I’ve been trying to figure this out from the code but I seem to be missing something. Is it possible to set a default trap handler for when no other handler matches? I want to capture any unhandled traps and be able to do something with them like trigger an alert against the device so I can write a handler for it.
I see the list of handlers in ~/config/snmptraps.php but haven’t been able to figure out what calls it and how. Is it read in and the first match wins, or the last match for example. Could I put an extra handler at the end like:
In Global Settings, go to External and SNMP Trap Integration. Set Create eventlog for snmptraps to Unhandled Only and turn on Enable detailed logs.
Traps will now show up in the eventlog starting with the snmpTrapOID.0 and then rest of the OIDs and value from the trap. If the mibs are installed the OIDs will resolve to the names, otherwise it will be the closest resolved MIB and numerical OID.
Thanks for this. I already have that configured but I want to raise an alert when an unhandled trap arrives and ultimately show a status on a widget to reflect that.
As it stands, the only way I can see to do that would be to match on traps which contain a double colon e.g. ::, but that could easily lead to false alerts.
You could alert on the message “DISMAN-EVENT-MIB::sysUpTimeInstance”, I don’t know why that would show up in anything other than an unhandled trap.
If you weren’t aware, you will also want to use one of the time based macros, such as eventlog.datetime >= macros.past_10m, otherwise the alert rules will trigger on ANY instance in the eventlog table.
