Discussion:
Forwarding traps preserving Source ip address
(too old to reply)
j***@gmail.com
2016-07-01 00:35:59 UTC
Permalink
Hello
I need to setup a centos 6.7 server as a trap forwarder that preserves the source ip address from the original trap sender. using snmp v2

my snmptrapd.conf is as follows

--
format1 '%a : Trap %#v\n'
format2 '%b : Trap %#v\n'


disableAuthorization yes
authCommunity net public
forward default a.b.c.d public
--
I start snmptrapd with

snmptrapd -f -Le

so I can see what happening
I'm using auth failure traps from one of my servers to get the traps flowing

When I force an auth fail trap I can see the following in the output from the snmptrapd command

'UDP: [10.148.14.40]:64339->[10.148.20.26] : Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3697043320) 427 days, 21:33:53.20, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure, SNMPv2-SMI::enterprises.9.2.1.5.0 = IpAddress: 10.148.2.106, SNMPv2-SMI::enterprises.9.9.412.1.1.1.0 = INTEGER: 1, SNMPv2-SMI::enterprises.9.9.412.1.1.2.0 = STRING: "10.148.2.106"

So its understanding the source address
However the traps always arrive at the receiver with the source IP of the trap forwarding server, not the original source
TCPdump also shows the same on the trap receiver
So I'm wondering if its a very basic thing in my snmptrapd.conf I've mucked up or do I need to start down the line of a trap forwarding script


Any help would be appreciated
Jesús Gálvez Os
2020-08-26 12:39:39 UTC
Permalink
Post by j***@gmail.com
Hello
I need to setup a centos 6.7 server as a trap forwarder that preserves the source ip address from the original trap sender. using snmp v2
my snmptrapd.conf is as follows
--
format1 '%a : Trap %#v\n'
format2 '%b : Trap %#v\n'
disableAuthorization yes
authCommunity net public
forward default a.b.c.d public
--
I start snmptrapd with
snmptrapd -f -Le
so I can see what happening
I'm using auth failure traps from one of my servers to get the traps flowing
When I force an auth fail trap I can see the following in the output from the snmptrapd command
'UDP: [10.148.14.40]:64339->[10.148.20.26] : Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3697043320) 427 days, 21:33:53.20, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure, SNMPv2-SMI::enterprises.9.2.1.5.0 = IpAddress: 10.148.2.106, SNMPv2-SMI::enterprises.9.9.412.1.1.1.0 = INTEGER: 1, SNMPv2-SMI::enterprises.9.9.412.1.1.2.0 = STRING: "10.148.2.106"
So its understanding the source address
However the traps always arrive at the receiver with the source IP of the trap forwarding server, not the original source
TCPdump also shows the same on the trap receiver
So I'm wondering if its a very basic thing in my snmptrapd.conf I've mucked up or do I need to start down the line of a trap forwarding script
Any help would be appreciated
Did you solve the problem?
--
Este e-mail y cualquier documento anexo contienen información privada y
confidencial única y exclusivamente para el destinatario. Si usted no es el
destinatario, no tiene autorización para leer, copiar, usar o distribuir el
e-mail y el/los documento anexos. En caso de haber recibido esta
comunicación por error, le rogamos que lo remita al emisor y lo destruya
posteriormente.****




This e-mail and any attachment contain information,
which is private and confidential and is intended for the addressee only.
If you are not an addressee, you are not authorized to read, copy, use or
distribute this communication. If you have received this e-mail in error,
please notify the sender by return e-mail.****

** 
Loading...