Opensource ICT Solutions designed a Python and Bash script for Zabbix that makes it possible parse SNMP traps to Zabbix without the use of net-snmp-perl. Read more and learn how to set up the scripts in this post.
Contents
- Why would we need something besides net-snmp-perl?
-
How to setup this custom parser?
- Python
- Bash
- How it works
- Conclusion
Why would we need something besides net-snmp-perl?
Zabbix utilises net-snmp-perl to parse SNMP traps to a format you can understand. In RHEL8 (CentOS8) the package net-snmp-perl has been removed and as of right now it seems it won’t be added back to RHEL8. Of course we can work around this issue by using a third party repo like this:
rpm -Uvh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm dnf clean all dnf install net-snmp-perl
Thanks for helping out the community by posting this in the bug report Jurijs. See: https://support.zabbix.com/browse/ZBX-17192
But what if our organisation doesn’t allow for third party repo’s? Maybe there’s another reason why this isn’t the way to go for you. This is when we can use one of the custom Parsers we’ve created for Zabbix SNMP traps.
How to setup this custom parser?
Setting up a parser like this is quite easy, once you’ve got the script going. This is one of the many great things about Zabbix, it’s so customisable that we can even make it work with our own custom scripts. The power of the Zabbix development team, combined with our own custom ideas and sometimes quick fixes. After all, sometimes we are one of the view people in the world that need something or sometimes we just want things our own way.
In this case, we want to fix a RHEL8 issue because we can’t use the ‘quick fix’ way. So let’s see how we do this!
Python
To get started with our script, let’s download the Python script from the public Opensource ICT Solutions Github the script we need is called “snmptrap-parser.py”:
https://github.com/OpensourceICTSolutions/zabbix-snmp-traps-script
Once you have downloaded the script on your RHEL8 machine, put it in the following location:
/usr/bin/snmptrap-parser.py
Now point /etc/snmp/snmptrapd.conf to the new SNMP trap parser by adding the following to the file:
disableAuthorization yes traphandle default /usr/bin/python /usr/bin/snmptrap-parser.py
That’s all there is to do, you can now restart zabbix and snmpd. All your traps will be parsed by the Python script and you’ll have a working setup once again.
systemctl restart zabbix-server.service snmptrapd.service
Bash
Now let’s do the same thing, but a little differently. This time we’ll be using a Bash script to parse our SNMP traps. Download the Bash script from the public Opensource ICT Solutions Github the script we need is called “snmpparser.sh”:
https://github.com/OpensourceICTSolutions/zabbix-snmp-traps-script
Now that have downloaded the script on your machine, put it in the following location:
/usr/bin/snmpparser.sh
we’ll point /etc/snmp/snmptrapd.conf to the new SNMP trap parser by adding the following to the file:
disableAuthorization yes traphandle default /usr/bin/bash /usr/bin/snmpparser.sh
Now restart zabbix and snmpd and all your traps will be parsed by the Bash script. Making this a working setup once again.
systemctl restart zabbix-server.service snmptrapd.service
The process is about the same for both Python and Bash, but of course in the back it works a little differently. The end results are the same though, parsing your SNMP Trap to readable Zabbix Data.
How it works
To show you how it works, I’ve created the following diagram. Our Host creates an SNMP trap, for instance a port going down on a network switch. This trap is received by our snmpdtrap process on our RHEL8 Zabbix Server host. When the process receives the trap it is pointed to our Bash or Python script according to our snmpdtrap.conf and it sends the trap to the script for parsing. Once parsed our data is saved in our Zabbix server and we can read the data from the frontend, easy.
Conclusion
Whether you are trying to work with RHEL8 and need to parse SNMP traps with something besides Perl or if for some reason you can’t use third party RPM resources. This method will fix your issues and you are all ready to parse your SNMP traps once more.
I hope you enjoyed reading this blog post and if you have any questions or need help configuring your SNMP trap parser feel free to contact me and my team at Opensource ICT Solutions.
Nathan Liefting
hi, here are just my 2cents:
make the snmpparser.sh executable
chmod +x /usr/bin/snmpparser.shset correct line-ending
sudo vi /usr/bin/snmpparser.sh:set ff=unix:wqthank you very much for your work!
I should say that these scripts didn’t work in my case somewhy. I was getting traps from just 2 host from the whole network of ~120 hosts. I used to think this was OK but when I did
systemctl status snmptrapd, I got:So I fixed RE and changed the script to this:
#!/usr/bin/python3# All rights reserved Opensource ICT Solutions B.V.
# Free to redistribute with mention to Opensource ICT Solutions
# For use with Zabbix
# Place in directory
# Update snmptrapd.conf to use this script:
# disableAuthorization yes
# traphandle default /usr/bin/python
# And start Zabbix stuffs
import re
import sys
import time
def main():
destination = "/var/log/snmptrap.log" # File destination
errorfile = "/var/log/snmptraperrors.log"
# Getting Trap
trap = sys.stdin.readlines() # Read from stdin
r = "".join(trap) # Convert LIST to STRING
# Format the time string
formatted_time = str(time.strftime("%H:%M:%S %Y/%m/%d"))
# Matching on IPaddress
try:
source = re.findall("UDP: [([d.+]+)", r)[0]
header = "{0} ZBXTRAP {1}".format(formatted_time, source)
with open(destination, "a") as file:
file.write("{0}n{1}".format(header, "".join(trap)))
except Exception as exc:
print(exc)
# Appending it to the file with unrecognized messages
with open(errorfile, "a") as file:
file.write("{}nn".format(r))
if __name__ == "__main__":
main()
I also added errorfile in /var/log/snmptraperrors.log to check if there would be any mistakes. The system was working for 1 night and it has collected a lot of trap and no errors.
I hope you’ll enjoy.