Description | This article describes where to find the log files when looking for SNMP traps. |
Scope | FortiMonitor. |
Solution |
It is possible to verify that SNMP traps are running successfully by accessing the log files on the OnSight vCollector located in:
/var/log/appliance-snmp-traps/
SSH to the OnSight vCollector.
Type the command below to access the shell:
#sudo onsight shell
Navigate to the directory.
#cd /var/log/appliance-snmp-traps snmp-trap-receiver.log
These logs when the traps are created and received. Included in this log are the SNMP version, serial number of device, IP address, port and URL.
2021-09-30 06:47:07,925 INFO SNMP Trap Receiver started, listening on port 162 2021-09-30 06:50:22,553 INFO v2c trap received from 192.168.254.2: 1.3.6.1.6.3.1.1.5.4 2021-09-30 06:50:22,553 INFO Trap payload: {'1.3.6.1.4.1.12356.106.1.1.1.0': 'device serial number', '1.3.6.1.2.1.1.3.0': '1169784705', '1.3.6.1.2.1.2.2.1.8.12': '1', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.2.2.1.2.12': 'port12', '1.3.6.1.2.1.1.5.0': 'customer url'} 2021-09-30 06:50:22,560 INFO Created trap queue entry 3986 2021-09-30 06:50:31,993 INFO v2c trap received from 192.168.254.2: 1.3.6.1.6.3.1.1.5.3 2021-09-30 06:50:31,993 INFO Trap payload: {'1.3.6.1.4.1.12356.106.1.1.1.0': ''device serial number', '1.3.6.1.2.1.1.3.0': '1169785649', '1.3.6.1.2.1.2.2.1.8.12': '2', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.2.2.1.2.12': 'port12', '1.3.6.1.2.1.1.5.0': 'customer url'} 2021-09-30 06:50:31,995 INFO Created trap queue entry 3987 2021-09-30 06:51:21,009 INFO v2c trap received from 10.10.0.2: 1.3.6.1.4.1.12356.101.2.0.505 2021-09-30 06:51:21,009 INFO Trap payload: {'1.3.6.1.2.1.1.5.0': 'customer url', '1.3.6.1.2.1.1.3.0': '349642940', '1.3.6.1.4.1.12356.100.1.1.1.0': 'device serial number'} 2021-09-30 06:51:21,011 INFO Created trap queue entry 3988 2021-09-30 06:52:01,766 INFO v2c trap received from 10.10.0.2: 1.3.6.1.6.3.1.1.5.4 2021-09-30 06:52:01,766 INFO Trap payload: {'1.3.6.1.2.1.1.3.0': '349647016', '1.3.6.1.4.1.12356.100.1.1.1.0': 'device serial number', '1.3.6.1.2.1.2.2.1.8.12': '1', '1.3.6.1.2.1.2.2.1.7.12': '1', '1.3.6.1.2.1.2.2.1.1.12': '12', '1.3.6.1.2.1.31.1.1.1.1.12': 'lan1', '1.3.6.1.2.1.2.2.1.2.12': '', '1.3.6.1.2.1.1.5.0': 'customer url'} snmp-trap-filter.log
This generates an entry every 5 seconds to indicate if it has done any filtering.
2021-09-30 06:51:24,678 INFO Filtering trap 3988 and adding to cache 2021-09-30 06:51:29,694 INFO Found 0 traps to filter 2021-09-30 06:51:34,701 INFO Found 0 traps to filter 2021-09-30 06:52:04,740 INFO Filtering trap 3989 and adding to cache 2021-09-30 06:52:04,750 INFO Filtering trap 3990 and adding to cache/var/log/appliance-snmp-traps/ |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.