配置SNMP trap服务器写入日志并通过邮件报警

配置snmptrap服务器写入日志并通过邮件报警

1. 安装相关软件包

   yum install net-snmp net-snmp-utils mailx
   

2. 修改snmptrapd配置文件/etc/snmp/snmptrapd.conf

   disableAuthorization yes
   authCommunity log,execute,net public
   traphandle default /usr/local/bin/traplog.sh
   

3. 创建traplog.sh脚本，将trap信息写入到日志文件

   vim /usr/local/bin/traplog.sh
   chmod +x /usr/local/bin/traplog.sh
   

   文件内容如下

   #!/bin/bash
   # traplog.sh
   # A script to log trap information to a file
   
   # Define the log file path
   LOGFILE=/var/log/snmp/trap.log
   
   # Get the current datetime
   DATE=$(date +"%Y-%m-%d %H:%M:%S")
   
   # Write a header to the log file
   touch $LOGFILE
   echo "------------------------------" >> $LOGFILE
   echo "Trap received at $DATE" >> $LOGFILE
   
   # Read the trap information from standard input and write it to the log file
   while read line
   do
       echo "$line" >> $LOGFILE
   done
   
   # Write a footer to the log file
   echo "End of trap" >> $LOGFILE
   

4. 配置防火墙并启动snmptrapd服务

   firewall-cmd --add-port=162/udp --permanent
   firewall-cmd --reload
   systemctl start snmptrapd.service
   systemctl enable snmptrapd.service
   

5. 创建脚本监听日志文件并发送邮件

   touch /usr/local/bin/trapmail.sh
   chmod +x /usr/local/bin/trapmail.sh
   

   文件内容如下

   #!/bin/bash
   
   # 文件名: trapmail.sh
   # 作者: wanghongwei
   # 日期: 2023年8月18日
   # 版本: 1.0
   # 描述: 监控SNMP Trap并发送邮件告警
   # 使用方式: ./trapmail.sh
   
   # Define lockfile and add exclusive lock
   LOCKFILE=/var/run/trapmail.lock
   exec 200>$LOCKFILE
   flock -n 200
   if [ $? != 0 ]; then
   	echo "Fatal: The script is already running!" && exit 1
   fi
   
   trap "exec 200>&-; rm -f $LOCKFILE; exit" SIGINT SIGTERM
   
   # Define the logfiles
   LOGFILE=/var/log/snmp/trapmail.log
   TRAPLOG=/var/log/snmp/trap.log
   
   # Define the email subject and recipient
   SUBJECT="SNMP Trap Alert"
   RECIPIENT="wanghongwei-dev@qq.com"
   
   # Get the last modified time of the file
   LASTMOD=$(stat "$TRAPLOG" | grep Modify | cut -d ' ' -f 2,3)
   
   # Loop forever
   while true; do
       # Get the current modified time of the file
   	CURMOD=$(stat "$TRAPLOG" | grep Modify | cut -d ' ' -f 2,3)
   
   	# Compare the current and last modified time
   	if [ "$CURMOD" != "$LASTMOD" ]; then
           # If the file has changed, update the last modified time
           LASTMOD=$CURMOD
   		# Get the current datetime and recording
   		DATE=$(date +"%Y-%m-%d %H:%M:%S")
   		echo "$DATE Info: The traplog file has changed." >>$LOGFILE
   		# Get the last trap of the file, which is the new trap information
   		STACK=""
   		while read line; do
     		    if [[ $line =~ ^-----.* ]]; then
       	        break
     		    else
       			STACK="$STACK\n$line"
     			fi
   		done< <(tac "$TRAPLOG")
   		TRAP=$(echo -e $STACK | tac)
   
   		# Send the trap information as email to the recipient
   		echo -e "$TRAP" | mailx -s "$SUBJECT" -a "$TRAPLOG" "$RECIPIENT"
   		echo "$DATE Info: New trap received and sent to $RECIPIENT." >>$LOGFILE
   	fi
   
   	# Sleep for 10 seconds before checking again
   	sleep 10
   done
   

6. 启动脚本并写入开启自启/etc/rc.local

   chmod +x /etc/rc.local
   /usr/local/bin/trapmail.sh &
   

7. 发送测试报文验证

   snmptrap -v 2c -c public 127.0.0.1:162 "" .1.3.6.1.4.1.2021.251.1 sysLocation.0 s "Shanghai" sysName.0 s "monitor.example.com"