Setup SNMP Traps : Zabbix 5
HTML-код
- Опубликовано: 14 июл 2024
- Zabbix Course : sbcode.net/zabbix/snmp-traps/
Course Coupons : sbcode.net/coupons
I setup and demonstrate SNMP traps with Zabbix 5.
Receiving SNMP traps is the opposite of querying SNMP devices.
Information is sent from an SNMP device and is collected or "trapped" by Zabbix.
SNMP Traps are sent to the server on port 162 (as opposed to port 161 on the agent side that is used for queries).
So port 162 will need to be allowed on the Zabbix Server or Proxy, which ever will receive the SNMP traps.
For SNMP Traps to work, you need to configure some settings for either the Zabbix Server, or Zabbix Proxy.
Open zabbix_server.conf or zabbix_proxy.conf
And add/edit,
SNMPTrapperFile=/tmp/zabbix_traps.tmp
StartSNMPTrapper=1
Restart the Zabbix Server or Proxy
Download zabbix_trap_receiver.pl, save it into the /usr/bin folder and give it execute permissions.
Install and configure snmptrapd.
snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages.
Restart snmptrapd
Test some example snmptraps from various hosts.
I also demonstrate configuring and receiving traps my cisco switch.
The SNMP device, will send a snmptrap to the IP address configured. That IP should have the snmptrapd process running on it. It will be listening on port 162 by default. The firewall should not be blocking the snmp device from sending to it on that port. When the snmptrapd process receives a new trap message, it passes it to the zabbix_trap_receiver.pl script, which will reformat it, and save it into the folder. The zabbix proxy or server, will read it from that folder, and if the ip address or hostname matches a configured host than it will by default appear in the hosts snmp trap fallback item on the Zabbix server.
The host configuration on the Zabbix server should be configured with an SNMP interface and 1 or more snmptrap items.
0:00 Introduction. Setup SNMP Traps
0:25 Discuss firewall accerp port 162
0:40 All devices are currently SNMP agents
1:00 View SNMP trap fallback item
1:50 Demonstrate switch SNMP Trap configuration
2:40 Discuss the SNMP Trap Daemon on Zabbix Server or Proxy
3:45 Edit Zabbix Server or Proxy configuration
5:05 Download Zabbix Trap Receiver Perl Script
6:45 Install and configure snmptrapd
8:55 Test some example snmptrap commands
11:35 Discuss MIB descriptions versus OIDs in trap messages
12:05 Second snmptrap test from a different host
13:30 Discuss hardware snmp device with snmptrap support
14:10 Demonstrate automated snmp traps sent from Cisco switch
15:30 Create custom snmptrap item using regex for 'Reload Command'
17:40 Summarise Zabbix SNMP Trap process
#snmp
#zabbix
#zabbix5
#snmptrapd
#zabbixProxy
#zabbixSnmpTraps
#zabbixCourse
#zabbixTutorial
I love watching your videos - excellent pacing / very straightforward / plain and simple explanations - great work !!
I am new to Zabbix. I have been put in charge of zabbix in my branch. This course is very helpful. I have gone ahead and purchased this course on Udemy. I hope to learn a lot so as to add value to my Branch.
Thank you! It was very useful for me!
it's work!!! IT'S WORK!!! 👍
Very thanks
Thanks a lot
Hi!
Thanks for your video, it has benefited me a lot!
How do you display the symbolic oid in your snmp trap message?
Mine can only display digital oid, I want to change to display symbolic oid, but I haven't found the relevant settings yet.
Thank you!!
Спасибо за видео ! Могли бы Вы разобрать тему настройки SNMPv3 ?
Thank you very much for the detailed video..
One question, I have setup my ESXi to send traps in the zabbix server and I see them in the log file. In order to translate the OIDs what is needed?
normally templates that use SNMP will query the OID value. Much less problems with configuring that way. The names of the items will show you what the OID means.
Look at the xml of this file, it is querying OIDs and not MIBs. share.zabbix.com/operating-systems/vmware/esxi-snmp-ver-3-4
Thank you for such a clear explanation.
Can we put specific traps on a graph? The idea is to configure several domain controllers to send a trap for security events (Event ID 4625: Failed account logon), and put it on zabbix timeline graph, to visualize the insensitivity of failed logon events. Or maybe there is an easier way to do it?
Yes, there are many ways. One way is to create a dependent item (numeric unsigned) on your snmptrap.fallback item with a regex preprocessing step that looks for 'Event ID 4625: Failed account logon' and returns a 1, otherwise a 0.
@@sbcode Hi Do I still need to setup this SNMPtrapD if I am not using a proxy?
Yes
Thanks for good explanation,
May i ask about, how to send those traps to appears as problem on dashboard ?
create triggers that look at the items
@
SBCODE What causes SNMP Timeouts in zabbix. Cisco device Errors for SNMP "Timeout while connecting to"
hi, very good tutorial; but i want to know how to have traps when there is a change in the config on a cisco router interface for example
1. Read the documentation about your router to see if it can send traps when the config changes.
2. If it does, then configure your router to send traps when the config changes.
3. Watch this video again to see how to read the traps in Zabbix
Hi, Does Zabbix could automatically discovery all Network assets such as printer, PC's, router switches, servers etc...Like namp or lansweeper? I want to apply zabbix in LAN environment?
it depends on which protocols the devices use.
If snmp then sbcode.net/zabbix/lld-actions-snmp/
Hello, Friend! Thanks for this video. I have a problem: When i test it the trap appear in /tmp/zabbix_traps.tmp but it doesnt show on item from Zabbix frontend. why ?? The item is: Type: SNMP trap, key: snmptrap.fallback, type information log. Ps. I'm testing on my own Zabbix Server like host, i dont have proxies
give it a day, a watch the video again.
hi SBCODE
I am getting warning: notification `trap identifier' is not reverse mappable and also for coldstart, linkDown ,linkUp. how to resolve this warning?
Hi Sean, nice work! Can we e-mail the trap too? Thanks!
the zabbix_trap_receiver.pl is a perl script. you can send emails, and many other things, using the perl language. Edit it any way you like, as long as you are confident writing perl.
@
SBCODE
Can Zabbix alert you when cisco router config has been changed?
probably. does your cisco router send an snmp trap when its config is changed? It depends on your model of your router, and also if you enabled smnp traps on the router
@@sbcode Yes, cisco router send an snmp trap when its config is changed.
I just didnt know if you had to do anything extra on zabbix side to get that information.
if you configured everything properly, then all traps by default go into the snmptrap[fallback] item. But you can create specific snmptrap items to match specific strings. If you are not getting any snmptraps in Zabbix at all, then you need to recheck everything. Because this works, evidence is in the video, and I've done it many times now.
@@sbcode Can you Make a video for SNMPv3 Traps? Articles online are different from snmp v1 and v2 and confusing.
Hello, how to change from 162 udp port default to 1234 udp port on /etc/snmp/snmptrapd.conf??
try adding
snmpTrapdAddr udp::1234
to the /etc/snmp/snmptrapd.conf