I wanted to test Nagios‘ ability to alarm on an SNMP trap. So I needed a good way to trigger an SNMP trap without, say… turning on and off a Cisco switch.
This document basically stitched together an example from the Net-SNMP tutorial and the Net-SNMP FAQs to create a step-by-step guide. SNMP has a lot of technical jargon, but this how-to should work without knowing too many terms.
Creating the SNMP Trap
You’ll need root access to at least one Linux server (preferably two servers for proper testing) to complete this exercise. Enjoy!
1) Install Net-SNMP and its tools, start the daemon and make sure it works
CentOS_5# yum install net-snmp-utils
CentOS_5# /etc/init.d/snmpd start
CentOS_5#snmpwalk -v 2c -c public localhost system
The last line should spew out a number of lines that look like this:
NMPv2-MIB::sysORDescr.1 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing IP and ICMP implementations
2) Create your MIB definition. Drop this file into your MIBs directory, likely in /usr/share/snmp/mibs.
CentOS_5# cat /usr/share/snmp/mibs/TRAP-TEST-MIB.txt
TRAP-TEST-MIB DEFINITIONS ::= BEGIN
IMPORTS ucdExperimental FROM UCD-SNMP-MIB;
demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 }
demo-trap TRAP-TYPE
STATUS current
ENTERPRISE demotraps
VARIABLES { sysLocation }
DESCRIPTION "This is just a demo"
::= 17
END
3) Load the MIB.
CentOS_5# export MIBS=+TRAP-TEST-MIB
4) Run the snmptrap command to send a trap to your monitoring host. (Replace monitoring_host with the appropriate hostname).
CentOS_5# snmptrap -v 1 -c public monitoring_host TRAP-TEST-MIB::demotraps localhost 6 17 '' SNMPv2-MIB::sysLocation.0 s "Ryan was just here"
How to Verify your SNMP Trap
1) Run tcpdump on your monitoring host to see whether you’re seeing the host. Note that an aggressively filtering firewall or SELinux may prevent your packet from showing up.
monitoring_host# tcpdump host CentOS_5
13:49:03.914746 IP CentOS_5.twosmallcoins.com.56970 > monitoring_host.snmptrap: Trap(64) E:2021.13.990 127.0.0.1 enterpriseSpecific s=17 33361154 [|snmp]
2) Save the file and look at it in Wireshark (formerly known as Ethereal), to see the detailed packet.
mointoring_host# tcpdump -w ryan_test.dmp -s 0 host CentOS_5
This command will save it to the ryan_test.dmp file, so you can analyze it later. If you look closely, you can see the part of the packet that says “Ryan was just here”.
