts.13 = Counter32: 0 IF-MIB::ifOutDiscards.12 = Counter32: 0 IF-MIB::ifOutDiscards.13 = Counter32: 0 IF-MIB::ifOutErrors.12 = Counter32: 0 IF-MIB::ifOutErrors.13 = Counter32: 0 IF-MIB::ifOutQLen.12 = Gauge32: 1 IF-MIB::ifOutQLen.13 = Gauge32: 1 The command: snmptable -v 2c -c public 192.168.1.1 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable should (for most routers) give the info above as a table It's long since I had to use snmp to debug a network (1997), thus the knowlegde of trap design is no longer there. Sorry. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org