Description | This article describes where to find the log files when looking for SNMP traps. |
Scope | FortiMonitor. |
Solution |
It is possible to verify that SNMP traps are running successfully by accessing the log files on the OnSight vCollector located in:
/var/log/appliance-snmp-traps/
SSH to the OnSight vCollector.
Type the command below to access the shell:
#sudo onsight shell
Navigate to the directory.
#cd /var/log/appliance-snmp-traps snmp-trap-receiver.log
These logs when the traps are created and received. Included in this log are the SNMP version, serial number of device, IP address, port and URL.
2021-09-30 06:47:07,925 INFO SNMP Trap Receiver started, listening on port 162 2021-09-30 06:50:22,553 INFO v2c trap received from 192.168.254.2: 1.3.6.1.6.3.1.1.5.4 2021-09-30 06:50:22,553 INFO Trap payload: {'1.3.6.1.4.1.12356.106.1.1.1.0': 'device serial number', '1.3.6.1.2.1.1.3.0': '1169784705', '1.3.6.1.2.1.2.2.1.8.12': '1', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.2.2.1.2.12': 'port12', '1.3.6.1.2.1.1.5.0': 'customer url'} 2021-09-30 06:50:22,560 INFO Created trap queue entry 3986 2021-09-30 06:50:31,993 INFO v2c trap received from 192.168.254.2: 1.3.6.1.6.3.1.1.5.3 2021-09-30 06:50:31,993 INFO Trap payload: {'1.3.6.1.4.1.12356.106.1.1.1.0': ''device serial number', '1.3.6.1.2.1.1.3.0': '1169785649', '1.3.6.1.2.1.2.2.1.8.12': '2', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.2.2.1.2.12': 'port12', '1.3.6.1.2.1.1.5.0': 'customer url'} 2021-09-30 06:50:31,995 INFO Created trap queue entry 3987 2021-09-30 06:51:21,009 INFO v2c trap received from 10.10.0.2: 1.3.6.1.4.1.12356.101.2.0.505 2021-09-30 06:51:21,009 INFO Trap payload: {'1.3.6.1.2.1.1.5.0': 'customer url', '1.3.6.1.2.1.1.3.0': '349642940', '1.3.6.1.4.1.12356.100.1.1.1.0': 'device serial number'} 2021-09-30 06:51:21,011 INFO Created trap queue entry 3988 2021-09-30 06:52:01,766 INFO v2c trap received from 10.10.0.2: 1.3.6.1.6.3.1.1.5.4 2021-09-30 06:52:01,766 INFO Trap payload: {'1.3.6.1.2.1.1.3.0': '349647016', '1.3.6.1.4.1.12356.100.1.1.1.0': 'device serial number', '1.3.6.1.2.1.2.2.1.8.12': '1', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.31.1.1.1.1.12': 'lan1', '1.3.6.1.2.1.2.2.1.2.12': '', '1.3.6.1.2.1.1.5.0': 'customer url'} snmp-trap-filter.log
This generates an entry every 5 seconds to indicate if it has done any filtering.
2021-09-30 06:51:24,678 INFO Filtering trap 3988 and adding to cache 2021-09-30 06:51:29,694 INFO Found 0 traps to filter 2021-09-30 06:51:34,701 INFO Found 0 traps to filter 2021-09-30 06:52:04,740 INFO Filtering trap 3989 and adding to cache 2021-09-30 06:52:04,750 INFO Filtering trap 3990 and adding to cache/var/log/appliance-snmp-traps/ |