NAME
SNMP::Trapinfo - Reading an SNMP trap from Net-SNMP's snmptrapd
SYNOPSIS
use SNMP::Trapinfo;
$trap = SNMP::Trapinfo->new(*STDIN);
open F, ">> /tmp/trap.log";
print F $trap->packet;
close F;
if (! defined $trap->trapname) {
die "No trapname in packet";
} elsif ($trap->trapname eq "IF-MIB::linkUp" or $trap->trapname eq "IF-MIB::linkDown") {
# $mailer is a Mail::Mailer object, for example
print $mailer "Received trap :", $trap->trapname, $/,
"From host: ", $trap->hostname, $/,
"Message: ", $trap->expand('Interface ${V5} received ${TRAPNAME}'), $/;
} else {
# not expected trap
}DESCRIPTION
This module allows the user to get to the useful parts of an snmptrapd packet, as provided by the Net-SNMP software (http://www.net-snmp.org). You can then take whatever action with the packet, such as sending an email, post an IM or passing it to Nagios (http://www.nagios.org).
The most useful method is expand, which evaluates macros based on the packet, for your custom messages.
IMPLEMENTATION
Create your perl script (such as the example above).
Edit snmptrapd.conf so that the default traphandle calls your perl script.
Startup snmptrapd and let it do all the OID translations (no -On option) and let it do hostname translations (no -n option).
Create a trap and check that it has been received and processed correctly.
METHODS
- SNMP::Trapinfo->new(*STDIN)
-
Reads STDIN, expecting input from snmptrapd, and returns the object holding all the information about this packet. An example packet is:
cisco2611.lon.altinity 192.168.10.20 SNMPv2-MIB::sysUpTime.0 9:16:47:53.80 SNMPv2-MIB::snmpTrapOID.0 IF-MIB::linkUp IF-MIB::ifIndex.2 2 IF-MIB::ifDescr.2 Serial0/0 IF-MIB::ifType.2 ppp SNMPv2-SMI::enterprises.9.2.2.1.1.20.2 "PPP LCP Open" SNMP-COMMUNITY-MIB::snmpTrapAddress.0 192.168.10.20 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 "public" SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.9.1.186Any trailing linefeeds will be stripped.
Can specify multiple packets - keep calling SNMP::Trapinfo->new(*STDIN). Will receive an undef if there are no more packets to read.
- SNMP::Trapinfo->new(\$data)
-
Instead of a filehandle, can specify a scalar reference that holds the packet data.
- hostname
-
Returns the first line of the packet, which should be the hostname as resolved by snmptrapd.
- hostip
-
Returns the IP address in the 2nd line of the packet, which should be the originating host.
- trapname
-
Returns the value of the parameter SNMPv2-MIB::snmpTrapOID. In the example above, this method would return IF-MIB::linkUp.
If the SNMPv2-MIB::snmpTrapOID is not found, then will return undef. This could mean that the MIB for snmpTrapOID has not been loaded.
- fully_translated
-
Returns 0 if the trapname has more than 1 set of trailing digits (a single .\d+ would be removed automatically) - this would mean that a MIB is missing. Otherwise returns 1.
- packet( {hide_passwords => 1} )
-
Returns a scalar with the full packet, as originally received. If hide_passwords is specified, will replace the value of snmpTrapCommunity.0 with 5 asterisks.
- data
-
Returns a hash ref where the keys consist of the SNMP parameter and the values are the string values of thos parameters. For the example trap above, a Data::Dumper of $trap->data would give:
$VAR1 = { 'SNMPv2-MIB::snmpTrapEnterprise' => 'SNMPv2-SMI::enterprises.9.1.186', 'SNMP-COMMUNITY-MIB::snmpTrapAddress' => '192.168.10.20', 'IF-MIB::ifType' => 'ppp', 'IF-MIB::ifIndex' => '2', 'SNMPv2-MIB::snmpTrapOID' => 'IF-MIB::linkUp', 'IF-MIB::ifDescr' => 'Serial0/0', 'SNMP-COMMUNITY-MIB::snmpTrapCommunity' => '"public"', 'SNMPv2-MIB::sysUpTime' => '9:16:47:53.80', 'SNMPv2-SMI::enterprises.9.2.2.1.1.20.2' => '"PPP LCP Open"' }; - expand($string)
-
Takes $string and expands it so that macros within the string will be expanded out based on the packet details. Available macros are:
${Px} - Returns the parameter for line x
${Vx} - Returns the value for line x
${TRAPNAME} - Returns the trapname (as called from $trap->trapname)
${HOSTIP} - Returns the IP of the originating packet
${IF-MIB::ifType} - Returns the value for the specified parameter.
${SNMPv2-SMI::enterprises.9.*.2.1.1.20.2} - Returns the value for the specified parameter. The use of the wildcard means any value can be in that dot area. If there are multiple matches, there is no guarantee which one is returned. This is only really for MIBs that have variables within the OID - in this particular case, there is a missing MIB file. Multiple *s can be used.
${DUMP} - Returns all key, value pairs (stripping out snmpTrapCommunity)
For the example trap above, if you ran:
$trap->expand('Port ${IF-MIB::ifIndex} (${P7}=${V7}) is Up with message ${V8}');this would return:
Port 2 (ifType=ppp) is Up with message "PPP LCP Open" - eval($string)
-
$string is passed into expand to expand any macros. Then the entire string is eval'd. This method is useful for creating SNMP rules, using perl syntax. Will return 1 if true, 0 if false, or undef if eval failure ($@ will be set with the error).
For the example trap above, if you ran:
$trap->eval('"${IF-MIB::ifType}" eq "ppp" && ${IF-MIB::ifIndex} < 5');this would expand to
"ppp" eq "ppp" && 2 < 5and this would return true.
WARNING: Any arbitrary perl code could be executed here, so make sure data passed in is authorised.
- last_eval_string
-
Returns the last string used in an eval, with all macros expanded. Useful for debugging
VERSION NUMBERING
After a brief flirtation with 3 digit version numbering, I've changed back to X.YY format as perlmodstyle recommends.
REFERENCES
Net-SNMP - http://www.net-snmp.org. This module has been tested on versions 5.1.2 and 5.2.1.
AUTHOR
Ton Voon, <ton.voon@altinity.com>
CREDITS
Thanks to Brand Hilton for documentation suggestions.
COPYRIGHT AND LICENSE
Copyright (C) 2006 by Altinity Limited
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.