Opensource ICT Solutions designed a Python and Bash script for Zabbix that makes it possible parse SNMP traps to Zabbix without the use of net-snmp-perl. Read more and learn how to set up the scripts in this post.

Contents

  • Why would we need something besides net-snmp-perl?
  • How to setup this custom parser?

    • Python
    • Bash
  • How it works
  • Conclusion

 

Why would we need something besides net-snmp-perl?

Zabbix utilises net-snmp-perl to parse SNMP traps to a format you can understand. In RHEL8 (CentOS8) the package net-snmp-perl has been removed and as of right now it seems it won’t be added back to RHEL8. Of course we can work around this issue by using a third party repo like this:

rpm -Uvh http://repo.okay.com.mx/centos/8/x86_64/release/okay-release-1-3.el8.noarch.rpm
dnf clean all
dnf install net-snmp-perl

Thanks for helping out the community by posting this in the bug report Jurijs. See: https://support.zabbix.com/browse/ZBX-17192

But what if our organisation doesn’t allow for third party repo’s? Maybe there’s another reason why this isn’t the way to go for you. This is when we can use one of the custom Parsers we’ve created for Zabbix SNMP traps.

 

How to setup this custom parser?

Setting up a parser like this is quite easy, once you’ve got the script going. This is one of the many great things about Zabbix, it’s so customisable that we can even make it work with our own custom scripts. The power of the Zabbix development team, combined with our own custom ideas and sometimes quick fixes. After all, sometimes we are one of the view people in the world that need something or sometimes we just want things our own way.

In this case, we want to fix a RHEL8 issue because we can’t use the ‘quick fix’ way. So let’s see how we do this!

Python

To get started with our script, let’s download the Python script from the public Opensource ICT Solutions Github the script we need is called “snmptrap-parser.py”:

https://github.com/OpensourceICTSolutions/zabbix-snmp-traps-script

Once you have downloaded the script on your RHEL8 machine, put it in the following location:

/usr/bin/snmptrap-parser.py

Now point /etc/snmp/snmptrapd.conf to the new SNMP trap parser by adding the following to the file:

disableAuthorization yes
traphandle default /usr/bin/python /usr/bin/snmptrap-parser.py

That’s all there is to do, you can now restart zabbix and snmpd. All your traps will be parsed by the Python script and you’ll have a working setup once again.

systemctl restart zabbix-server.service snmptrapd.service

Bash

Now let’s do the same thing, but a little differently. This time we’ll be using a Bash script to parse our SNMP traps. Download the Bash script from the public Opensource ICT Solutions Github the script we need is called “snmpparser.sh”:

https://github.com/OpensourceICTSolutions/zabbix-snmp-traps-script

Now that have downloaded the script on your machine, put it in the following location:

/usr/bin/snmpparser.sh

we’ll point /etc/snmp/snmptrapd.conf to the new SNMP trap parser by adding the following to the file:

disableAuthorization yes
traphandle default /usr/bin/bash /usr/bin/snmpparser.sh

Now restart zabbix and snmpd and all your traps will be parsed by the Bash script. Making this a working setup once again.

systemctl restart zabbix-server.service snmptrapd.service

The process is about the same for both Python and Bash, but of course in the back it works a little differently. The end results are the same though, parsing your SNMP Trap to readable Zabbix Data.

How it works

To show you how it works, I’ve created the following diagram. Our Host creates an SNMP trap, for instance a port going down on a network switch. This trap is received by our snmpdtrap process on our RHEL8 Zabbix Server host. When the process receives the trap it is pointed to our Bash or Python script according to our snmpdtrap.conf and it sends the trap to the script for parsing. Once parsed our data is saved in our Zabbix server and we can read the data from the frontend, easy.

 

Conclusion

Whether you are trying to work with RHEL8 and need to parse SNMP traps with something besides Perl or if for some reason you can’t use third party RPM resources. This method will fix your issues and you are all ready to parse your SNMP traps once more.

I hope you enjoyed reading this blog post and if you have any questions or need help configuring your SNMP trap parser feel free to contact me and my team at Opensource ICT Solutions.

Nathan Liefting

https://oicts.com

A close up of a logo Description automatically generated

Subscribe
Notify of
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
mkoetzing
mkoetzing
3 years ago

hi, here are just my 2cents:
make the snmpparser.sh executable chmod +x /usr/bin/snmpparser.sh
set correct line-ending
sudo vi /usr/bin/snmpparser.sh
:set ff=unix
:wq

thank you very much for your work!

Николай Карлов
Николай Карлов
3 years ago

I should say that these scripts didn’t work in my case somewhy. I was getting traps from just 2 host from the whole network of ~120 hosts. I used to think this was OK but when I did systemctl status snmptrapd, I got:

Oct 22 15:39:33 appliance snmptrapd[498725]: File “/usr/bin/snmpparser.py”, line 28, in main
Oct 22 15:39:33 appliance snmptrapd[498725]: source = re.findall(“.snmpTrapAddress.0 ([d.+]+)”, r)[0]
Oct 22 15:39:33 appliance snmptrapd[498725]: IndexError: list index out of range
Oct 22 15:39:41 appliance snmptrapd[498725]: 2020-10-22 15:39:41 [UDP: [192.168.20.109]:59827->[192.168.20.148]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (127874888) 14 days, 19:12:28.88 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.35265.1.60.1.2.1.1 SNMPv2-SMI::enterpr>
, Version 1.19.3.1, Base MAC e0:d9:e3:70:6d:00, Serial number WP12005977, Location root” SNMPv2-MIB::sysObjectID = OID: SNMPv2-SMI::enterprises.35265.1.66 SNMPv2-SMI::enterprise>
” SNMPv2-MIB::sysName = STRING: WEP-2ac SNMPv2-SMI::enterprises.4413.1.1.28.1.1.3 = STRING: “1.19.3.1” SNMPv2-SMI::enterprises.4413.1.1.28.1.1.6 = STRING: “e0:d9:e3:70:6d>

So I fixed RE and changed the script to this:
#!/usr/bin/python3
# All rights reserved Opensource ICT Solutions B.V.
# Free to redistribute with mention to Opensource ICT Solutions

# For use with Zabbix
# Place in directory
# Update snmptrapd.conf to use this script:
# disableAuthorization yes
# traphandle default /usr/bin/python
# And start Zabbix stuffs

import re
import sys
import time

def main():
destination = "/var/log/snmptrap.log" # File destination
errorfile = "/var/log/snmptraperrors.log"

# Getting Trap
trap = sys.stdin.readlines() # Read from stdin
r = "".join(trap) # Convert LIST to STRING

# Format the time string
formatted_time = str(time.strftime("%H:%M:%S %Y/%m/%d"))

# Matching on IPaddress
try:
source = re.findall("UDP: [([d.+]+)", r)[0]
header = "{0} ZBXTRAP {1}".format(formatted_time, source)

with open(destination, "a") as file:
file.write("{0}n{1}".format(header, "".join(trap)))

except Exception as exc:
print(exc)
# Appending it to the file with unrecognized messages
with open(errorfile, "a") as file:
file.write("{}nn".format(r))

if __name__ == "__main__":
main()

I also added errorfile in /var/log/snmptraperrors.log to check if there would be any mistakes. The system was working for 1 night and it has collected a lot of trap and no errors.

I hope you’ll enjoy.

2
0
Would love your thoughts, please comment.x
()
x