Developing SNMP trap handlers using Net-SNMP

Net-SNMP is used as standard SNMP manager by almost all Linux distribution, which is de facto standard. I had a chance to develop a handler application for SNMP Trap message, and I'd like to write down some of the important stuff.

[Configuration, test, and troubleshooting]

• snmptrapd can send received SNMP trap to stdout with designated format
• Running snmptrapd in foreground and showing logs in stdout
• snmptrapd -f -Lo -c snmptrapd.conf
• If snmptrapd can't receive traps, iptables may block it
• iptables -I INPUT -p udp -m udp --dport 162 -j ACCEPT
• iptables-save > /etc/sysconfig/iptables
• In CentOS, if snmptrapd can't read /etc/snmp/snmptrapd.conf, SELinux  security label may be incorrect
• ls -Z /etc/snmp/snmptrapd.conf (compare labels with other files, e.g. snmpd.conf with ls -Z command)
• chcon system_u:object_r:etc_t:s0 /etc/snmptrapd.conf

[/etc/snmp/snmptrapd.conf example]
disableAuthorization yes
authCommunity log,execute,net public
#logoption -Lf /root/snmp.log
#logOption -Lo

#format execute %B\n%b\n%V\n%v\n <- default
format execute %b\n%V\n%v\n
#man snmptrapd:FORMAT SPECIFICATIONS for format details
# %b: [Protocol(UDP/TCP] source IP:port -> destination IP:port
# %V: separators between trap values
# %v: actual values representation

#format print1
#format print2

traphandle default /Automata/AutomataSnmpTrapReader
# default: handle everything