配置snmptrap服务器写入日志并通过邮件报警
-
安装相关软件包
yum install net-snmp net-snmp-utils mailx -
修改snmptrapd配置文件/etc/snmp/snmptrapd.conf
disableAuthorization yes authCommunity log,execute,net public traphandle default /usr/local/bin/traplog.sh -
创建traplog.sh脚本,将trap信息写入到日志文件
vim /usr/local/bin/traplog.sh chmod +x /usr/local/bin/traplog.sh文件内容如下
#!/bin/bash # traplog.sh # A script to log trap information to a file # Define the log file path LOGFILE=/var/log/snmp/trap.log # Get the current datetime DATE=$(date +"%Y-%m-%d %H:%M:%S") # Write a header to the log file touch $LOGFILE echo "------------------------------" >> $LOGFILE echo "Trap received at $DATE" >> $LOGFILE # Read the trap information from standard input and write it to the log file while read line do echo "$line" >> $LOGFILE done # Write a footer to the log file echo "End of trap" >> $LOGFILE -
配置防火墙并启动snmptrapd服务
firewall-cmd --add-port=162/udp --permanent firewall-cmd --reload systemctl start snmptrapd.service systemctl enable snmptrapd.service -
创建脚本监听日志文件并发送邮件
touch /usr/local/bin/trapmail.sh chmod +x /usr/local/bin/trapmail.sh文件内容如下
#!/bin/bash # Script name: trapmail.sh # Author: wanghongwei # Date: 2023-08-18 # Version: 1.0 # Description: A script to monitor trap and send email alerts # Usage: ./trapmail.sh # Define lockfile and add exclusive lock LOCKFILE=/var/run/trapmail.lock exec 200>$LOCKFILE flock -n 200 if [ $? != 0 ]; then echo "Fatal: The script is already running!" && exit 1 fi # Define the logfiles LOGFILE=/var/log/snmp/trapmail.log TRAPLOG=/var/log/snmp/trap.log # Define the email subject and recipient SUBJECT="SNMP Trap Alert" RECIPIENT="1172688836@qq.com" # Get the last modified time of the file LASTMOD=$(stat $TRAPLOG | grep Modify | cut -d ' ' -f 2,3) # Loop forever while true; do # Get the current modified time of the file CURMOD=$(stat $TRAPLOG | grep Modify | cut -d ' ' -f 2,3) # Compare the current and last modified time if [ "$CURMOD" != "$LASTMOD" ]; then # If the file has changed, update the last modified time LASTMOD=$CURMOD # Get the current datetime and recording DATE=$(date +"%Y-%m-%d %H:%M:%S") echo "$DATE Info: The traplog file has changed." >>$LOGFILE # Get the last trap of the file, which is the new trap information STACK="" while read line; do if [[ $line =~ ^-----.* ]]; then break else STACK="$STACK\n$line" fi done< <(tac $TRAPLOG) TRAP=$(echo -e $STACK | tac) # Send the trap information as email to the recipient echo "$TRAP" | mailx -s "$SUBJECT" -a $TRAPLOG $RECIPIENT echo "$DATE Info: New trap received and sent to $RECIPIENT." >>$LOGFILE fi # Sleep for 10 seconds before checking again sleep 10 done # Release exclusive lock exec 200>&- -
启动脚本
/usr/local/bin/trapmail.sh & -
发送测试报文验证
snmptrap -v 2c -c public 127.0.0.1:162 "" .1.3.6.1.4.1.2021.251.1 sysLocation.0 s "Shanghai" sysName.0 s "monitor.example.com"