[mirror_frr.git] / doc / user / snmptrap.rst

Handling SNMP Traps
===================

To handle snmp traps make sure your snmp setup of frr works correctly as
described in the frr documentation in :ref:`snmp-support`.

The BGP4 mib will send traps on peer up/down events. These should be visible in
your snmp logs with a message similar to:

::

   snmpd[13733]: Got trap from peer on fd 14

To react on these traps they should be handled by a trapsink. Configure your
trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:

::

   # send traps to the snmptrapd on localhost
   trapsink localhost


This will send all traps to an snmptrapd running on localhost. You can of
course also use a dedicated management station to catch traps. Configure the
snmptrapd daemon by adding the following line to
:file:`/etc/snmpd/snmptrapd.conf`:

::

   traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh


This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
the BGP4 traps. To add traps for other protocol daemons, lookup their
appropriate OID from their mib. (For additional information about which traps
are supported by your mib, lookup the mib on
`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).

Make sure *snmptrapd* is started.

The snmptrap_handle.sh script I personally use for handling BGP4 traps is
below. You can of course do all sorts of things when handling traps, like sound
a siren, have your display flash, etc., be creative ;).

.. code-block:: shell

   #!/bin/bash

   # routers name
   ROUTER=`hostname -s`

   #email address use to sent out notification
   EMAILADDR="john@doe.com"
   #email address used (allongside above) where warnings should be sent
   EMAILADDR_WARN="sms-john@doe.com"

   # type of notification
   TYPE="Notice"

   # local snmp community for getting AS belonging to peer
   COMMUNITY="<community>"

   # if a peer address is in $WARN_PEERS a warning should be sent
   WARN_PEERS="192.0.2.1"

   # get stdin
   INPUT=`cat -`

   # get some vars from stdin
   uptime=`echo $INPUT | cut -d' ' -f5`
   peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
   peerstate=`echo $INPUT | cut -d' ' -f13`
   errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\\"//g'`
   suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\\"//g'`
   remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4`

   WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'`
   asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/  //g' -e 's/^ //g' | uniq`
   asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/  //g' -e 's/^ //g' | uniq`

   # if peer address is in $WARN_PEER, the email should also
   # be sent to $EMAILADDR_WARN
   for ip in $WARN_PEERS; do
   if [ "x$ip" == "x$peer" ]; then
   EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
   TYPE="WARNING"
   break
   fi
   done

   # convert peer state
   case "$peerstate" in
   1) peerstate="Idle" ;;
   2) peerstate="Connect" ;;
   3) peerstate="Active" ;;
   4) peerstate="Opensent" ;;
   5) peerstate="Openconfirm" ;;
   6) peerstate="Established" ;;
   *) peerstate="Unknown" ;;
   esac

   # get textual messages for errors
   case "$errorcode" in
   00)
   error="No error"
   suberror=""
   ;;
   01)
   error="Message Header Error"
   case "$suberrorcode" in
   01) suberror="Connection Not Synchronized" ;;
   02) suberror="Bad Message Length" ;;
   03) suberror="Bad Message Type" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   02)
   error="OPEN Message Error"
   case "$suberrorcode" in
   01) suberror="Unsupported Version Number" ;;
   02) suberror="Bad Peer AS" ;;
   03) suberror="Bad BGP Identifier" ;;
   04) suberror="Unsupported Optional Parameter" ;;
   05) suberror="Authentication Failure" ;;
   06) suberror="Unacceptable Hold Time" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   03)
   error="UPDATE Message Error"
   case "$suberrorcode" in
   01) suberror="Malformed Attribute List" ;;
   02) suberror="Unrecognized Well-known Attribute" ;;
   03) suberror="Missing Well-known Attribute" ;;
   04) suberror="Attribute Flags Error" ;;
   05) suberror="Attribute Length Error" ;;
   06) suberror="Invalid ORIGIN Attribute" ;;
   07) suberror="AS Routing Loop" ;;
   08) suberror="Invalid NEXT_HOP Attribute" ;;
   09) suberror="Optional Attribute Error" ;;
   10) suberror="Invalid Network Field" ;;
   11) suberror="Malformed AS_PATH" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   04)
   error="Hold Timer Expired"
   suberror=""
   ;;
   05)
   error="Finite State Machine Error"
   suberror=""
   ;;
   06)
   error="Cease"
   case "$suberrorcode" in
   01) suberror="Maximum Number of Prefixes Reached" ;;
   02) suberror="Administrative Shutdown" ;;
   03) suberror="Peer De-configured" ;;
   04) suberror="Administrative Reset" ;;
   05) suberror="Connection Rejected" ;;
   06) suberror="Other Configuration Change" ;;
   07) suberror="Connection Collision Resolution" ;;
   08) suberror="Out of Resources" ;;
   09) suberror="MAX" ;;
   *) suberror="Unknown" ;;
   esac
   ;;
   *)
   error="Unknown"
   suberror=""
   ;;
   esac

   # create textual message from errorcodes
   if [ "x$suberror" == "x" ]; then
   NOTIFY="$errorcode ($error)"
   else
   NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
   fi

   # form a decent subject
   SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
   # create the email body
   MAIL=`cat << EOF
   BGP notification on router $ROUTER.

   Peer: $peer
   AS: $remoteas
   New state: $peerstate
   Notification: $NOTIFY

   Info:
   $asname
   $asdescr

   Snmpd uptime: $uptime
   EOF`

   # mail the notification
   echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR
Commit	Line	Data
42fc5d26 QY	1	Handling SNMP Traps
	2	===================
	3
c1a54c05	4	To handle snmp traps make sure your snmp setup of frr works correctly as
0efdf0fe	5	described in the frr documentation in :ref:`snmp-support`.
42fc5d26	6
c1a54c05 QY	7	The BGP4 mib will send traps on peer up/down events. These should be visible in
c1a54c05 QY	8	your snmp logs with a message similar to:
42fc5d26	9
ec8404d8 QY	10	::
	11
	12	snmpd[13733]: Got trap from peer on fd 14
42fc5d26	13
c1a54c05 QY	14	To react on these traps they should be handled by a trapsink. Configure your
c1a54c05 QY	15	trapsink by adding the following lines to :file:`/etc/snmpd/snmpd.conf`:
42fc5d26 QY	16
	17	::
	18
ec8404d8 QY	19	# send traps to the snmptrapd on localhost
ec8404d8 QY	20	trapsink localhost
a8c90e15	21
42fc5d26	22
c1a54c05 QY	23	This will send all traps to an snmptrapd running on localhost. You can of
	24	course also use a dedicated management station to catch traps. Configure the
	25	snmptrapd daemon by adding the following line to
42fc5d26 QY	26	:file:`/etc/snmpd/snmptrapd.conf`:
	27
	28	::
	29
ec8404d8	30	traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh
a8c90e15	31
42fc5d26 QY	32
	33	This will use the bash script :file:`/etc/snmp/snmptrap_handle.sh` to handle
	34	the BGP4 traps. To add traps for other protocol daemons, lookup their
c1a54c05 QY	35	appropriate OID from their mib. (For additional information about which traps
c1a54c05 QY	36	are supported by your mib, lookup the mib on
42fc5d26 QY	37	`http://www.oidview.com/mibs/detail.html <http://www.oidview.com/mibs/detail.html>`_).
42fc5d26 QY	38
c1a54c05	39	Make sure snmptrapd is started.
42fc5d26	40
c1a54c05 QY	41	The snmptrap_handle.sh script I personally use for handling BGP4 traps is
	42	below. You can of course do all sorts of things when handling traps, like sound
	43	a siren, have your display flash, etc., be creative ;).
42fc5d26	44
9eb95b3b	45	.. code-block:: shell
42fc5d26	46
ec8404d8 QY	47	#!/bin/bash
	48
	49	# routers name
	50	ROUTER=`hostname -s`
	51
	52	#email address use to sent out notification
	53	EMAILADDR="john@doe.com"
	54	#email address used (allongside above) where warnings should be sent
	55	EMAILADDR_WARN="sms-john@doe.com"
	56
	57	# type of notification
	58	TYPE="Notice"
	59
	60	# local snmp community for getting AS belonging to peer
	61	COMMUNITY="<community>"
	62
	63	# if a peer address is in $WARN_PEERS a warning should be sent
	64	WARN_PEERS="192.0.2.1"
	65
	66	# get stdin
	67	INPUT=`cat -`
	68
	69	# get some vars from stdin
	70	uptime=`echo $INPUT \| cut -d' ' -f5`
	71	peer=`echo $INPUT \| cut -d' ' -f8 \| sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'`
	72	peerstate=`echo $INPUT \| cut -d' ' -f13`
	73	errorcode=`echo $INPUT \| cut -d' ' -f9 \| sed -e 's/\\"//g'`
	74	suberrorcode=`echo $INPUT \| cut -d' ' -f10 \| sed -e 's/\\"//g'`
	75	remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer \| cut -d' ' -f4`
	76
	77	WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" \| egrep '(as-name\|descr)'`
	78	asname=`echo "$WHOISINFO" \| grep "^as-name:" \| sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' \| uniq`
	79	asdescr=`echo "$WHOISINFO" \| grep "^descr:" \| sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' \| uniq`
	80
	81	# if peer address is in $WARN_PEER, the email should also
	82	# be sent to $EMAILADDR_WARN
	83	for ip in $WARN_PEERS; do
	84	if [ "x$ip" == "x$peer" ]; then
	85	EMAILADDR="$EMAILADDR,$EMAILADDR_WARN"
	86	TYPE="WARNING"
	87	break
	88	fi
	89	done
	90
	91	# convert peer state
	92	case "$peerstate" in
	93	1) peerstate="Idle" ;;
	94	2) peerstate="Connect" ;;
	95	3) peerstate="Active" ;;
	96	4) peerstate="Opensent" ;;
	97	5) peerstate="Openconfirm" ;;
	98	6) peerstate="Established" ;;
	99	*) peerstate="Unknown" ;;
	100	esac
	101
	102	# get textual messages for errors
	103	case "$errorcode" in
	104	00)
	105	error="No error"
	106	suberror=""
	107	;;
	108	01)
	109	error="Message Header Error"
	110	case "$suberrorcode" in
111	01) suberror="Connection Not Synchronized" ;;
112	02) suberror="Bad Message Length" ;;
113	03) suberror="Bad Message Type" ;;
114	*) suberror="Unknown" ;;
115	esac
116	;;
117	02)
118	error="OPEN Message Error"
119	case "$suberrorcode" in
120	01) suberror="Unsupported Version Number" ;;
121	02) suberror="Bad Peer AS" ;;
122	03) suberror="Bad BGP Identifier" ;;
123	04) suberror="Unsupported Optional Parameter" ;;
124	05) suberror="Authentication Failure" ;;
125	06) suberror="Unacceptable Hold Time" ;;
126	*) suberror="Unknown" ;;
127	esac
128	;;
129	03)
130	error="UPDATE Message Error"
131	case "$suberrorcode" in
132	01) suberror="Malformed Attribute List" ;;
133	02) suberror="Unrecognized Well-known Attribute" ;;
134	03) suberror="Missing Well-known Attribute" ;;
135	04) suberror="Attribute Flags Error" ;;
136	05) suberror="Attribute Length Error" ;;
137	06) suberror="Invalid ORIGIN Attribute" ;;
138	07) suberror="AS Routing Loop" ;;
139	08) suberror="Invalid NEXT_HOP Attribute" ;;
140	09) suberror="Optional Attribute Error" ;;
141	10) suberror="Invalid Network Field" ;;
142	11) suberror="Malformed AS_PATH" ;;
143	*) suberror="Unknown" ;;
144	esac
145	;;
146	04)
147	error="Hold Timer Expired"
148	suberror=""
149	;;
150	05)
151	error="Finite State Machine Error"
152	suberror=""
153	;;
154	06)
155	error="Cease"
156	case "$suberrorcode" in
157	01) suberror="Maximum Number of Prefixes Reached" ;;
0ac74523 DA	158	02) suberror="Administrative Shutdown" ;;
	159	03) suberror="Peer De-configured" ;;
	160	04) suberror="Administrative Reset" ;;
ec8404d8 QY	161	05) suberror="Connection Rejected" ;;
ec8404d8 QY	162	06) suberror="Other Configuration Change" ;;
0ac74523 DA	163	07) suberror="Connection Collision Resolution" ;;
0ac74523 DA	164	08) suberror="Out of Resources" ;;
ec8404d8 QY	165	09) suberror="MAX" ;;
	166	*) suberror="Unknown" ;;
	167	esac
	168	;;
	169	*)
	170	error="Unknown"
	171	suberror=""
	172	;;
	173	esac
	174
	175	# create textual message from errorcodes
	176	if [ "x$suberror" == "x" ]; then
	177	NOTIFY="$errorcode ($error)"
	178	else
	179	NOTIFY="$errorcode/$suberrorcode ($error/$suberror)"
	180	fi
	181
	182	# form a decent subject
	183	SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY"
	184	# create the email body
	185	MAIL=`cat << EOF
	186	BGP notification on router $ROUTER.
	187
	188	Peer: $peer
	189	AS: $remoteas
	190	New state: $peerstate
	191	Notification: $NOTIFY
	192
	193	Info:
	194	$asname
	195	$asdescr
	196
	197	Snmpd uptime: $uptime
	198	EOF`
	199
	200	# mail the notification
	201	echo "$MAIL" \| mail -s "$SUBJECT" $EMAILADDR