We catch snmp mac-notification traps from Cisco devices

In spite of the seeming simplicity of the question, I had to collect the information bit by bit for a long time and tediously. In this publication, I want to share my experience.

So, mac notification - snmp notification, which will send the server information about the mac-address of the device on the switch port when this device is turned on or off. A very handy thing that extends network monitoring capabilities through snmp.

Proceed to setup

Setting up the switch does not take much time:

!   !   snmp snmp-server community _ RO ! mac  snmp-server enable traps mac-notification change move threshold !,    snmp-server host IP-_ _ mac-notification snmp !   mac address-table notification change mac address-table notification change interval 15 mac address-table notification change history-size 100 !              int range fa0/1-24 snmp trap mac-notification change added snmp trap mac-notification change removed

You can check the settings in debug mode:
')

 debug snmp packets ter mon

If everything is set up correctly, we will see something like this:

 Nov 11 16:28:51.685: SNMP: Queuing packet to xxx.xxx.xxx.xxx Nov 11 16:28:51.685: SNMP: V1 Trap, ent cmnMIBNotificationPrefix, addr 10.0.28.18, gentrap 6, spectrap 1 cmnHistMacChangedMsg.37 = 01 00       00 14 00 cmnHistTimestamp.37 = 113588548 Nov 11 16:28:51.937: SNMP: Packet sent via UDP to xxx.xxx.xxx.xxx

Consider the cmnHistMacChangedMsg object in more detail, which transmits a hexadecimal string of 11 octets (the last two zeros are always the end of the record). The first octet is the state (01 is the device is added, 02 is the device is disabled), the next 2 octets are the vlan's number, 6 octets are the MAC address (in our case, it is xxxx.xxxxx.xxxx), and 2 octets (00 14) - port number.
I want to draw attention to the following: according to the documentation , the cmnHistMacChangedMsg object can transmit several mac-addresses in one trap. In this case, the records go in a row, without any separation, a pair of zeros will be added to the end of the message.

Setting up a server consists of several steps:

Before setting up, I strongly recommend checking whether the udp packets reach the server using the tcpdump udp | grep IP_switch command.

Install snmp server and standard mib:

 sudo apt-get install snmpd snmp snmptt snmp-mibs-downloader

Installing the required MIB files
By default, the snmp server does not know about the mac-notification object in Cisco. In order for the server to recognize this trap, you need to download .mib files from ftp and put them in / var / lib / mibs.
You must download the following files:
```
 CISCO-MAC-NOTIFICATION-MIB CISCO-QOS-PIB-MIB CISCO-SMI CISCO-TC CISCO-VTP-MIB 
```
In case of successful installation of new mib, per command
```
 snmptranslate -m CISCO-MAC-NOTIFICATION-MIB .1.3.6.1.4.1.9.9.215 
```
the server will respond
```
 CISCO-MAC-NOTIFICATION-MIB::ciscoMacNotificationMIB 
```
Configuring configuration files

/ etc / default / snmpd:
SNMPDRUN = yes
SNMPDOPTS = '- Lsd -Lf / dev / null -u snmp -g snmp -I -smux, mteTrigger, mteTriggerConf -p /var/run/snmpd.pid'
TRAPDRUN = yes
TRAPDOPTS = '- On -Lsd -p /var/run/snmptrapd.pid'

/etc/snmp/snmptrapd.conf:
# redirect all traps to the snmptt daemon by default
traphandle default snmptt
# Allow all traps
disableAuthorization yes

/etc/snmp/snmptt.conf:
# Search for the desired OID
EVENT CISCO-MAC-NOTIFICATION-MIB :: cmnMacChangedNotification .1.3.6.1.4.1.9.9.215.2.0.1 "Status Events" Normal
Cisco FORMAT
# Redirect to script. The first parameter is $ aA-Ip device address, the second parameter is $ 1 - OID cmnHistMacChangedMsg,
# in the cat there is information about the status, mac address, vlan and device interface.
# ATTENTION !! Cisco can transfer several cmnHistMacChangedMsg records in one trap.
EXEC php /opt/script.php $ aA $ 1
SDESC
EDESC

/etc/snmp/snmptt.ini:
#
# SNMPTT v1.4 Configuration File
#
# Linux / Unix
#

[General]
# Name of this system for $ H variable. If blank, the system name will be the computer's
# hostname via Sys :: Hostname.
snmptt_system_name =

# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
# Ignored by Windows. See documentation
mode = standalone

Set
# Set to 0 to have it after the first match.
# This option should be set to 1. See the section 'SNMPTT.CONF Configuration
# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches. This takes
# into consideration the NODES list. Therefore, if there is a matching trap, but
# of NODES list
# only be used if there are no other exact matches.
multiple_event = 1

#SNMPTRAPD passes the IP address for the device
# actual SNMP agent. If you want
# device (relay, proxy etc).
# If DNS is enabled, the IP address is assigned to the agent.
# (which includes the local hosts file is configured, the OS is configured). This name
# will be used for: NODES entry matches, hostname field in logged traps (file / database),
# and the $ A variable. Host names on the NODES line will be resolved and the IP address
# will then be used for comparing.
# Set to 0 to disable DNS resolution
# Set to 1 to enable DNS resolution
dns_enable = 0

# Set to 0 to enable the Fully Qualified Domain Names (FQDN). If a host name is
# passed to SNMPTT
# SNMPTT. This also affects resolve_value_ip_addresses.
# Set to 1 SNMPTT strip to go. For
# example, server01.domain.com would be changed to server01
# Set SNMPTT to 2 to have a strip
# based on the list of domains in strip_domain_list
strip_domain = 0

# It is stripped when strip_domain is set to 2.
# List can contain one or more domains. For example, if the FQDN of a host is
# server01.city.domain.com and the list contains domain.com, the 'host' will be
# set as server01.city.
strip_domain_list = << END
domain.com
END

Configures of the bindings of the variable bindings are handled.
This is the case for $ n, $ + n, $ -n, $ vn, $ + *, $ - *.
# Set to 0 to disable resolving ip address to host names
# Set to 1 to enable resolving ip address to host names
# Note: net_snmp_perl_enable * must * be enabled. The strip_domain settings influence the
# format of the resolved host name. DNS must be enabled (dns_enable)
resolve_value_ip_addresses = 0

Set the module from the UCD-SNMP / NET-SNMP package.
# This is a $ v variable substitution for work, and also for some other options
# that are enabled in this .ini file.
Set the module from the UCD-SNMP / NET-SNMP package.
# Note: Enabling this mode can cause SNMPTT to run very slowly due to
# the loading of the MIBS at startup.
net_snmp_perl_enable = 0

# Set to 1 to enable caching of OID and ENUM translations when net_snmp_perl_enable is
# enabled. Enabling this should result in faster translations.
# Set to 0 to disable caching.
# Note: Restart SNMPTT after updating the MIB files for Net-SNMP, otherwise the cache may
# contain inaccurate data. Defaults to 1.
net_snmp_perl_cache_enable = 1

# This sets the best_guess parameter used by the UCD-SNMP / NET-SNMP perl module for
# translating symbolic nams to OIDs and vice versa.
# For UCD-SNMP, and Net-SNMP 5.0.8 and previous versions, set this value to 0.
# For Net-SNMP 5.0.9, or any Net-SNMP with patch 722075 applied, set this value to 2.
# A value of 2 is equivalent to -IR on Net-SNMP command line utilities.
# UCD-SNMP and Net-SNMP 5.0.8
# symbolic names such as RFC1213-MIB :: sysDescr. Net-SNMP 5.0.9 or patch 722075 will allow
# all possibilities to be translated. See the FAQ section in the README for more info
net_snmp_perl_best_guess = 0

# Configures how the OID of the received trap is handled when outputting to a log file /
# database. It does NOT apply to the $ O variable.
# Set to 0 to use the default of numerical OID
# Set to 1 for translate the short message (symbolic form) (eg: linkUp)
# Set to translate the trap OID to short text with the module name (eg: IF-MIB :: linkUp)
# Set to 3 to translate the trap OID to long text (eg: iso ... snmpTraps.linkUp)
# Set to translate the trap OID to long text with the module name (eg:
# IF-MIB :: iso ... snmpTraps.linkUp)
# Note: -The output of the Net-SNMP you
# are using.
# -net_snmp_perl_enable * must * be enabled
# -If using database logging, ensure the trapoid column is large enough to hold the
# entire line
translate_log_trap_oid = 0

# Configures how the OIDs contained in the VALUE of the variable bindings are handled.
This is the case for $ n, $ + n, $ -n, $ vn, $ + *, $ - *. For substitutions
# that include variable NAMES ($ + n etc), only the variable VALUE is affected.
# Set to 0 to disable translating OID values to text (symbolic form)
# Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm)
# Set to 2 to translate OID values to short text with module name (eg: UPS-MIB :: BuildingAlarm)
# Set to 3 to translate OID values to long text (eg: iso ... upsAlarm.BuildingAlarm)
# Set to 4 to translate OID values to long text with module name (eg:
# UPS-MIB :: iso ... upsAlarm.BuildingAlarm)
# For example, if the value contained: 'A UPS Alarm (.1.3.6.1.4.1.534.1.7.12) has cleared.',
# it could be translated to: 'A UPS Alarm (UPS-MIB :: BuildingAlarm) has cleared.'
# Note: net_snmp_perl_enable * must * be enabled
translate_value_oids = 1

# Configures how the symbolic enterprise OID will be displayed for $ E.
# Set to 1, 2, 3 or 4. See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable * must * be enabled
translate_enterprise_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $ O.
# Set to 1, 2, 3 or 4. See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable * must * be enabled
translate_trap_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $ v, $ -n, $ + n, $ - * and $ + *.
# Set to 1, 2, 3 or 4. See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable * must * be enabled
translate_varname_oid_format = 1

# Set to 0 to disable converting values to enumeration tags
# MIB files
# Set to 1 to enable converting values to enumeration tags
# MIB files
# Example: moverDoorState: open instead of moverDoorState: 2
# Note: net_snmp_perl_enable * must * be enabled
translate_integers = 1

# Allows you to set the environment variable used by SNMPTT
# Leave your system settings
# To have all MIBS processed, set to ALL
# See the snmp.conf manual page for more info
mibs_environment = ALL

# Set what is used to separate variables when wildcards are /
# EXEC line. Defaults to a space. Value MUST be within quotes. Can contain 1 or
# more characters
wildcard_expansion_separator = ""

# Set to 1 unsafe REGEX code to be executed.
# Set to 0 to prevent unsafe REGEX code from being executed (default).
# Enabling unsafe REGEX code
# modifier to allow statements such as substitution with captures such
# as: (one (two) three) (five $ 1 six)
# which outputs: five two six
# or: (one (two) three) ("five" .length ($ 1). "six") e
# which outputs: five 3 six
#
# This is considered unsafe
# (right) is executed (eval) by Perl which * could contain unsafe code *.
# BE SURE THAT THE SNMPTT CONFIGURATION FILES ARE SECURE!
allow_unsafe_regex = 0

# Set to 1 to have the backslash (escape) removed from quotes passed from
# snmptrapd. For example, \ "would be changed to just"
# Set to 0 to disable
remove_backslash_from_quotes = 0

# Set to 1 to have NODES files loaded each time a trap is processed.
# Set to 0 to have all NODES files loaded when the snmptt.conf files are loaded.
# If NODES files are used (files that contain lists of NODES), then setting to 1
# this is an EVENT processed
# NODES files. SNMPTT is
depending on the number of traps
# received. Defaults to 0
dynamic_nodes = 0

$ D substitution variable to include the
# description text from the SNMPTT.CONF or MIB files.
# Set to 0 to disable the $ D substitution variable. If $ D is used, nothing
# will be outputted.
# Set to 1
# descriptions stored in the SNMPTT .conf files. Enabling this option can
# greatly increase the amount of memory used by SNMPTT.
# Set to 2 to enable the $ d substitution variable
# description from the MIB files. This enables the UCD-SNMP / NET-SNMP Perl
# module save_descriptions variable. Enabling this option can greatly
# increase the amount of memory used by the Net-SNMP SNMP Perl module, which
# will result in an increase in memory usage by SNMPTT.
description_mode = 0

Set the line to each line from the MIB
# or SNMPTT.CONF description when description_mode is set to 1 or 2.
description_clean = 1

# Warning: Experimental. Not recommended for production environments.
# When threads are enabled, SNMPTT may quit unexpectedly.
# Set to 1 to enable threads (ithreads) in Perl 5.6.0 or higher. If enabled,
# EXEC will start SNMPTT to continue processing other
# traps. See also threads_max.
# Set to 0 to disable threads (ithreads).
# Defaults to 0
threads_enable = 0

# Warning: Experimental. Not recommended for production environments.
# When threads are enabled, SNMPTT may quit unexpectedly.
# This option
# execute at once. Defaults to 10
threads_max = 10

# The date format for $ x in strftime () format. If not defined, defaults
# to% a% b% e% Y.
#date_format =% a% b% e% Y

# The time format for $ X in strftime () format. If not defined, defaults
# to% H:% M:% S.
#time_format =% H:% M:% S

# For date / time when logging
# to standard output, snmptt log files (log_file) and the unknown log file
# (unknown_trap_log_file). Defaults to localtime (). For SQL, see
# date_time_format_sql.
# Example:% a% b% e% Y% H:% M:% S
date_time_format =% H:% M:% S% Y /% m /% d

[DaemonMode]
# Set to 1
# Ignored by Windows. See documentation
daemon_fork = 1

# Set to numeric user id (eg: 500) or textual user id (eg: snmptt)
# that snmptt should be running in daemon mode. Leave blank
# to disable. Used to have log
# files, the spool folder, read the configuration files.
# Only use this if you are starting snmptt as root.
# A second (child) process will be started
# there will be two snmptt processes running. The first process will
# continue to run as root, waiting for the
# child to quit. After the child quits
# the snmptt.pid file and exit.
daemon_uid = snmptt

# Running path when running in daemon mode.
pid_file = /var/run/snmptt.pid

# Directory to read received traps from. Ex: / var / spool / snmptt /
# Don't forget the trailing slash!
spool_directory = / var / spool / snmptt /

# Amount of time to sleep between processing spool files
sleep = 5

# Set to 1 to have SNMPTT use the SNMPTTHLANDLER
# Set to 0 to have SNMPTT use the time the trap was processed. Note: Using 0 can
# result in the number of seconds used
use_trap_time = 1

# Set to 0 to have a SNMPTT attempt to process
The trap even if it was not logged in.
# Set to 1 to have SNMPTT erase the spooled trap file only after it successfully
# logs to at least ONE log system.
# Set to 2 to have SNMPTT erase the spooled trap file only after it successfully
# logs for ALL of the enabled log systems. Warning: If multiple log systems are
will be logged to
# until ALL of the log systems function.
# The recommended setting is 1 with only one log system enabled.
keep_unlogged_traps = 1

# How often duplicate traps will be processed. An MD5 hash of all incoming traps
# is stored in memory and is used to check for duplicates. All variables except for
# the uptime variable are used when calculating the MD5. The larger this variable,
# the more memory snmptt will require.
# Note: it can be a good idea.
# negative effect. For example, if you are trying to connect to a wireless device
# that keeps you losing
# all the associations and disassociations.
# 5 minutes = 300
# 10 minutes = 600
# 15 minutes = 900
duplicate_trap_window = 0

[Logging]
Set to 1 to enable output.
# Would normally be disabled unless you are
stdout_enable = 0

# Set to 1 to enable text logging of * TRAPS *. Make sure you specify a log_file
# location
log_enable = 1

# Log file location. The COMPLETE path and filename. Ex: '/var/log/snmptt/snmptt.log'
log_file = /tmp/my_traps.tmp

# Set to 1 to enable text logging of * SNMPTT system errors *. Make sure you
# specify a log_system_file location
log_system_enable = 0

# Log file location. The COMPLETE path and filename.
# Ex: '/var/log/snmptt/snmpttsystem.log'
log_system_file = /var/log/snmptt/snmpttsystem.log

# Set to 1 to enable logging of unknown traps. This should normally be left off
# as the file could grow large quickly. Used primarily for troubleshooting. If
# you have defined a trap in snmptt.conf, but it isn’t executing, enable this to
# see if it is a trap
# simply missing from the snmptt.conf file.
# Unknown traps can be logged either a text file or a SQL table or both.
# See SQL section to define a SQL table to log unknown traps to.
unknown_trap_log_enable = 1

# Unknown trap log file location. The COMPLETE path and filename.
# Ex: '/var/log/snmptt/snmpttunknown.log'
# Leave blank to disable logging to text if logging to SQL is enabled
# for unknown traps
unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log

# How often statistics statistics should be logged in syslog or the event log.
# Set to 0 to disable
# 1 hour = 216000
# 12 hours = 2592000
# 24 hours = 5184000
statistics_interval = 0

# Set to 1 to enable logging of * TRAPS * to syslog. If you do not have the Sys :: Syslog
# module then disable this. Windows users should disable this.
syslog_enable = 1

# Syslog facility to use for logging of * TRAPS *. For example: 'local0'
syslog_facility = local0

# Set the syslog level for * TRAPS * based on the severity level of the trap
# as defined in the snmptt.conf file. Values must be one per line between
# the syslog_level_ * and END lines, and are not case sensitive. For example:
# Warning
# Critical
# Duplicate definitions will be defined with the higher severity.
syslog_level_debug = << END
END
syslog_level_info = << END
END
syslog_level_notice = << END
END
syslog_level_warning = << END
END
syslog_level_err = << END
END
syslog_level_crit = << END
END
syslog_level_alert = << END
END

# Syslog default level for * TRAPS *. For example: warning
# Valid values: emerg, alert, crit, err, warning, notice, info, debug
syslog_level = warning

# Set to 1 to enable logging of * SNMPTT system errors * to syslog. If you do not have the
# Sys :: Syslog module then disable this. Windows users should disable this.
syslog_system_enable = 1

# Syslog facility to use SNMPTT system errors *. For example: 'local0'
syslog_system_facility = local0

# SNMPTT system errors * ... For example: 'warning'
# Valid values: emerg, alert, crit, err, warning, notice, info, debug
syslog_system_level = warning

[SQL]
# Determines the OID or symbolic OID
# Set to 0 for numeric OID
# Set to 1 for symbolic OID
# Uses translate_enterprise_oid_format to determine format
# Note: net_snmp_perl_enable * must * be enabled
db_translate_enterprise = 0

# FORMAT line to use for unknown traps. If not defined, defaults to $ - *.
db_unknown_trap_format = '$ - *'

# Of custom SQL
# (defined by * _table below). The format is
# column name
# value
#
# For example:
#
# binding_count
# $ #
# uptime2
# The agent has been up for $ T.
sql_custom_columns = << END
END

# Of custom SQL
# (defined by * _table_unknown below). See sql_custom_columns for the format.
sql_custom_columns_unknown = << END
END

# MySQL: Set to 1 to enable logging to a MySQL database via DBI (Linux / Windows)
# This requires DBI :: and DBD :: mysql
mysql_dbi_enable = 0

# MySQL: Hostname of database server (optional - default localhost)
mysql_dbi_host = localhost

# MySQL: Port number of database server (optional - default 3306)
mysql_dbi_port = 3306

# MySQL: Database to use
mysql_dbi_database = snmptt

# MySQL: Table to use
mysql_dbi_table = snmptt

# MySQL: Table to use for unknown traps
# Leave blank to disable logging of unknown to MySQL
# Note: unknown_trap_log_enable must be enabled.
mysql_dbi_table_unknown = snmptt_unknown

# MySQL: Table to use for statistics
# Note: statistics_interval must be set. See also stat_time_format_sql.
#mysql_dbi_table_statistics = snmptt_statistics
mysql_dbi_table_statistics =

# MySQL: Username to use
mysql_dbi_username = snmpttuser

# MySQL: Password to use
mysql_dbi_password = password

# MySQL: ping the database before attempting an INSERT
# to ensure the connection is still valid. If * any * error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note: This has no effect on mysql_ping_interval.
mysql_ping_on_insert = 1

# MySQL: How often in seconds to ensure the database should be pinged
# connection is still valid. If * any * error is generate by the ping such as
# 'Unable to connect to database', the database
# connection. Set to 0 to disable pinging.
# Note: This has no effect on mysql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
mysql_ping_interval = 300

# PostgreSQL: Set to 1 to enable logging to a PostgreSQL database via DBI (Linux / Windows)
# This requires DBI :: and DBD :: PgPP
postgresql_dbi_enable = 0

# Set to 0 to use the DBD :: PgPP module
# Set to 1 to use the DBD :: Pg module
postgresql_dbi_module = 0

# Set to 0 to disable host and port network support
# Set to 1 to enable host and port network support
# If set to 1, ensure PostgreSQL is configured to allow connections via TCPIP by setting
# tcpip_socket = true in the $ PGDATA / postgresql.conf file
# the SNMPTT server to $ PGDATApg_hba.conf. The common location for the config files for
# RPM installations of PostgreSQL is / var / lib / pgsql / data.
postgresql_dbi_hostport_enable = 0

# PostgreSQL: Hostname of database server (optional - default localhost)
postgresql_dbi_host = localhost

# PostgreSQL: Port number of database server (optional - default 5432)
postgresql_dbi_port = 5432

# PostgreSQL: Database to use
postgresql_dbi_database = snmptt

# PostgreSQL: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to PostgreSQL
# Note: unknown_trap_log_enable must be enabled.
postgresql_dbi_table_unknown = snmptt_unknown

# PostgreSQL: Table to use for statistics
# Note: statistics_interval must be set. See also stat_time_format_sql.
#postgresql_dbi_table_statistics = snmptt_statistics
postgresql_dbi_table_statistics =

# PostgreSQL: Table to use
postgresql_dbi_table = snmptt

# PostgreSQL: Username to use
postgresql_dbi_username = snmpttuser

# PostgreSQL: Password to use
postgresql_dbi_password = password

# PostgreSQL: whether or not to ping the database before attempting an INSERT
# to ensure the connection is still valid. If * any * error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note: This has no effect on postgresqll_ping_interval.
postgresql_ping_on_insert = 1

# PostgreSQL: How often in seconds should the database be pinged to ensure the
# connection is still valid. If * any * error is generate by the ping such as
# 'Unable to connect to database', the database
# connection. Set to 0 to disable pinging.
# Note: This has no effect on postgresql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
postgresql_ping_interval = 300

# ODBC: Set to 1 to enable database via ODBC using DBD :: ODBC.
# This requires both DBI :: and DBD :: ODBC
dbd_odbc_enable = 0

# DBD: ODBC: Database to use
dbd_odbc_dsn = snmptt

# DBD: ODBC: Table to use
dbd_odbc_table = snmptt

# DBD: ODBC: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to DBD: ODBC
# Note: unknown_trap_log_enable must be enabled.
dbd_odbc_table_unknown = snmptt_unknown

# DBD: ODBC: Table to use for statistics
# Note: statistics_interval must be set. See also stat_time_format_sql.
#dbd_odbc_table_statistics = snmptt_statistics
dbd_odbc_table_statistics =

# DBD: ODBC: Username to use
dbd_odbc_username = snmptt

# DBD: DBC :: Password to use
dbd_odbc_password = password

# DBD: ODBC: whether or not to ping the database before attempting an INSERT
# to ensure the connection is still valid. If * any * error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note: This has no effect on dbd_odbc_ping_interval.
dbd_odbc_ping_on_insert = 1

# DBD: ODBC :: How often in seconds the database should be pinged to ensure the
# connection is still valid. If * any * error is generate by the ping such as
# 'Unable to connect to database', the database
# connection. Set to 0 to disable pinging.
# Note: This has no effect on dbd_odbc_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
dbd_odbc_ping_interval = 300

# The date time format for the traptime column in SQL. Defaults to
# localtime (). When a date / time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example: For a MySQL DATETIME, use% Y-% m-% d% H:% M:% S.
#date_time_format_sql =

# The date format for the stat_time column in SQL. Defaults to
# localtime (). When a date / time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example: For a MySQL DATETIME, use% Y-% m-% d% H:% M:% S.
#stat_time_format_sql =

[Exec]

# Set to 1 to allow EXEC statements to execute. Should normally be left on unless you
# want to temporarily disable all EXEC commands
exec_enable = 1

# Set to 1 to allow PREEXEC statements to execute. Should normally be left on unless you
# want to temporarily disable all PREEXEC commands
pre_exec_enable = 1

# If defined, for all unknown traps. Passed to the
# command will be the standard
# but without the newlines.
unknown_trap_exec =

# FORMAT line that is passed to the unknown_trap_exec command. If not defined, it
# defaults to what is described in the unknown_trap_exec setting. The following
# would be * similar * to the default setting described in the unknown_trap_exec setting
# (all on one line):
# $ x !!! $ X: Unknown trap ($ o) received from $ A at: Value 0: $ A Value 1: $ aR
# Value 2: $ T Value 3: $ o Value 4: $ aA Value 5: $ C Value 6: $ e Ent Values: $ + *
unknown_trap_exec_format =

# Set to 1 to escape wildards (* and?) In EXEC, PREEXEC and the unknown_trap_exec
# commands. Enable this to prevent the shell from expanding the wildcard
# characters. The default is 1.
exec_escape = 1

[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
# 2 - out all messages
DEBUGGING = 2

# Debugging file - SNMPTT
# Location of debugging output file. Leave blank to default to STDOUT (good for
# standalone mode, or daemon mode without forking)
DEBUGGING_FILE = /tmp/snmptt.debug
# DEBUGGING_FILE = /var/log/snmptt/snmptt.debug

# Debugging file - SNMPTTHANDLER
# Location of debugging output file. Leave blank to default to STDOUT
DEBUGGING_FILE_HANDLER =
# DEBUGGING_FILE_HANDLER = /var/log/snmptt/snmptthandler.debug

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = << END
/etc/snmp/snmptt.conf
END

Thus, the snmpd daemon listens on the udp port 162 and redirects messages to snmptt. It processes the trap and runs the php script for execution. In the snmptt.ini config, debug mode is enabled, so all incoming traps will be recorded in /tmp/snmptt.debug.

Actually, the processing script itself (I suppose that php and mysql are already installed and configured on the server):

/opt/script.php

 #!/usr/bin/php -q <?php // argv  ,    //$argv[0]       //. /etc/snmp/snmptt.conf . -ip,-Mac-Notification. //ip- $ip=$argv[1]; // mac-notification   mac_msg for($i=2;$i<=count($argv)-2;$i++) { $mac_msg .= $argv[$i]; } //  mac_msg   mac-notification $mac_notification = str_split($mac_msg,22); //   /*  CREATE TABLE IF NOT EXISTS `mac_notification` ( `id` int(11) NOT NULL AUTO_INCREMENT, `date_create` datetime NOT NULL, `status` varchar(20) NOT NULL, `vlan` varchar(250) NOT NULL, `mac` varchar(20) NOT NULL, `interface` int(11) NOT NULL, `ip` varchar(250) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf32 ; */ $CONF_DB = array ( 'host' => 'localhost', 'username' => 'USERNAME', 'password' => 'PASSWORD', 'db_name' => 'mac' ); $dbConnection = new PDO( 'mysql:host='.$CONF_DB['host'].';dbname='.$CONF_DB['db_name'], $CONF_DB['username'], $CONF_DB['password'], array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8") ); $dbConnection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); foreach($mac_notification as $value) { //  mac-notification $status=substr($value,0,2); $vlan=hexdec(substr($value,2,4)); $mac=substr($value,6,12); $mac = mb_strtolower(substr_replace($mac,".",4).substr_replace(substr($mac,4,8),".",4).substr($mac,8,12)); $interface=hexdec(substr($value,20,2)); $stmt = $dbConnection->prepare('INSERT INTO mac_notification (date_create,status,mac,interface,ip,vlan) VALUES (now(), :status, :mac, :interface, :ip, :vlan)'); $stmt->execute(array(':status'=>$status,':mac'=>$mac,':interface'=>$interface,':ip'=>$ip,':vlan'=>$vlan)); } ?>

— snmp . Cisco ftp .

, .

Source: https://habr.com/ru/post/243035/

All Articles

We catch snmp mac-notification traps from Cisco devices

Proceed to setup

More articles: