Updated snmptraps image. Fixed source IP handling and trap format

snmptraps/alpine/Dockerfile

@@ -5,7 +5,8 @@ ARG ZBX_VERSION=${MAJOR_VERSION}
 ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
+    MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
+    ZBX_SNMP_TRAP_DATE_FORMAT=+%Y%m%d.%H%M%S ZBX_SNMP_TRAP_FORMAT=" "
 
 LABEL org.opencontainers.image.title="zabbix-snmptraps-alpine" \
       org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@@ -31,6 +32,7 @@ RUN set -eux && \
     adduser zabbix root && \
     apk update && \
     apk add --clean-protected --no-cache \
+            bash \
             tzdata \
             net-snmp && \
     touch /var/lib/net-snmp/snmptrapd.conf && \
@@ -50,6 +52,7 @@ VOLUME ["/var/lib/zabbix/snmptraps"]
 
 COPY ["conf/etc/logrotate.d/zabbix_snmptraps", "/etc/logrotate.d/"]
 COPY ["conf/etc/snmp/snmptrapd.conf", "/etc/snmp/"]
+COPY ["conf/usr/sbin/zabbix_trap_handler.sh", "/usr/sbin/"]
 
 USER 1997
 

snmptraps/alpine/conf/etc/snmp/snmptrapd.conf

@@ -1,13 +1,31 @@
-snmpTrapdAddr udp:0.0.0.0:1162
+# A list of listening addresses, on which to receive incoming SNMP notifications
+snmpTrapdAddr udp:1162
+snmpTrapdAddr udp6:1162
 
+# Do not fork from the calling shell
 doNotFork yes
+# File in which to store the process ID of the notification receiver
 pidFile /tmp/snmptrapd.pid
+# Disables support for the NOTIFICATION-LOG-MIB
 doNotRetainNotificationLogs yes
 
 authCommunity log,execute,net public
 disableAuthorization yes
+ignoreAuthFailure yes
 
-format1 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
-format2 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
+# Specify the format used for trap handle location
+#format execute %B\n%b\n%V\n%v\n
 
-[snmp] logOption f /var/lib/zabbix/snmptraps/snmptraps.log
+# o - Log messages to the standard output stream.
+# logOption o
+
+# S - Display the name of the MIB, as well as the object name (This is the default OID output format)
+# T - If values are printed as Hex strings, display a printable version as well
+# t - Display TimeTicks values as raw numbers
+# e - Removes the symbolic labels from enumeration values
+#
+outputOption STte
+
+# Invokes the specified program (with the given arguments) whenever a notification
+# is received that matches the OID token
+traphandle default /bin/bash /usr/sbin/zabbix_trap_handler.sh

snmptraps/alpine/conf/usr/sbin/zabbix_trap_handler.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+ZABBIX_TRAPS_FILE="/var/lib/zabbix/snmptraps/snmptraps.log"
+
+ZBX_SNMP_TRAP_DATE_FORMAT=${ZBX_SNMP_TRAP_DATE_FORMAT:-"+%Y%m%d.%H%M%S"}
+
+ZBX_SNMP_TRAP_FORMAT=${ZBX_SNMP_TRAP_FORMAT:"\n"}
+
+date=$(date "$ZBX_SNMP_TRAP_DATE_FORMAT")
+
+# The name of the host that sent the notification, as determined by gethostbyaddr(3).
+# In fact this line is irrelevant and useless since snmptrapd basically attempts to
+# perform reverse name lookup for the transport address (see below).
+# In case of failure it will print "<UNKNOWN>"
+read host
+# The transport address, like "[UDP: [172.16.10.12]:23456->[10.150.0.8]]"
+read sender
+# The first OID should always be SNMPv2-MIB::sysUpTime.0
+#read uptime
+# the second should be SNMPv2-MIB::snmpTrapOID.0
+#read trapoid
+
+# The remaining lines will contain the payload varbind list. For SNMPv1 traps, the final OID will be SNMPv2-MIB::snmpTrapEnterprise.0.
+vars=
+while read oid val
+do
+    if [ "$vars" = "" ]
+    then
+        vars="$oid = $val"
+    else
+        vars="$vars$ZBX_SNMP_TRAP_FORMAT$oid = $val"
+    fi
+
+    if [[ "$oid" =~ snmpTrapAddress\.0 ]] || [[ "$oid" =~ 1\.3\.6\.1\.6\.3\.18\.1\.3\.0 ]]; then
+        trap_address=$val
+    fi
+done
+
+[[ ${sender} =~ \[(.*?)\].*\-\> ]] && sender_addr=${BASH_REMATCH[1]}
+
+! [ -z $trap_address ] && sender_addr=$trap_address
+
+echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

snmptraps/centos/Dockerfile

@@ -5,7 +5,8 @@ ARG ZBX_VERSION=${MAJOR_VERSION}
 ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
+    MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
+    ZBX_SNMP_TRAP_DATE_FORMAT=+%Y%m%d.%H%M%S ZBX_SNMP_TRAP_FORMAT=" "
 
 LABEL org.opencontainers.image.title="zabbix-snmptraps-centos" \
       org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@@ -35,7 +36,7 @@ RUN set -eux && \
     mkdir -p /var/lib/zabbix && \
     mkdir -p /var/lib/zabbix/snmptraps && \
     mkdir -p /var/lib/zabbix/mibs && \
-     touch /var/lib/net-snmp/snmptrapd.conf && \
+    touch /var/lib/net-snmp/snmptrapd.conf && \
     chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \
     chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \
     chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \
@@ -51,6 +52,7 @@ VOLUME ["/var/lib/zabbix/snmptraps"]
 
 COPY ["conf/etc/logrotate.d/zabbix_snmptraps", "/etc/logrotate.d/"]
 COPY ["conf/etc/snmp/snmptrapd.conf", "/etc/snmp/"]
+COPY ["conf/usr/sbin/zabbix_trap_handler.sh", "/usr/sbin/"]
 
 USER 1997
 

snmptraps/centos/conf/etc/snmp/snmptrapd.conf

@@ -1,13 +1,31 @@
-snmpTrapdAddr udp:0.0.0.0:1162
+# A list of listening addresses, on which to receive incoming SNMP notifications
+snmpTrapdAddr udp:1162
+snmpTrapdAddr udp6:1162
 
+# Do not fork from the calling shell
 doNotFork yes
+# File in which to store the process ID of the notification receiver
 pidFile /tmp/snmptrapd.pid
+# Disables support for the NOTIFICATION-LOG-MIB
 doNotRetainNotificationLogs yes
 
 authCommunity log,execute,net public
 disableAuthorization yes
+ignoreAuthFailure yes
 
-format1 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
-format2 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
+# Specify the format used for trap handle location
+#format execute %B\n%b\n%V\n%v\n
 
-[snmp] logOption f /var/lib/zabbix/snmptraps/snmptraps.log
+# o - Log messages to the standard output stream.
+# logOption o
+
+# S - Display the name of the MIB, as well as the object name (This is the default OID output format)
+# T - If values are printed as Hex strings, display a printable version as well
+# t - Display TimeTicks values as raw numbers
+# e - Removes the symbolic labels from enumeration values
+#
+outputOption STte
+
+# Invokes the specified program (with the given arguments) whenever a notification
+# is received that matches the OID token
+traphandle default /bin/bash /usr/sbin/zabbix_trap_handler.sh

snmptraps/centos/conf/usr/sbin/zabbix_trap_handler.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+ZABBIX_TRAPS_FILE="/var/lib/zabbix/snmptraps/snmptraps.log"
+
+ZBX_SNMP_TRAP_DATE_FORMAT=${ZBX_SNMP_TRAP_DATE_FORMAT:-"+%Y%m%d.%H%M%S"}
+
+ZBX_SNMP_TRAP_FORMAT=${ZBX_SNMP_TRAP_FORMAT:"\n"}
+
+date=$(date "$ZBX_SNMP_TRAP_DATE_FORMAT")
+
+# The name of the host that sent the notification, as determined by gethostbyaddr(3).
+# In fact this line is irrelevant and useless since snmptrapd basically attempts to
+# perform reverse name lookup for the transport address (see below).
+# In case of failure it will print "<UNKNOWN>"
+read host
+# The transport address, like "[UDP: [172.16.10.12]:23456->[10.150.0.8]]"
+read sender
+# The first OID should always be SNMPv2-MIB::sysUpTime.0
+#read uptime
+# the second should be SNMPv2-MIB::snmpTrapOID.0
+#read trapoid
+
+# The remaining lines will contain the payload varbind list. For SNMPv1 traps, the final OID will be SNMPv2-MIB::snmpTrapEnterprise.0.
+vars=
+while read oid val
+do
+    if [ "$vars" = "" ]
+    then
+        vars="$oid = $val"
+    else
+        vars="$vars$ZBX_SNMP_TRAP_FORMAT$oid = $val"
+    fi
+
+    if [[ "$oid" =~ snmpTrapAddress\.0 ]] || [[ "$oid" =~ 1\.3\.6\.1\.6\.3\.18\.1\.3\.0 ]]; then
+        trap_address=$val
+    fi
+done
+
+[[ ${sender} =~ \[(.*?)\].*\-\> ]] && sender_addr=${BASH_REMATCH[1]}
+
+! [ -z $trap_address ] && sender_addr=$trap_address
+
+echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE

snmptraps/ubuntu/Dockerfile

@@ -5,7 +5,8 @@ ARG ZBX_VERSION=${MAJOR_VERSION}
 ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
+    MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
+    ZBX_SNMP_TRAP_DATE_FORMAT=+%Y%m%d.%H%M%S ZBX_SNMP_TRAP_FORMAT=" "
 
 LABEL org.opencontainers.image.title="zabbix-snmptraps-ubuntu" \
       org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@@ -50,6 +51,7 @@ VOLUME ["/var/lib/zabbix/snmptraps"]
 
 COPY ["conf/etc/logrotate.d/zabbix_snmptraps", "/etc/logrotate.d/"]
 COPY ["conf/etc/snmp/snmptrapd.conf", "/etc/snmp/"]
+COPY ["conf/usr/sbin/zabbix_trap_handler.sh", "/usr/sbin/"]
 
 USER 1997
 

snmptraps/ubuntu/conf/etc/snmp/snmptrapd.conf

@@ -1,13 +1,31 @@
-snmpTrapdAddr udp:0.0.0.0:1162
+# A list of listening addresses, on which to receive incoming SNMP notifications
+snmpTrapdAddr udp:1162
+snmpTrapdAddr udp6:1162
 
+# Do not fork from the calling shell
 doNotFork yes
+# File in which to store the process ID of the notification receiver
 pidFile /tmp/snmptrapd.pid
+# Disables support for the NOTIFICATION-LOG-MIB
 doNotRetainNotificationLogs yes
 
 authCommunity log,execute,net public
 disableAuthorization yes
+ignoreAuthFailure yes
 
-format1 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
-format2 %V\n%.4y%.2m%.2l.%.2h:%.2j:%.2k ZBXTRAP %A\n%b\n%v\n
+# Specify the format used for trap handle location
+#format execute %B\n%b\n%V\n%v\n
 
-[snmp] logOption f /var/lib/zabbix/snmptraps/snmptraps.log
+# o - Log messages to the standard output stream.
+# logOption o
+
+# S - Display the name of the MIB, as well as the object name (This is the default OID output format)
+# T - If values are printed as Hex strings, display a printable version as well
+# t - Display TimeTicks values as raw numbers
+# e - Removes the symbolic labels from enumeration values
+#
+outputOption STte
+
+# Invokes the specified program (with the given arguments) whenever a notification
+# is received that matches the OID token
+traphandle default /bin/bash /usr/sbin/zabbix_trap_handler.sh

snmptraps/ubuntu/conf/usr/sbin/zabbix_trap_handler.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+ZABBIX_TRAPS_FILE="/var/lib/zabbix/snmptraps/snmptraps.log"
+
+ZBX_SNMP_TRAP_DATE_FORMAT=${ZBX_SNMP_TRAP_DATE_FORMAT:-"+%Y%m%d.%H%M%S"}
+
+ZBX_SNMP_TRAP_FORMAT=${ZBX_SNMP_TRAP_FORMAT:"\n"}
+
+date=$(date "$ZBX_SNMP_TRAP_DATE_FORMAT")
+
+# The name of the host that sent the notification, as determined by gethostbyaddr(3).
+# In fact this line is irrelevant and useless since snmptrapd basically attempts to
+# perform reverse name lookup for the transport address (see below).
+# In case of failure it will print "<UNKNOWN>"
+read host
+# The transport address, like "[UDP: [172.16.10.12]:23456->[10.150.0.8]]"
+read sender
+# The first OID should always be SNMPv2-MIB::sysUpTime.0
+#read uptime
+# the second should be SNMPv2-MIB::snmpTrapOID.0
+#read trapoid
+
+# The remaining lines will contain the payload varbind list. For SNMPv1 traps, the final OID will be SNMPv2-MIB::snmpTrapEnterprise.0.
+vars=
+while read oid val
+do
+    if [ "$vars" = "" ]
+    then
+        vars="$oid = $val"
+    else
+        vars="$vars$ZBX_SNMP_TRAP_FORMAT$oid = $val"
+    fi
+
+    if [[ "$oid" =~ snmpTrapAddress\.0 ]] || [[ "$oid" =~ 1\.3\.6\.1\.6\.3\.18\.1\.3\.0 ]]; then
+        trap_address=$val
+    fi
+done
+
+[[ ${sender} =~ \[(.*?)\].*\-\> ]] && sender_addr=${BASH_REMATCH[1]}
+
+! [ -z $trap_address ] && sender_addr=$trap_address
+
+echo -e "$date ZBXTRAP $sender_addr$ZBX_SNMP_TRAP_FORMAT$vars" >> $ZABBIX_TRAPS_FILE