NAME

SNMP::Trapinfo - Reading an SNMP trap from Net-SNMP's snmptrapd

SYNOPSIS

use SNMP::Trapinfo;
$trap = SNMP::Trapinfo->new(*STDIN);

open F, ">> /tmp/trap.log";
print F $trap->packet;
close F;

if (! defined $trap->trapname) {
  die "No trapname in packet";
} elsif ($trap->trapname eq "IF-MIB::linkUp" or $trap->trapname eq "IF-MIB::linkDown") {
  # $mailer is a Mail::Mailer object, for example
  print $mailer "Received trap :", $trap->trapname, $/,
    "From host: ", $trap->hostname, $/,
    "Message: ", $trap->expand('Interface ${V5} received ${TRAPNAME}'), $/;
} else {
  # not expected trap
}

DESCRIPTION

This module allows the user to get to the useful parts of an snmptrapd packet, as provided by the Net-SNMP software (http://www.net-snmp.org). You can then take whatever action with the packet, such as sending an email, post an IM or passing it to Nagios (http://www.nagios.org).

The most useful method is expand, which evaluates macros based on the packet, for your custom messages.

IMPLEMENTATION

Create your perl script (such as the example above).
Edit snmptrapd.conf so that the default traphandle calls your perl script.
Startup snmptrapd and let it do all the OID translations (no -On option) and let it do hostname translations (no -n option).
Create a trap and check that it has been received and processed correctly.

METHODS

SNMP::Trapinfo->new(*STDIN)

Reads STDIN, expecting input from snmptrapd, and returns the object holding all the information about this packet. An example packet is:

cisco2611.lon.altinity
192.168.10.20
SNMPv2-MIB::sysUpTime.0 9:16:47:53.80
SNMPv2-MIB::snmpTrapOID.0 IF-MIB::linkUp
IF-MIB::ifIndex.2 2
IF-MIB::ifDescr.2 Serial0/0
IF-MIB::ifType.2 ppp
SNMPv2-SMI::enterprises.9.2.2.1.1.20.2 "PPP LCP Open"
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 192.168.10.20
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 "public"
SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.9.1.186

Any trailing linefeeds will be stripped.

Can specify multiple packets - keep calling SNMP::Trapinfo->new(*STDIN). Will receive an undef if there are no more packets to read.

SNMP::Trapinfo->new(\$data)

Instead of a filehandle, can specify a scalar reference that holds the packet data.

hostname

Returns the first line of the packet, which should be the hostname as resolved by snmptrapd.

hostip

Returns the IP address in the 2nd line of the packet, which should be the originating host.

trapname

Returns the value of the parameter SNMPv2-MIB::snmpTrapOID. In the example above, this method would return IF-MIB::linkUp.

If the SNMPv2-MIB::snmpTrapOID is not found, then will return undef. This could mean that the MIB for snmpTrapOID has not been loaded.

fully_translated

Returns 0 if the trapname has more than 1 set of trailing digits (a single .\d+ would be removed automatically) - this would mean that a MIB is missing. Otherwise returns 1.

packet( {hide_passwords => 1} )

Returns a scalar with the full packet, as originally received. If hide_passwords is specified, will replace the value of snmpTrapCommunity.0 with 5 asterisks.

data

Returns a hash ref where the keys consist of the SNMP parameter and the values are the string values of thos parameters. For the example trap above, a Data::Dumper of $trap->data would give:

$VAR1 = {
        'SNMPv2-MIB::snmpTrapEnterprise' => 'SNMPv2-SMI::enterprises.9.1.186',
        'SNMP-COMMUNITY-MIB::snmpTrapAddress' => '192.168.10.20',
        'IF-MIB::ifType' => 'ppp',
        'IF-MIB::ifIndex' => '2',
        'SNMPv2-MIB::snmpTrapOID' => 'IF-MIB::linkUp',
        'IF-MIB::ifDescr' => 'Serial0/0',
        'SNMP-COMMUNITY-MIB::snmpTrapCommunity' => '"public"',
        'SNMPv2-MIB::sysUpTime' => '9:16:47:53.80',
        'SNMPv2-SMI::enterprises.9.2.2.1.1.20.2' => '"PPP LCP Open"'
      };

expand($string)

Takes $string and expands it so that macros within the string will be expanded out based on the packet details. Available macros are:

${Px} - Returns the parameter for line x
${Vx} - Returns the value for line x
${TRAPNAME} - Returns the trapname (as called from $trap->trapname)
${HOSTIP} - Returns the IP of the originating packet
${IF-MIB::ifType} - Returns the value for the specified parameter.
${DUMP} - Returns all key, value pairs (stripping out snmpTrapCommunity)

For the example trap above, if you ran:

$trap->expand('Port ${IF-MIB::ifIndex} (${P7}=${V7}) is Up with message ${V8}');

this would return:

Port 2 (ifType=ppp) is Up with message "PPP LCP Open"

VERSION NUMBERING

After a brief flirtation with 3 digit version numbering, I've changed back to X.YY format as perlmodstyle recommends.

REFERENCES

Net-SNMP - http://www.net-snmp.org. This module has been tested on versions 5.1.2 and 5.2.1.

AUTHOR

Ton Voon, <ton.voon@altinity.com>

CREDITS

Thanks to Brand Hilton for documentation suggestions.

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.

To install SNMP::Trapinfo, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SNMP::Trapinfo

CPAN shell

perl -MCPAN -e shell
install SNMP::Trapinfo

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)