SNMP Traps

Quick notes on testing, receiving and debugging SNMP traps.

To send a test SNMP trap, do something like:

#!/bin/bash
#File: trapTest.sh

#Change these values as needed:
H=snmp.example.com  
C=public

#Probably don't need to change these:
V=2c  
O=1.3.6.1

sudo snmptrap -v$V -c$C $H '' $O $O s "Test -- $(date)"  

TCPDump can monitor receipt of traps at the target host.

sudo tcpdump -Tsnmp "dst port 162"  

To receive traps using snmptrapd, check the following values in /etc/default/snmptrapd/ (debian).

TRAPDRUN=yes  
TRAPDOPTS='-Lf /var/log/snmptraps.log -p /run/snmptrapd.pid -Dudpbase:recv'  

The -Dudpbase:recv is a debug feature. Through trial and error I found this token to be the most relevant and least verbose way of logging all received SNMP traffic, which can point towards authentication (community) failures when a trap is received but not processed.

For a full list of tokens, see docs.

You can also briefly enable -DALL to find the values you're interested in and then limit debugging to the tokens that provide those values.