Traphandle (TraptoEmail) Not working properly (read: Permission

[Antonio Guerra]

Ok here is the situation. I'm receiving traps and I'm able to log them
to SNMPTRAPD.LOG (example below). I'm having a serious hard time
getting the traphandle utility to invoke TraptoEmail to send an email
when the trap is generated. Any suggestions as to what I might be
missing?

###########################################################################
#/etc/init.d/SNMPTRAPD
###########################################################################
#!/bin/bash
. /etc/init.d/functions

if [ -e /etc/sysconfig/snmptrapd.options ]; then
. /etc/sysconfig/snmptrapd.options
else
OPTIONS="-Lf /var/log/snmptrapd.log -Cc /etc/snmp/snmptrapd.conf"
# -Lsd -p /var/run/snmptrapd.pid"
fi
### OUTPUT OMITTED #####

###########################################################################
# SNMPTRAPD.CONF
###########################################################################
format2 %V\n% Agent Address: %A \n Agent Hostname: %B \n Date: %H - %J
- %K - %L - %M - %Y \n Enterprise OID: %N \n Trap Type: %W \n Trap
Sub-Type: %q \n Community/Infosec Context: %P \n Uptime: %T \n
Description: %W \n PDU Attribute/Value Pair Array:\n%v \n
-------------- \n

#-Begin Traphandle
traphandle SNMPv2-MIB::coldStart /usr/bin/traptoemail em...@email.com
traphandle NET-SNMP-AGENT-MIB::nsNotifyShutdown /usr/bin/traptoemail
em...@email.com
traphandle G3-AVAYA-TRAP::alarmWarning /usr/bin/traptoemail em...@email.com
traphandle default /usr/bin/traptoemail -f em...@email.com

#####################################################
# SNMPTRAPD.LOG OUTPUT
#####################################################

2009-01-26 15:41:06 NET-SNMP version 5.1.2 Started.
2009-01-26 15:41:09 SERVER-NAME [16.8.4.195] (via 16.8.4.195) TRAP,
SNMP v1, community public
NET-SNMP-MIB::netSnmpNotificationPrefix Enterprise Specific Trap
(NET-SNMP-AGENT-MIB::nsNotifyShutdown) Uptime: 0:01:51.23

read: Permission denied
Agent Address: 0.0.0.0
Agent Hostname: SERVER-NAME
Date: 19 - 1 - 56 - 31 - 12 - 1969
Enterprise OID: .
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: TRAP2, SNMP v2c, community public
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (11123) 0:01:51.23
SNMPv2-MIB::snmpTrapOID.0 = OID: NET-SNMP-AGENT-MIB::nsNotifyShutdown
--------------
read: Permission denied
Agent Address: 0.0.0.0
Agent Hostname: SERVER-NAME
Date: 19 - 1 - 56 - 31 - 12 - 1969
Enterprise OID: .
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: INFORM, SNMP v2c, community public
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (11123) 0:01:51.23
SNMPv2-MIB::snmpTrapOID.0 = OID: NET-SNMP-AGENT-MIB::nsNotifyShutdown
--------------
read: Permission denied
2009-01-26 15:41:09 SERVER-NAME [16.8.4.195] (via 16.8.4.195) TRAP,
SNMP v1, community public
NET-SNMP-TC::linux Cold Start Trap (0) Uptime: 0:00:00.22

read: Permission denied
Agent Address: 0.0.0.0
Agent Hostname: SERVER-NAME
Date: 19 - 1 - 56 - 31 - 12 - 1969
Enterprise OID: .
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: TRAP2, SNMP v2c, community public
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (22) 0:00:00.22
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-TC::linux
--------------
read: Permission denied
Agent Address: 0.0.0.0
Agent Hostname: SERVER-NAME
Date: 19 - 1 - 56 - 31 - 12 - 1969
Enterprise OID: .
Trap Type: Cold Start
Trap Sub-Type: 0
Community/Infosec Context: INFORM, SNMP v2c, community public
Uptime: 0
Description: Cold Start
PDU Attribute/Value Pair Array:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (22) 0:00:00.22
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-TC::linux
--------------
read: Permission denied

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

[Mike Ayers]

> From: Antonio Guerra [mailto:antonio...@gmail.com]
> Sent: Monday, January 26, 2009 12:56 PM

> Ok here is the situation. I'm receiving traps and I'm able to log them
> to SNMPTRAPD.LOG (example below). I'm having a serious hard time
> getting the traphandle utility to invoke TraptoEmail to send an email
> when the trap is generated. Any suggestions as to what I might be
> missing?

Please check the ACCESS CONTROL section of the snmptrapd.conf manpage.

HTH,

Mike

[Dave Shield]

2009/1/26 Mike Ayers <mike_...@tvworks.com>:

> Please check the ACCESS CONTROL section of the snmptrapd.conf manpage.

No - that won't be it.
Access Control was only introduced into snmptrapd fairly recently.
If you're using the 5.1.2 version, then that's not relevant.

What are the permissions on the script /usr/bin/traptoemail ?

Dave

[Antonio Guerra]

Everything seems to be world readable, and since I'm running as root I
don't get the problem since root is the owner and group:

-rwxr-xr-x 1 root root 2104 Jan 13 12:06 /usr/bin/traptoemail

-rw-r--r-- 1 root root 1195 Jan 26 15:40 /etc/snmp/snmptrapd.conf

-rwxr-xr-x 1 root root 1333 Jan 26 15:37 /etc/init.d/snmptrapd

[Dave Shield]

2009/1/27 Antonio Guerra <antonio...@gmail.com>:

> Everything seems to be world readable, and since I'm running as root I
> don't get the problem since root is the owner and group:
>
> -rwxr-xr-x 1 root root 2104 Jan 13 12:06 /usr/bin/traptoemail

Even running as root wouldn't have helped if the script wasn't
marked as executable. But those permissions look fine, so
that's not the problem.

What's the command that is used to start the trap daemon?
What is the output of "ps -ef | grep snmptrap" ?

[Antonio Guerra]

# ps -ef | egrep snmptrap
root 20434 1 0 Jan26 ? 00:00:00 /usr/sbin/snmptrapd
-Lf /var/log/snmptrapd.log -Cc /etc/snmp/snmptrapd.conf

[Dave Shield]

2009/1/27 Antonio Guerra <antonio...@gmail.com>:

> # ps -ef | egrep snmptrap
> root 20434 1 0 Jan26 ? 00:00:00 /usr/sbin/snmptrapd
> -Lf /var/log/snmptrapd.log -Cc /etc/snmp/snmptrapd.conf

OK - try the following:

Kill off the trap daemon, and then start it manually using

/usr/sbin/snmptrapd -f -Le -Dsnmptrapd -Cc /etc/snmp/snmptrapd.conf

Then send a trap to the daemon.
What output is generated?

[Antonio Guerra]

Dave,

When I try running that command, the process hangs.

[Dave Shield]

2009/1/27 Antonio Guerra <antonio...@gmail.com>:

> When I try running that command, the process hangs.

Are you sure it's not simply waiting to receive a trap?
Those options will run the trap receiver as a normal
command, rather than forking it off into the background
(which is the normal operation of a daemon).

Start the trap daemon in one window or shell command.
Then send the trap in a different window.
You should see things happening in the trapd window.

[Antonio Guerra]

Dave,

Opened two shell windows. One running the forked daemon, the other
generating traps.

I don't see anything happening on the forked window when sending
traps. As you can see below the process is running with the flags you
recommended:

# ps -ef | egrep snmp
root 21750 21510 0 10:49 ? 00:00:00 /usr/sbin/snmptrapd -f
-Le -Dsnmptrapd -Cc /etc/snmp/snmptrapd.conf
root 21764 1 0 10:49 ? 00:00:00 /usr/sbin/snmpd -Lf
/var/log/snmpd.log -p /var/run/snmpd.pid -a