snmptrapd - Unix, Linux Command

previous next AddThis Social Bookmark Button


snmptrapd - Receive and log SNMP trap messages.




snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages.

Note: the default is to listen on UDP port 162 on all IPv4 interfaces. Since 162 is a privileged port, snmptrapd must typically be run as root.


-a Ignore authenticationFailure traps.
-A Append to the log file rather than truncating it.

Note that this needs to come before any -Lf options that it should apply to.

  Read FILE as a configuration file.
-C Do not read any configuration files except the one optionally specified by the -c option.
-d Dump (in hexadecimal) the sent and received SNMP packets.
-D TOKEN[,...]
  Turn on debugging output for the given TOKEN(s). Try ALL for extremely verbose output.
-e Print event numbers (rising/falling alarm etc.) from the (obsolete) M2M-MIB.
This functionality is being deprecated and will be removed in due course.
-f Do not fork() from the calling shell.
  When logging to standard output, use the format in the string FORMAT. See the section FORMAT SPECIFICATIONS below for more details.
-h, --help
  Display a brief usage message and then exit.
-H Display a list of configuration file directives understood by the trap daemon and then exit.
  Specifies which modules should (or should not) be initialized when the agent starts up. If the comma-separated INITLIST is preceded with a ’-’, it is the list of modules that should not be started. not want to be started. Otherwise, INITLIST Otherwise this is the list of the only modules that should be started.

To get a list of compiled modules, run the agent with the arguments -Dmib_init -H (assuming debugging support has been compiled in).

-L[efos] Specify where logging output should be directed (standard error or output, to a file or via syslog). See LOGGING OPTIONS in snmpcmd(1) for details.
  Specifies a colon separated list of MIB modules to load for this application. This overrides the environment variable MIBS. See snmpcmd(1) for details.
  Specifies a colon separated list of directories to search for MIBs. This overrides the environment variable MIBDIRS. See snmpcmd(1) for details.
-n Do not attempt to translate source addresses of incoming packets into hostnames.
-p FILE Save the process ID of the trap daemon in FILE.
-O [abeEfnqQsStTuUvxX]
  Specifies how MIB objects and other output should be displayed. See the section OUTPUT OPTIONS in the snmpcmd(1) manual page for details.
-t Do not log traps to syslog. This disables logging to syslog. This is useful if you want the snmptrapd application to only run traphandle hooks and not to log any traps to any location.
-v, --version
  Print version information for the trap daemon and then exit.
  Connect to the AgentX master agent on the specified address, rather than the default ’/var/agentx/master’. See snmpd(8) for details of the format of such addresses.
  Allows to specify any token ("name") supported in the snmptrapd.conf file and sets its value to "value". Overrides the corresponding token in the snmptrapd.conf file. See snmptrapd.conf(5) for the full list of tokens.


snmptrapd interprets format strings similarly to printf(3) . It understands the following formatting sequences:

%% a literal %
%a the contents of the agent-addr field of the PDU (v1 TRAPs only)
%A the hostname corresponding to the contents of the agent-addr field of the PDU, if available, otherwise the contents of the agent-addr field of the PDU (v1 TRAPs only).
%b PDU source address (Note: this is not necessarily an IPv4 address)
%B PDU source hostname if available, otherwise PDU source address (see note above)
%h current hour on the local system
%H the hour field from the sysUpTime.0 varbind
%j current minute on the local system
%J the minute field from the sysUpTime.0 varbind
%k current second on the local system
%K the seconds field from the sysUpTime.0 varbind
%l current day of month on the local system
%L the day of month field from the sysUpTime.0 varbind
%m current (numeric) month on the local system
%M the numeric month field from the sysUpTime.0 varbind
%N enterprise string
%q trap sub-type (numeric, in decimal)
%P security information from the PDU (community name for v1/v2c, user and context for v3)
%t decimal number of seconds since the operating system epoch (as returned by time(2) )
%T the value of the sysUpTime.0 varbind in seconds
%v list of variable-bindings from the notification payload. These will be separated by a tab, or by a comma and a blank if the alternate form is requested See also %V
%V specifies the variable-bindings separator. This takes a sequence of characters, up to the next % (to embed a % in the string, use \%)
%w trap type (numeric, in decimal)
%W trap description
%y current year on the local system
%Y the year field from the sysUpTime.0 varbind

In addition to these values, an optional field width and precision may also be specified , just as in printf(3) , and a flag value. The following flags are supported:

- left justify
0 use leading zeros
# use alternate form

The "use alternate form" flag changes the behavior of various format string sequences:

Time information will be displayed based on GMT (rather than the local timezone)
The variable-bindings will be a comma-separated list (rather than a tab-separated one)
The system uptime will be broken down into a human-meaningful format (rather than being a simple integer)


To get a message like "14:03 TRAP3.1 from" you could use something like this:

snmptrapd -P -F "%02.2h:%02.2j TRAP%w.%q from %A\n"

If you want the same thing but in GMT rather than local time, use

snmptrapd -P -F "%#02.2h:%#02.2j TRAP%w.%q from %A\n"


By default, snmptrapd listens for incoming SNMP TRAP and INFORM packets on UDP port 162 on all IPv4 interfaces. However, it is possible to modify this behaviour by specifying one or more listening addresses as arguments to snmptrapd. See the snmpd(8) manual page for more information about the format of listening addresses.


As of net-snmp 5.0, the snmptrapd application supports the NOTIFICATION-LOG-MIB. It does this by opening an AgentX subagent connection to the master snmpd agent and registering the notification log tables. As long as the snmpd application is started first, it will attach itself to it and thus you should be able to view the last recorded notifications via the nlmLogTable and nlmLogVariableTable. See the snmptrapd.conf file and the "dontRetainLogs" token for turning off this support. See the NOTIFICATION-LOG-MIB for more details about the MIB itself.


See the snmptrapd.conf(5) manual page.


previous next Printer Friendly



Kickstart Your Career

Get certified by completing the course

Get Started