For the past month or so I’ve been working on a really time consuming project for work. Not only that it’s also a tricky one that has a lot of eyes on it from the upper ranks.
While we (the team I’m on) were busy trying to pinpoint the location of some random packet loss in the network, the vendor recommended that we enable some snmp traps to get alarms when the issue begins. The only other way to see any issues was via command line interface, which involved a whole lot of sitting and staring at a screen.
Well it took me a few days but I manged to instal an snmptrap viewer on my windows box real quick, but the down side is I still had to sit here watching it to let them know when it was occuring. Then it occured to me that most unix distributions probably have snmp installed or available. So I upgraded my test box to Ubuntu 9.04 and installed snmptrapd (which is really easy on ubuntu….just type snmptrapd at the terminal and you’ll get directions on what to do….doesn’t get easier). After a little research I made a few updates to the /etc/snmp/snmptrapd.conf file:
logOption f /var/log/snmptraps.log
That way it logged it locally, and by disabling auth I didn’t have to specify any community strings or anything. The only thing that tripped me up was when I installed ssh I locked down the hosts.allow file and totally forgot to put snmptrapd in there. Took a good 45 minutes for me to figure that out.
Now if I really wanted to I could install sendmail (or postfix or ssmtp) and write up a shell script to email me if any alarms came in that I needed to know about.