Net-SNMP

[minutemaid]

I've installed net-snmp in hopes to be able to capture the SNMP messages sent out by our UPS on our nix/win boxes in case of power failure. Is there a way to log all snmp traffic sent? In windows with loriotpro the message I get is:

<0> americanpower () for agent 192.168.10.187 from proxy [192.168.10.187] ups: switched to battery backup power.

I'm really confused on how to make a trap for this and I thought if I could at least log everything I could sort through to find the data I need. I tried Net-SNMP in windows but got the same results.

[robin_bga]

Well i always recommend Ntop for such issues. U have one machine sniffing all the packets and u can see the whole network's throughput. in both graphs and pie charts.
All the best
Cheers
Robin

[minutemaid]

I'll give it a shot. It wouldn't be so hard if there was some short of shell/gui on the boxes so I could use some of the many available apps but they are just bare essential installs of gentoo.

I ended up writing a program to ssh from win into nix and shutdown that way which is not my preferred method.

[minutemaid]

ntop is nice but it doesn't have working snmp logging yet:
"SNMP support disabled or not available"

Wish there was a better net-snmp guide out there. The ones they provide are good but the trap testing part is too vague for me to follow

[minutemaid]

When the UPS send out its messages it works in windows but in linux I get:
<28>Nov 26 11:13:23 snmptrapd[8224]: No access configuration - dropping trap.


snmptrapd.conf:

Code:

traphandle default /usr/local/bin/Hello
traphandle public /usr/local/bin/Hello
traphandle "default" /usr/local/bin/Hello
traphandle "public" /usr/local/bin/Hello
traphandle americanPower.1.3.2.13 /usr/local/bin/Hello

[minutemaid]

So I have everything sorted out and figured I'd post what I ended up doing to get Net-SNMP to log everything and have a traphandle trigger an event which is my custom perl script:

Requirements

Code:

Net-SNMP (Only need to use snmptrapd)
Perl
File::ReadBackwards Perl module from CPAN
snmptrapd.conf
snmppl (custom script)

My snmptrapd.conf contains:

Code:

disableAuthorization yes
traphandle default /usr/local/bin/snmppl

My /usr/local/bin/snmppl contains:

Code:

#!/usr/bin/perl
use File::ReadBackwards;
$bw = File::ReadBackwards->new( '/var/log/everything/current' ) or die "can not read $!";
$errString = $bw->readline;
print "$errString\n";

if ($errString =~ /Switched to battery backup power/) {
        print "Switched to battery power\n";
        system "shutdown -h +2";
} elsif ($errString =~ /Returned from battery backup power/) {
        print "Power returned switching off battery power\n";
        system "shutdown -c";
}
if ($errString =~ /configuration/) {
       print "Config change\n";
}

Edited /etc/conf.d/snmptrapd :

Code:

SNMPTRAPD_FLAGS="-Lf /var/log/snmptrapd.out"

Then I added it to my start up:

Code:

rc-update -a snmptrapd default

And I ended up finding the OID:
1.3.6.1.4.1.318.2.3.3.0 being the full oid with object for the msg
SNMPv2-SMI::enterprises.318.2.3.3.0 same but named
1.3.6.1.4.1.318 just the root OID

When I changed data I got this and every message has the same OID just the STRING changes:
SNMPv2-SMI::enterprises.318.2.3.3.0 = STRING: "System: SNMP configuration change. SNMP trap receiver 4 address."

I hope this helps some one, took way longer to sort all this out then it should of. I know it's not perfect but it works.