SNMP trap not being logged

flipsid3 · 23 May 2024 06:57

Hi guys,

I may have an issue that I am trying to solve regarding setting up an SNMP trap.

Our setup is in AWS (EC2 + RDS). I have followed the documentation when setting up snmp trap handler: SNMP Trap Handler - LibreNMS Docs

Following this documentation, I have set the following:

in /etc/snmp/snmptrapd.conf:
disableAuthorization yes
authCommunity log,execute,net CommStringHere
snmpTrapdAddr udp:162
logOption s
logOption f /var/log/snmptrap/snmptrap.log
traphandle default /opt/librenms/snmptrap.php

And I have followed Option 2 with exactly the same configuration as provided in the doc (Option 1 I have also tested on a different environment, no luck).

snmptrapd status is as follows:

● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/lib/systemd/system/snmptrapd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-09 11:26:26 UTC; 1 weeks 6 days ago
Main PID: 2712891 (snmptrapd)
Tasks: 1 (limit: 84237)
Memory: 2.9M
CGroup: /system.slice/snmptrapd.service
└─2712891 /usr/sbin/snmptrapd -f -m IF-MIB -M /opt/librenms/mibs -tLf /var/log/snmptrap/snmptrap.log

When started the service I have the following output in the log:
NET-SNMP version 5.8

When sending a trap from IPAM to the server I get no logs, however, tcpdump shows that the packet is being received, so the firewall rules and security groups are configured perfectly fine. I am also unable to get a log from a localhost.

Any ideas on how to solve this issue, please?

Thank you in advance.

Kind regards to you all!

flipsid3 · 27 May 2024 06:38

Hi everyone, any ideas?

flipsid3 · 4 June 2024 08:55

HI @murrant could you please advise? I think you might be the person who might have faced it in the past.

Thank you in advance.

Kind regards,
Adrian

sthierolf · 10 June 2024 16:24

My understanding is SNMP-Traps are UDP running on port 162. On your SNMP-Trap Receiver, do you see if the port is open, for example with netstat -tulpn?
Is it possible to send with netcat, like nc -u IP 162 a trap for testing?

flipsid3 · 11 June 2024 12:06

Hi @sthierolf,

Unfortunately, testing with snmptrap commands, or nc command does not add anything to the log (attempted to use both localhost and the exact IP address). The use case is to receive a trap from the IPAM. tcpdump shows that we receive a packet but the snmptrap does not log it, perhaps does not even see it.

Here is a screenshot of the tests:

Thank you in advance for any guidance.

sthierolf · 16 June 2024 23:04

Hm, Is it possible a firewall is active and blocking or dropping UDP/162? If I remember correctly Ubuntu and/or CentOS uses ipfilter. I encountered a similar issue when I was querying SNMP from my XCP-NG hypervisor, ipfilter was dropping SNMP data.

flipsid3 · 17 June 2024 07:29

Hi sthierolf,

Thank you for your guidance. Unfortunately not, firewall rules were checked with keen eyes and the actions on the instance are allowed by the rules