SNMP trap not being logged

Hi guys,

I may have an issue that I am trying to solve regarding setting up an SNMP trap.

Our setup is in AWS (EC2 + RDS). I have followed the documentation when setting up snmp trap handler: SNMP Trap Handler - LibreNMS Docs

Following this documentation, I have set the following:

in /etc/snmp/snmptrapd.conf:
disableAuthorization yes
authCommunity log,execute,net CommStringHere
snmpTrapdAddr udp:162
logOption s
logOption f /var/log/snmptrap/snmptrap.log
traphandle default /opt/librenms/snmptrap.php

And I have followed Option 2 with exactly the same configuration as provided in the doc (Option 1 I have also tested on a different environment, no luck).

snmptrapd status is as follows:

● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/lib/systemd/system/snmptrapd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-09 11:26:26 UTC; 1 weeks 6 days ago
Main PID: 2712891 (snmptrapd)
Tasks: 1 (limit: 84237)
Memory: 2.9M
CGroup: /system.slice/snmptrapd.service
└─2712891 /usr/sbin/snmptrapd -f -m IF-MIB -M /opt/librenms/mibs -tLf /var/log/snmptrap/snmptrap.log

When started the service I have the following output in the log:
NET-SNMP version 5.8

When sending a trap from IPAM to the server I get no logs, however, tcpdump shows that the packet is being received, so the firewall rules and security groups are configured perfectly fine. I am also unable to get a log from a localhost.

Any ideas on how to solve this issue, please?

Thank you in advance.

Kind regards to you all!

Hi everyone, any ideas?

HI @murrant could you please advise? I think you might be the person who might have faced it in the past.

Thank you in advance.

Kind regards,

My understanding is SNMP-Traps are UDP running on port 162. On your SNMP-Trap Receiver, do you see if the port is open, for example with netstat -tulpn?
Is it possible to send with netcat, like nc -u IP 162 a trap for testing?

Hi @sthierolf,

Unfortunately, testing with snmptrap commands, or nc command does not add anything to the log (attempted to use both localhost and the exact IP address). The use case is to receive a trap from the IPAM. tcpdump shows that we receive a packet but the snmptrap does not log it, perhaps does not even see it.

Here is a screenshot of the tests:

Thank you in advance for any guidance.

Hm, Is it possible a firewall is active and blocking or dropping UDP/162? If I remember correctly Ubuntu and/or CentOS uses ipfilter. I encountered a similar issue when I was querying SNMP from my XCP-NG hypervisor, ipfilter was dropping SNMP data.

Hi sthierolf,

Thank you for your guidance. Unfortunately not, firewall rules were checked with keen eyes and the actions on the instance are allowed by the rules