I’ve created a couple of trap handlers and they work well. I’d like to submit a pull request for them but there are a couple of things I need a little help understanding first as I expect to write quite a few more. Sorry for the noob questions.
Firstly, I added my handlers to LibreNMS/Snmptrap/Handlers/ and created entries in config/snmptraps.php for them. The traps are being translated by snmptrapd and the handler is stripping out the useful bits and adding the correct message to the event log, but I’m also seeing an unhandled version of the same trap in the event log with the same timestamp. I can’t find anywhere it’s logged or explained why each trap is appearing in both handled and unhandled forms in the eventlog.
Second thing, I see here that I can add a colour to the eventlog and see that some trap handlers do that, but is there a definition of what those colours should be used for, like a certain severity or is it an arbitrary choice by the dev, in this case, me?
The other question I had is where should these traps ultimately end up in LibreNMS? Do they just exist as eventlog entries, or should they do something else within LibreNMS?
Anybody know why I could be getting duplicate trap eventlog entries?
I’m getting both handled and unhandled versions of a single trap instance in the eventlog. It doesn’t appear to happen with other traps, just the handlers I wrote.
Each of my handlers has a single $trap->log line at the end, a single entry in config/snmptraps.php and a single log file entry in the snmptrapd logs. I have the following configured in config.php:
To update on my other questions, I’ve concluded the traps just appear as an eventlog message unless specifically written to do something else (only IF-MIB::LinkUp and LinkDown do anything else) and that the use of colour is arbitrary, but can be used to denote severity. In my handler, I’ve mapped the 7 Cisco trap severities on to the 5 LibreNMS colours.