![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
On 2015-01-13 08:28, Per Jessen wrote:
Carlos E. R. wrote:
AmonLanc:~ # rcsnmptrapd status Checking for service snmptrapd: running snmptrapd.service - LSB: Receive and log SNMP trap messages Loaded: loaded (/etc/init.d/snmptrapd) Active: active (running) since Mon 2015-01-12 13:46:52 CET; 1h 53min ago CGroup: /system.slice/snmptrapd.service └─4580 /usr/sbin/snmptrapd -A -LF n /var/log/net-snmpd.log -p /var/run/snmptrapd.pid
This is what I used when I was playing with snmptrapd:
snmptrapd -A -Lf /var/log/snmptraps
Well... I changed that, and restarted the service: case "$1" in start) echo -n "Starting snmptrapd: " # startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -LF ${SNMPD_LOGLEVEL:-n} $SNMPTRAPD_LOGFILE -p $SNMPTRAPD_PID #CER startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -Lf ${SNMPD_LOGLEVEL:-n} $SNMPTRAPD_LOGFILE -p $SNMPTRAPD_PID rc_status -v ;; stop) AmonLanc:~ # systemctl status snmptrapd snmptrapd.service - LSB: Receive and log SNMP trap messages Loaded: loaded (/etc/init.d/snmptrapd) Active: active (running) since Tue 2015-01-13 15:57:00 CET; 2s ago Process: 27208 ExecStop=/etc/init.d/snmptrapd stop (code=exited, status=0/SUCCESS) Process: 27217 ExecStart=/etc/init.d/snmptrapd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/snmptrapd.service └─27225 /usr/sbin/snmptrapd -A -Lf n /var/log/net-snmpd.log -p /var/run/snmptrapd.pid Jan 13 15:57:00 AmonLanc snmptrapd[27217]: Starting snmptrapd: ..done Jan 13 15:57:00 AmonLanc systemd[1]: Started LSB: Receive and log SNMP trap messages. AmonLanc:~ # The log changes: AmonLanc:~ # l /var/log/net-snmpd.log srwxr-xr-x 1 root root 0 Jan 13 15:57 /var/log/net-snmpd.log= AmonLanc:~ # The result is that I can not even try to read it: AmonLanc:~ # less /var/log/net-snmpd.log /var/log/net-snmpd.log is not a regular file (use -f to see it) AmonLanc:~ # less -f /var/log/net-snmpd.log /var/log/net-snmpd.log: No such device or address AmonLanc:~ # I use this to send traps from another machine (taken from the tutorial): Telcontar:~ # snmptrap -v 1 -c public amonLanc.valinor NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "" 6 17 "" netSnmpExampleHeartbeatRate i 123456 Telcontar:~ # So I reverted the change. Then I edited "/etc/sysconfig/net-snmp": ## Path: System/Net-SNMP ## Description: Log level of the snmp server. ## Type: string(!,a,c,e,w,n,i,d,0,1,2,3,4,5,6,7) ## Default: n # # Defines the log level for snmpd. # # The default is "n" (5, LOG_NOTICE) # SNMPD_LOGLEVEL="a" Then I sent a "trap" and I got a single byte in /var/log/net-snmpd.log: AmonLanc:~ # hexdump -C /var/log/net-snmpd.log 00000000 0a |.| 00000001 AmonLanc:~ # But repeating the send doesn't produce another. Then I changed the value in "/etc/sysconfig/net-snmp" to "7", and finally I get entries in the log! AmonLanc:~ # cat /var/log/net-snmpd.log NET-SNMP version 5.7.2 2015-01-13 16:11:25 Telcontar.valinor [192.168.1.14] (via UDP: [192.168.1.14]:44398->[192.168.1.15]:162) TRAP, SNMP v1, community public NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification Enterprise Specific Trap (17) Uptime: 4 days, 3:13:44.59 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatRate = INTEGER: 123456 AmonLanc:~ # Bingo! So I disable/enable snmp in the router, which I knew produced a message, and got it in the log: 2015-01-13 16:13:00 router [UDP: [192.168.1.1]:161->[192.168.1.15]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (804792300) 93 days, 3:32:03.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::warmStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: SNMPv2-SMI::enterprises.16972.2.10 (what it means exactly, I dunno :-) ) (just the uptime is clear) Which is what I wanted, find out what traps my router sends by capturing them in a log. :-) Whether the info is interesting or not, or even useful, is still to be found. I'd like to see traffic info, or disconnections... disconnections I see in syslog, anyway. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)