SNMP Traps

Quick notes on testing, receiving and debugging SNMP traps.

To send a test SNMP trap, do something like:


#Change these values as needed:  

#Probably don't need to change these:

sudo snmptrap -v$V -c$C $H '' $O $O s "Test -- $(date)"  

TCPDump can monitor receipt of traps at the target host.

sudo tcpdump -Tsnmp "dst port 162"  

To receive traps using snmptrapd, check the following values in /etc/default/snmptrapd/ (debian).

TRAPDOPTS='-Lf /var/log/snmptraps.log -p /run/ -Dudpbase:recv'  

The -Dudpbase:recv is a debug feature. Through trial and error I found this token to be the most relevant and least verbose way of logging all received SNMP traffic, which can point towards authentication (community) failures when a trap is received but not processed.

For a full list of tokens, see docs.

You can also briefly enable -DALL to find the values you're interested in and then limit debugging to the tokens that provide those values.