SNMP Traps - trapd

Owned by Sebastian Koch
Last updated: Jul 25, 2017 by Jacobo Eraso Puig (Deactivated)
5 min read

Introduction

The trap daemon is our approach to sending, receiving and processing traps in the Site Controller. It will receive the traps, filter them and send them to the corresponding gateway in the system. It will also send traps to the configured receivers. The OIDs(MIB) for trap sending are in an attached file to this document..

Related Articles

Flow diagram

Here we can see a flow diagram of how the daemon works.

Configuration of the module

This is a complex module that needs configuration in several files. 

  • For receiving traps, there must be a device and gateway configuration (in sensor_config.xml) , that will include the source address and the OIDs that we will listen to. This information will be used to filter incoming traps. There must be also a sensor configuration that will evaluate the output of the traps once they are processed.
  • For sending traps, there must be a flag in the desired sensors (in sensor_config.xml): <export_as_trap>true</export_as_trap>
  • The daemon will send a trap to the desired destinations whenever there is an event caused by them (please note it is when an event, not every measure).
  • The desired destination are configured in the SiteController.cfg file.

Configuration parameters in SiteController Configuration

Description of the parameters

ParameterMeaningTypical values or examples
external_interfaceIP where we will be listening to the trapsIP of the system (do not use localhost)
trap_portPort where the daemon will be listening for traps162
destinations

It is a json list of the destinations that should receive the traps. Every element of the list must include (do not forget the aposthrofes):

  • version: 'v2c' Currently is the only protocol supported for sending traps.
  • ip: IP address of the destination system
  • port: port of the destination system
  • community: community string for the destination system
[{"version":"v2c","ip":"192.168.97.40","port":162,"community":"public"},{"version":"v2c","ip":"192.168.97.186","port":163,"community":"public"}] Use a json validator like json lint if you are going to configure it manually.

 

Example of configuration in SiteController.cfg

[trapd]
external_interface=192.168.97.186
trap_port=162
destinations=[{"version":"v2c","ip":"192.168.97.40","port":162,"community":"public"},{"version":"v2c","ip":"192.168.97.186","port":163,"community":"public"}]

Device and Gateway Configuration

For every device, you have to configure the source address, as our trapd just listens to traps from known hosts. Traps from not known hosts are ignored.

The "key_filter" parameter is a mask for incoming OIDs. All OIDs starting by the filter will be received from the module and sent to the raw_result demux module, attaching the bind variables. The bind variables are the OID´s that are going to be sent to the corresponding sensor. 

The OID´s that will be used are also defined in the configuration. All traps that are not in the list are ignored.

See below an example configuration for a router device that is configured to send snmp traps to our Site Controller:

		<device device_id="snmpZyxel_router_device">
			<trapd_device>
				<source_address>192.168.97.94</source_address>
			</trapd_device>
			<sensor_gateways>
			    <sensor_gateway sensor_gateway_id="snmpZyxel_ports">
					<trap key_filter='1.3.6.1.2.1.2.2.1.1.'>
						<OIDs>
							<OID>1.3.6.1.6.3.1.1.5.3</OID>
							<OID>1.3.6.1.6.3.1.1.5.4</OID>
						</OIDs>
					</trap>
			    </sensor_gateway>
			</sensor_gateways>
		</device>

In this configuration, the trapd will listen to any trap that starts with "1.3.6.1.2.1.2.2.1.1.", and that contain the bind variables defined in the OID parameters. Then it will create a string with the bind variables and send it to the sensor that has a "key" that matches the key_filter.

Sensor Configuration for trap receiving

		<sensor sensor_id="snmpZyxel_port8">
            <sensor_class>unknown</sensor_class>
            <state_evaluation_expressions>
                <state_evaluation_expression>
                    <expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.4'")</expression>
                    <true>OK</true>
                </state_evaluation_expression>
                <state_evaluation_expression>
                    <expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.3'")</expression>
                    <true>CRITICAL</true>
                </state_evaluation_expression>
            </state_evaluation_expressions>
            <sensor_gateway sensor_gateway_id="snmpZyxel_ports">
                <demux>
					<keys>
	                    <key>1.3.6.1.2.1.2.2.1.1.8</key>
					</keys>
                </demux>
            </sensor_gateway>
        </sensor>
		<sensor sensor_id="snmpZyxel_port7">
			<sensor_class>unknown</sensor_class>
			<state_evaluation_expressions>
				<state_evaluation_expression>
					<expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.4'")</expression>
					<true>OK</true>
				</state_evaluation_expression>
				<state_evaluation_expression>
					<expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.3'")</expression>
					<true>CRITICAL</true>
				</state_evaluation_expression>
			</state_evaluation_expressions>
			<sensor_gateway sensor_gateway_id="snmpZyxel_ports">
				<demux>
					<keys>
						<key>1.3.6.1.2.1.2.2.1.1.7</key>
					</keys>
				</demux>
			</sensor_gateway>
		</sensor>
		<sensor sensor_id="snmpZyxel_port6">
            <sensor_class>unknown</sensor_class>
            <state_evaluation_expressions>
                <state_evaluation_expression>
                    <expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.4'")</expression>
                    <true>OK</true>
                </state_evaluation_expression>
                <state_evaluation_expression>
                    <expression>str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.3'")</expression>
                    <true>CRITICAL</true>
                </state_evaluation_expression>
            </state_evaluation_expressions>
            <sensor_gateway sensor_gateway_id="snmpZyxel_ports">
                <demux>
					<keys>
	                    <key>1.3.6.1.2.1.2.2.1.1.6</key>
					</keys>
                </demux>
            </sensor_gateway>
        </sensor>

 

Example of sensor that will send traps when an event occurs

		<sensor sensor_id="VS_ZyxelPort7">
            <sensor_class>unknown</sensor_class>
            <export_as_trap>true</export_as_trap>
            <state_evaluation_expressions>
                <state_evaluation_expression>
                    <expression><![CDATA[(value=="1") or (str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.4'"))]]></expression>
                    <true>LINK UP</true>
                </state_evaluation_expression>
                <state_evaluation_expression>
                    <expression><![CDATA[(value=="2") or (str(value).replace('u','').__contains__("'1.3.6.1.6.3.1.1.4.1.0': '1.3.6.1.6.3.1.1.5.3'"))]]></expression>
                    <true>LINK DOWN</true>
                </state_evaluation_expression>
            </state_evaluation_expressions>
        </sensor>