Home page Net-SNMP

Archive Search:

Require all words?

Site Search:
Net-SNMP Tutorial -- Trap handling

Net-SNMP Tutorial -- traps

Traps can be used by network entities to signal abnormal conditions to management stations. The following paragraphs will describe how traps are defined in MIB files, how they are generated by the snmptrap utlity, and how they are received and processed by the snmptrapd utitlity.

Note: as I prefer the OID notations using the MODULE::identifier notation, this is used throughout in the following examples, and the snmptrapd output similarly assumes the -OS option.

Definition of traps

Traps comes in two destinctly different forms, SNMPv1 traps, and SNMPv2 traps (or notifications)

The SNMPv1 trap

The SNMPv1 trap is defined in the MIB file using the TRAP-TYPE macro, as in the following example
This defines a single enterprise specific trap, that can be issued as follows
and when received by snmptrapd is displayed as follows

The SNMPv2 notification

The format of the SNMPv2 notification is somewhat different. The definition in the MIB file looks as follows
This is a definition that is similar to the SNMPv1 trap given above. Issuing this notification looks as follows
and the resulting output from the trap daemon is

Defining trap handlers

The snmptrapd utility has the ability to execute other programs on the reception of a trap. This is controlled by the traphandle directive, with the syntax
Notice, that this only takes an OID to determine which trap (or notification) is received. This means that SNMPv1 traps need to be represented in SNMPv2 format, which is described in RFC 2089. Basically, the OID for our above defined trap is created by taking the ENTERPRISE parameter and adding the sub-ids 0 and 17. Similarly, OID values for the generic SNMPv1 traps are defined to be the same as for SNMPv2.

The command specifies a command to be executed by snmptrapd upon reception by the command. This command is executed with the data of the trap as its standard input. The first line is the host name, the second the IP address of the trap sender, and the following lines consists of an OID VALUE pair with the data from the received trap.

A simple shell script to be called from snmptrapd is the following:

Now, given the following sample snmptrapd.conf file,
the following snmptrap invocation, to issue a generic Link down trap,
results in the following output from snmptrapd
and the following output from the handler
and issuing our enterprise specific trap gives this output from our handler
and finally our enterprise specific notification

Generating traps from the agent

The agent is able to generate a few traps by itself. When starting up, it will generate a SNMPv2-MIB::coldStart trap, and when shutting down a UCD-SNMP-MIB::ucdShutDown.

These traps are sent to managers specified in the snmpd.conffile, using the trapsink or trap2sink directive (SNMPv1 and SNMPv2 trap respectively)

In addition, the agent is able to send authentication failure traps, to the same hosts as above, controlled by the authtrapenable directive in snmpd.conf, or by setting SNMPv2-MIB::snmpEnableAuthenTraps variable

Note: the current 4.0 version of Net-SNMP does not generate authentication failure traps. This will hopefully be corrected before the next release. [an error occurred while processing this directive]

Valid CSS!

Last modified: Thursday, 26-May-2011 23:21:32 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.