[mirror_frr.git] / doc / user / snmptrap.rst

Handling SNMP Traps
===================

To handle snmp traps make sure your snmp setup of frr works
correctly as described in the frr documentation in :ref:`SNMP_Support`.

The BGP4 mib will send traps on peer up/down events. These should be
visible in your snmp logs with a message similar to:

::

   snmpd[13733]: Got trap from peer on fd 14

To react on these traps they should be handled by a trapsink. Configure
your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:

::

   # send traps to the snmptrapd on localhost
   trapsink localhost


This will send all traps to an snmptrapd running on localhost. You can
of course also use a dedicated management station to catch traps.
Configure the snmptrapd daemon by adding the following line to
:file:`/etc/snmpd/snmptrapd.conf`:

::

   traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh


This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
the BGP4 traps. To add traps for other protocol daemons, lookup their
appropriate OID from their mib. (For additional information about which
traps are supported by your mib, lookup the mib on
`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).

Make sure snmptrapd is started.

The snmptrap_handle.sh script I personally use for handling BGP4 traps
is below. You can of course do all sorts of things when handling traps,
like sound a siren, have your display flash, etc., be creative ;).

::

   #!/bin/bash

   # routers name
   ROUTER=`hostname -s`

   #email address use to sent out notification
   EMAILADDR="john@doe.com"
   #email address used (allongside above) where warnings should be sent
   EMAILADDR_WARN="sms-john@doe.com"

   # type of notification
   TYPE="Notice"

   # local snmp community for getting AS belonging to peer
   COMMUNITY="<community>"

   # if a peer address is in $WARN_PEERS a warning should be sent
   WARN_PEERS="192.0.2.1"

   # get stdin
   INPUT=`cat -`

   # get some vars from stdin
   uptime=`echo $INPUT | cut -d' ' -f5`
   peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
   peerstate=`echo $INPUT | cut -d' ' -f13`
   errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\\"//g'`
   suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\\"//g'`
   remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4`

   WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'`
   asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/  //g' -e 's/^ //g' | uniq`
   asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/  //g' -e 's/^ //g' | uniq`

   # if peer address is in $WARN_PEER, the email should also
   # be sent to $EMAILADDR_WARN
   for ip in $WARN_PEERS; do
   if [ "x$ip" == "x$peer" ]; then
   EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
   TYPE="WARNING"
   break
   fi
   done

   # convert peer state
   case "$peerstate" in
   1) peerstate="Idle" ;;
   2) peerstate="Connect" ;;
   3) peerstate="Active" ;;
   4) peerstate="Opensent" ;;
   5) peerstate="Openconfirm" ;;
   6) peerstate="Established" ;;
   *) peerstate="Unknown" ;;
   esac

   # get textual messages for errors
   case "$errorcode" in
   00)
   error="No error"
   suberror=""
   ;;
   01)
   error="Message Header Error"
   case "$suberrorcode" in
   01) suberror="Connection Not Synchronized" ;;
   02) suberror="Bad Message Length" ;;
   03) suberror="Bad Message Type" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   02)
   error="OPEN Message Error"
   case "$suberrorcode" in
   01) suberror="Unsupported Version Number" ;;
   02) suberror="Bad Peer AS" ;;
   03) suberror="Bad BGP Identifier" ;;
   04) suberror="Unsupported Optional Parameter" ;;
   05) suberror="Authentication Failure" ;;
   06) suberror="Unacceptable Hold Time" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   03)
   error="UPDATE Message Error"
   case "$suberrorcode" in
   01) suberror="Malformed Attribute List" ;;
   02) suberror="Unrecognized Well-known Attribute" ;;
   03) suberror="Missing Well-known Attribute" ;;
   04) suberror="Attribute Flags Error" ;;
   05) suberror="Attribute Length Error" ;;
   06) suberror="Invalid ORIGIN Attribute" ;;
   07) suberror="AS Routing Loop" ;;
   08) suberror="Invalid NEXT_HOP Attribute" ;;
   09) suberror="Optional Attribute Error" ;;
   10) suberror="Invalid Network Field" ;;
   11) suberror="Malformed AS_PATH" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   04)
   error="Hold Timer Expired"
   suberror=""
   ;;
   05)
   error="Finite State Machine Error"
   suberror=""
   ;;
   06)
   error="Cease"
   case "$suberrorcode" in
   01) suberror="Maximum Number of Prefixes Reached" ;;
   02) suberror="Administratively Shutdown" ;;
   03) suberror="Peer Unconfigured" ;;
   04) suberror="Administratively Reset" ;;
   05) suberror="Connection Rejected" ;;
   06) suberror="Other Configuration Change" ;;
   07) suberror="Connection collision resolution" ;;
   08) suberror="Out of Resource" ;;
   09) suberror="MAX" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   *)
   error="Unknown"
   suberror=""
   ;;
   esac

   # create textual message from errorcodes
   if [ "x$suberror" == "x" ]; then
   NOTIFY="$errorcode ($error)"
   else
   NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
   fi

   # form a decent subject
   SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
   # create the email body
   MAIL=`cat << EOF
   BGP notification on router $ROUTER.

   Peer: $peer
   AS: $remoteas
   New state: $peerstate
   Notification: $NOTIFY

   Info:
   $asname
   $asdescr

   Snmpd uptime: $uptime
   EOF`

   # mail the notification
   echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR
Commit	Line	Data
42fc5d26 QY	1	Handling SNMP Traps
	2	===================
	3
	4	To handle snmp traps make sure your snmp setup of frr works
	5	correctly as described in the frr documentation in :ref:`SNMP_Support`.
	6
	7	The BGP4 mib will send traps on peer up/down events. These should be
	8	visible in your snmp logs with a message similar to:
	9
ec8404d8 QY	10	::
	11
	12	snmpd[13733]: Got trap from peer on fd 14
42fc5d26 QY	13
	14	To react on these traps they should be handled by a trapsink. Configure
	15	your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
	16
	17	::
	18
ec8404d8 QY	19	# send traps to the snmptrapd on localhost
ec8404d8 QY	20	trapsink localhost
a8c90e15	21
42fc5d26 QY	22
	23	This will send all traps to an snmptrapd running on localhost. You can
	24	of course also use a dedicated management station to catch traps.
	25	Configure the snmptrapd daemon by adding the following line to
	26	:file:`/etc/snmpd/snmptrapd.conf`:
	27
	28	::
	29
ec8404d8	30	traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh
a8c90e15	31
42fc5d26 QY	32
	33	This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
	34	the BGP4 traps. To add traps for other protocol daemons, lookup their
	35	appropriate OID from their mib. (For additional information about which
	36	traps are supported by your mib, lookup the mib on
	37	`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).
	38
	39	Make sure snmptrapd is started.
	40
	41	The snmptrap_handle.sh script I personally use for handling BGP4 traps
	42	is below. You can of course do all sorts of things when handling traps,
	43	like sound a siren, have your display flash, etc., be creative ;).
	44
ec8404d8	45	::
42fc5d26	46
ec8404d8 QY	47	#!/bin/bash
	48
	49	# routers name
	50	ROUTER=`hostname -s`
	51
	52	#email address use to sent out notification
	53	EMAILADDR="john@doe.com"
	54	#email address used (allongside above) where warnings should be sent
	55	EMAILADDR_WARN="sms-john@doe.com"
	56
	57	# type of notification
	58	TYPE="Notice"
	59
	60	# local snmp community for getting AS belonging to peer
	61	COMMUNITY="<community>"
	62
	63	# if a peer address is in $WARN_PEERS a warning should be sent
	64	WARN_PEERS="192.0.2.1"
	65
	66	# get stdin
	67	INPUT=`cat -`
	68
	69	# get some vars from stdin
	70	uptime=`echo $INPUT \| cut -d' ' -f5`
	71	peer=`echo $INPUT \| cut -d' ' -f8 \| sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
	72	peerstate=`echo $INPUT \| cut -d' ' -f13`
	73	errorcode=`echo $INPUT \| cut -d' ' -f9 \| sed -e 's/\\"//g'`
	74	suberrorcode=`echo $INPUT \| cut -d' ' -f10 \| sed -e 's/\\"//g'`
	75	remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer \| cut -d' ' -f4`
	76
	77	WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" \| egrep '(as-name\|descr)'`
	78	asname=`echo "$WHOISINFO" \| grep "^as-name:" \| sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' \| uniq`
	79	asdescr=`echo "$WHOISINFO" \| grep "^descr:" \| sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' \| uniq`
	80
	81	# if peer address is in $WARN_PEER, the email should also
	82	# be sent to $EMAILADDR_WARN
	83	for ip in $WARN_PEERS; do
	84	if [ "x$ip" == "x$peer" ]; then
	85	EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
	86	TYPE="WARNING"
	87	break
	88	fi
	89	done
	90
	91	# convert peer state
	92	case "$peerstate" in
	93	1) peerstate="Idle" ;;
	94	2) peerstate="Connect" ;;
	95	3) peerstate="Active" ;;
	96	4) peerstate="Opensent" ;;
	97	5) peerstate="Openconfirm" ;;
	98	6) peerstate="Established" ;;
	99	*) peerstate="Unknown" ;;
	100	esac
	101
	102	# get textual messages for errors
	103	case "$errorcode" in
	104	00)
	105	error="No error"
	106	suberror=""
	107	;;
	108	01)
	109	error="Message Header Error"
	110	case "$suberrorcode" in
111	01) suberror="Connection Not Synchronized" ;;
112	02) suberror="Bad Message Length" ;;
113	03) suberror="Bad Message Type" ;;
114	*) suberror="Unknown" ;;
115	esac
116	;;
117	02)
118	error="OPEN Message Error"
119	case "$suberrorcode" in
120	01) suberror="Unsupported Version Number" ;;
121	02) suberror="Bad Peer AS" ;;
122	03) suberror="Bad BGP Identifier" ;;
123	04) suberror="Unsupported Optional Parameter" ;;
124	05) suberror="Authentication Failure" ;;
125	06) suberror="Unacceptable Hold Time" ;;
126	*) suberror="Unknown" ;;
127	esac
128	;;
129	03)
130	error="UPDATE Message Error"
131	case "$suberrorcode" in
132	01) suberror="Malformed Attribute List" ;;
133	02) suberror="Unrecognized Well-known Attribute" ;;
134	03) suberror="Missing Well-known Attribute" ;;
135	04) suberror="Attribute Flags Error" ;;
136	05) suberror="Attribute Length Error" ;;
137	06) suberror="Invalid ORIGIN Attribute" ;;
138	07) suberror="AS Routing Loop" ;;
139	08) suberror="Invalid NEXT_HOP Attribute" ;;
140	09) suberror="Optional Attribute Error" ;;
141	10) suberror="Invalid Network Field" ;;
142	11) suberror="Malformed AS_PATH" ;;
143	*) suberror="Unknown" ;;
144	esac
145	;;
146	04)
147	error="Hold Timer Expired"
148	suberror=""
149	;;
150	05)
151	error="Finite State Machine Error"
152	suberror=""
153	;;
154	06)
155	error="Cease"
156	case "$suberrorcode" in
157	01) suberror="Maximum Number of Prefixes Reached" ;;
158	02) suberror="Administratively Shutdown" ;;
159	03) suberror="Peer Unconfigured" ;;
160	04) suberror="Administratively Reset" ;;
161	05) suberror="Connection Rejected" ;;
162	06) suberror="Other Configuration Change" ;;
163	07) suberror="Connection collision resolution" ;;
164	08) suberror="Out of Resource" ;;
165	09) suberror="MAX" ;;
166	*) suberror="Unknown" ;;
167	esac
168	;;
169	*)
170	error="Unknown"
171	suberror=""
172	;;
173	esac
174
175	# create textual message from errorcodes
176	if [ "x$suberror" == "x" ]; then
177	NOTIFY="$errorcode ($error)"
178	else
179	NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
180	fi
181
182	# form a decent subject
183	SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
184	# create the email body
185	MAIL=`cat << EOF
186	BGP notification on router $ROUTER.
187
188	Peer: $peer
189	AS: $remoteas
190	New state: $peerstate
191	Notification: $NOTIFY
192
193	Info:
194	$asname
195	$asdescr
196
197	Snmpd uptime: $uptime
198	EOF`
199
200	# mail the notification
201	echo "$MAIL" \| mail -s "$SUBJECT" $EMAILADDR