Sending e-mail when SNMP Trap is received

emailnet-snmpsnmp

I have to configure SNMP trap receiver to handle traps from a particular device (in this case it is a IBM TS3584 Tape Library) and send them over (as e-mail) with the information about the error. My server is running CentOS 6.4 linux, with net-snmp package.

I have connected to the library and I am able to receive its test trap. Additionaly I've downloaded the MIBs for this device (from here: http://www-01.ibm.com/support/docview.wss?uid=ssg1S4000318), and verified that I can get the values (or OID) of a particular event:

snmpwalk -v2c -c public -m +IBM-TS3500-MIBv2 10.10.100.5 ibm3584MIBObjectsTD
**IBM-TS3500-MIBv1::ibm3584MIBObjectsTD.0 = STRING: "This is a test SNMP trap."**


snmptranslate -m +IBM-TS3500-MIBv2 -IR -On ibm3584MIBObjectsTD
**.1.3.6.1.4.1.2.6.182.1.2.71.1**

The whole trap (from /var/log/messages) looks like this:

2013-08-27 15:49:37 10.10.100.5(via UDP: [10.10.100.5]:1795->[10.10.100.135]) TRAP,
SNMP v1, community public#012#011SNMPv2-SMI::enterprises.4484.1 Enterprise Specific
Trap (408) Uptime: 1:00:10.45#012#011SNMPv2-SMI::enterprises.2.6.182.1.2.11.1 =
STRING: "3584 L32 7814014"#011SNMPv2-SMI::enterprises.2.6.182.1.2.111.1 = STRING: "
0"#011SNMPv2-SMI::enterprises.2.6.182.1.2.101.1 = ""#011SNMPv2
SMI::enterprises.2.6.182.1.2.41.1 = STRING: "08"#011SNMPv2
SMI::enterprises.2.6.182.1.2.71.1 = STRING: "This is a test SNMP trap."#011SNMPv2
SMI::enterprises.2.6.182.1.2.151.1 = INTEGER: 1#011SNMPv2
SMI::enterprises.2.6.182.1.2.161.1 = STRING: "00000"

My question is: is there any software (linux, non gui) which can handle the traps received in this format and basing on the severity (which is one value in the SNMP trap) send an e-mail using the informations provided in a trap? I've tried Cacti, but I couldn't find any notification options (except an old plugin with no documentation), and although I managed cacti to speak with my device (reading its name/location etc.) its useless. AFAIK Nagios has the plugin for TS3200/3300 Libraries, but I can't use Nagios.

So I'm thinking if I have to write my own parser tailing /var/log/messages for snmp traps and search for the informations or is there any solution I can use?

Best Answer

You can configure snmptrapd to handle traps with a script; this is the traphandle directive.

I believe the configuration file is /etc/snmp/snmptrapd.conf.

For example, you can use:

traphandle IBM-TS3500-MIBv1::ibm3584MIBObjectsTD.0 /usr/local/bin/myscript.pl

Or, to parse everything, you can use:

traphandle default /usr/local/bin/myscript.pl

The contents of the trap is passed to the script in STDIN so your script will need to read from there.

You don't mention your preferred language for scripting this so I won't go into too much detail; however, the following library exists for Perl: SNMP::Trapinfo

You could do something like this:

use strict;
use SNMP::Trapinfo;
my $trap = SNMP::Trapinfo->new(*STDIN, {hide_passwords => 1});
# parse trap here
my $subject = "Got trap from $trap->hostname";
open EMAIL, "|-", "/usr/bin/Mail", "-s", $subject, "me@mydomain.com";
print EMAIL "My Email Body for SNMP Trap";
close EMAIL;

Additionally, it doesn't look like your traps are being fully translated in /var/log/messages. I can't remember which variables you need to set to translate the traps with custom MIBs but you should be able to drop your MIBs in /usr/local/share/snmp/mibs (creating that directory if it doesn't exist).

Related Topic