[mirror_frr.git] / doc / user / snmptrap.rst

Handling SNMP Traps
===================

To handle snmp traps make sure your snmp setup of frr works
correctly as described in the frr documentation in :ref:`SNMP_Support`.

The BGP4 mib will send traps on peer up/down events. These should be
visible in your snmp logs with a message similar to:

.. clicmd:: snmpd[13733]: Got trap from peer on fd 14

To react on these traps they should be handled by a trapsink. Configure
your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:

::

    # send traps to the snmptrapd on localhost
    trapsink localhost
  

This will send all traps to an snmptrapd running on localhost. You can
of course also use a dedicated management station to catch traps.
Configure the snmptrapd daemon by adding the following line to
:file:`/etc/snmpd/snmptrapd.conf`:

::

    traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh
  

This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
the BGP4 traps. To add traps for other protocol daemons, lookup their
appropriate OID from their mib. (For additional information about which
traps are supported by your mib, lookup the mib on
`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).

Make sure snmptrapd is started.

The snmptrap_handle.sh script I personally use for handling BGP4 traps
is below. You can of course do all sorts of things when handling traps,
like sound a siren, have your display flash, etc., be creative ;).

@verbatim
#!/bin/bash

# routers name
ROUTER=`hostname -s`

#email address use to sent out notification
EMAILADDR="john@doe.com"
#email address used (allongside above) where warnings should be sent
EMAILADDR_WARN="sms-john@doe.com"

# type of notification
TYPE="Notice"

# local snmp community for getting AS belonging to peer
COMMUNITY="<community>"

# if a peer address is in $WARN_PEERS a warning should be sent
WARN_PEERS="192.0.2.1"

# get stdin
INPUT=`cat -`

# get some vars from stdin
uptime=`echo $INPUT | cut -d' ' -f5`
peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
peerstate=`echo $INPUT | cut -d' ' -f13`
errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\\"//g'`
suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\\"//g'`
remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4`

WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'`
asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/  //g' -e 's/^ //g' | uniq`
asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/  //g' -e 's/^ //g' | uniq`

# if peer address is in $WARN_PEER, the email should also
# be sent to $EMAILADDR_WARN
for ip in $WARN_PEERS; do
if [ "x$ip" == "x$peer" ]; then
EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
TYPE="WARNING"
break
fi
done

# convert peer state
case "$peerstate" in
1) peerstate="Idle" ;;
2) peerstate="Connect" ;;
3) peerstate="Active" ;;
4) peerstate="Opensent" ;;
5) peerstate="Openconfirm" ;;
6) peerstate="Established" ;;
*) peerstate="Unknown" ;;
esac

# get textual messages for errors
case "$errorcode" in
00)
error="No error"
suberror=""
;;
01)
error="Message Header Error"
case "$suberrorcode" in
01) suberror="Connection Not Synchronized" ;;
02) suberror="Bad Message Length" ;;
03) suberror="Bad Message Type" ;;
*) suberror="Unknown" ;;
esac
;;
02)    
error="OPEN Message Error"
case "$suberrorcode" in
01) suberror="Unsupported Version Number" ;;
02) suberror="Bad Peer AS" ;;
03) suberror="Bad BGP Identifier" ;;
04) suberror="Unsupported Optional Parameter" ;;
05) suberror="Authentication Failure" ;;
06) suberror="Unacceptable Hold Time" ;;
*) suberror="Unknown" ;;
esac
;;
03)
error="UPDATE Message Error"
case "$suberrorcode" in
01) suberror="Malformed Attribute List" ;;
02) suberror="Unrecognized Well-known Attribute" ;;
03) suberror="Missing Well-known Attribute" ;;
04) suberror="Attribute Flags Error" ;;
05) suberror="Attribute Length Error" ;;
06) suberror="Invalid ORIGIN Attribute" ;;
07) suberror="AS Routing Loop" ;;
08) suberror="Invalid NEXT_HOP Attribute" ;;
09) suberror="Optional Attribute Error" ;;
10) suberror="Invalid Network Field" ;;
11) suberror="Malformed AS_PATH" ;;
*) suberror="Unknown" ;;
esac
;;
04)
error="Hold Timer Expired"
suberror=""
;;
05)
error="Finite State Machine Error"
suberror=""
;;
06)
error="Cease"
case "$suberrorcode" in
01) suberror="Maximum Number of Prefixes Reached" ;;
02) suberror="Administratively Shutdown" ;;
03) suberror="Peer Unconfigured" ;;
04) suberror="Administratively Reset" ;;
05) suberror="Connection Rejected" ;;
06) suberror="Other Configuration Change" ;;
07) suberror="Connection collision resolution" ;;
08) suberror="Out of Resource" ;;
09) suberror="MAX" ;;
*) suberror="Unknown" ;;
esac
;;
*)
error="Unknown"
suberror=""
;;
esac

# create textual message from errorcodes
if [ "x$suberror" == "x" ]; then
NOTIFY="$errorcode ($error)"
else
NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
fi

# form a decent subject
SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
# create the email body
MAIL=`cat << EOF
BGP notification on router $ROUTER.

Peer: $peer
AS: $remoteas
New state: $peerstate
Notification: $NOTIFY

Info:
$asname
$asdescr

Snmpd uptime: $uptime
EOF`

# mail the notification
echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR
@end verbatim
Commit	Line	Data
42fc5d26 QY	1	Handling SNMP Traps
	2	===================
	3
	4	To handle snmp traps make sure your snmp setup of frr works
	5	correctly as described in the frr documentation in :ref:`SNMP_Support`.
	6
	7	The BGP4 mib will send traps on peer up/down events. These should be
	8	visible in your snmp logs with a message similar to:
	9
29adcd50	10	.. clicmd:: snmpd[13733]: Got trap from peer on fd 14
42fc5d26 QY	11
	12	To react on these traps they should be handled by a trapsink. Configure
	13	your trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
	14
	15	::
	16
	17	# send traps to the snmptrapd on localhost
	18	trapsink localhost
	19
	20
	21	This will send all traps to an snmptrapd running on localhost. You can
	22	of course also use a dedicated management station to catch traps.
	23	Configure the snmptrapd daemon by adding the following line to
	24	:file:`/etc/snmpd/snmptrapd.conf`:
	25
	26	::
	27
	28	traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh
	29
	30
	31	This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
	32	the BGP4 traps. To add traps for other protocol daemons, lookup their
	33	appropriate OID from their mib. (For additional information about which
	34	traps are supported by your mib, lookup the mib on
	35	`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).
	36
	37	Make sure snmptrapd is started.
	38
	39	The snmptrap_handle.sh script I personally use for handling BGP4 traps
	40	is below. You can of course do all sorts of things when handling traps,
	41	like sound a siren, have your display flash, etc., be creative ;).
	42
	43	@verbatim
	44	#!/bin/bash
	45
	46	# routers name
	47	ROUTER=`hostname -s`
	48
	49	#email address use to sent out notification
	50	EMAILADDR="john@doe.com"
	51	#email address used (allongside above) where warnings should be sent
	52	EMAILADDR_WARN="sms-john@doe.com"
	53
	54	# type of notification
	55	TYPE="Notice"
	56
	57	# local snmp community for getting AS belonging to peer
	58	COMMUNITY="<community>"
	59
	60	# if a peer address is in $WARN_PEERS a warning should be sent
	61	WARN_PEERS="192.0.2.1"
	62
	63	# get stdin
	64	INPUT=`cat -`
	65
	66	# get some vars from stdin
	67	uptime=`echo $INPUT \| cut -d' ' -f5`
	68	peer=`echo $INPUT \| cut -d' ' -f8 \| sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
	69	peerstate=`echo $INPUT \| cut -d' ' -f13`
	70	errorcode=`echo $INPUT \| cut -d' ' -f9 \| sed -e 's/\\"//g'`
	71	suberrorcode=`echo $INPUT \| cut -d' ' -f10 \| sed -e 's/\\"//g'`
	72	remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer \| cut -d' ' -f4`
	73
	74	WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" \| egrep '(as-name\|descr)'`
75	asname=`echo "$WHOISINFO" \| grep "^as-name:" \| sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' \| uniq`
76	asdescr=`echo "$WHOISINFO" \| grep "^descr:" \| sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' \| uniq`
77
78	# if peer address is in $WARN_PEER, the email should also
79	# be sent to $EMAILADDR_WARN
80	for ip in $WARN_PEERS; do
81	if [ "x$ip" == "x$peer" ]; then
82	EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
83	TYPE="WARNING"
84	break
85	fi
86	done
87
88	# convert peer state
89	case "$peerstate" in
90	1) peerstate="Idle" ;;
91	2) peerstate="Connect" ;;
92	3) peerstate="Active" ;;
93	4) peerstate="Opensent" ;;
94	5) peerstate="Openconfirm" ;;
95	6) peerstate="Established" ;;
96	*) peerstate="Unknown" ;;
97	esac
98
99	# get textual messages for errors
100	case "$errorcode" in
101	00)
102	error="No error"
103	suberror=""
104	;;
105	01)
106	error="Message Header Error"
107	case "$suberrorcode" in
108	01) suberror="Connection Not Synchronized" ;;
109	02) suberror="Bad Message Length" ;;
110	03) suberror="Bad Message Type" ;;
111	*) suberror="Unknown" ;;
112	esac
113	;;
114	02)
115	error="OPEN Message Error"
116	case "$suberrorcode" in
117	01) suberror="Unsupported Version Number" ;;
118	02) suberror="Bad Peer AS" ;;
119	03) suberror="Bad BGP Identifier" ;;
120	04) suberror="Unsupported Optional Parameter" ;;
121	05) suberror="Authentication Failure" ;;
122	06) suberror="Unacceptable Hold Time" ;;
123	*) suberror="Unknown" ;;
124	esac
125	;;
126	03)
127	error="UPDATE Message Error"
128	case "$suberrorcode" in
129	01) suberror="Malformed Attribute List" ;;
130	02) suberror="Unrecognized Well-known Attribute" ;;
131	03) suberror="Missing Well-known Attribute" ;;
132	04) suberror="Attribute Flags Error" ;;
133	05) suberror="Attribute Length Error" ;;
134	06) suberror="Invalid ORIGIN Attribute" ;;
135	07) suberror="AS Routing Loop" ;;
136	08) suberror="Invalid NEXT_HOP Attribute" ;;
137	09) suberror="Optional Attribute Error" ;;
138	10) suberror="Invalid Network Field" ;;
139	11) suberror="Malformed AS_PATH" ;;
140	*) suberror="Unknown" ;;
141	esac
142	;;
143	04)
144	error="Hold Timer Expired"
145	suberror=""
146	;;
147	05)
148	error="Finite State Machine Error"
149	suberror=""
150	;;
151	06)
152	error="Cease"
153	case "$suberrorcode" in
154	01) suberror="Maximum Number of Prefixes Reached" ;;
155	02) suberror="Administratively Shutdown" ;;
156	03) suberror="Peer Unconfigured" ;;
157	04) suberror="Administratively Reset" ;;
158	05) suberror="Connection Rejected" ;;
159	06) suberror="Other Configuration Change" ;;
160	07) suberror="Connection collision resolution" ;;
161	08) suberror="Out of Resource" ;;
162	09) suberror="MAX" ;;
163	*) suberror="Unknown" ;;
164	esac
165	;;
166	*)
167	error="Unknown"
168	suberror=""
169	;;
170	esac
171
172	# create textual message from errorcodes
173	if [ "x$suberror" == "x" ]; then
174	NOTIFY="$errorcode ($error)"
175	else
176	NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
177	fi
178
179	# form a decent subject
180	SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
181	# create the email body
182	MAIL=`cat << EOF
183	BGP notification on router $ROUTER.
184
185	Peer: $peer
186	AS: $remoteas
187	New state: $peerstate
188	Notification: $NOTIFY
189
190	Info:
191	$asname
192	$asdescr
193
194	Snmpd uptime: $uptime
195	EOF`
196
197	# mail the notification
198	echo "$MAIL" \| mail -s "$SUBJECT" $EMAILADDR
199	@end verbatim
200