.\" /*********************************************************** .\" Copyright 1989 by Carnegie Mellon University .\" .\" All Rights Reserved .\" .\" Permission to use, copy, modify, and distribute this software and its .\" documentation for any purpose and without fee is hereby granted, .\" provided that the above copyright notice appear in all copies and that .\" both that copyright notice and this permission notice appear in .\" supporting documentation, and that the name of CMU not be .\" used in advertising or publicity pertaining to distribution of the .\" software without specific, written prior permission. .\" .\" CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING .\" ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL .\" CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR .\" ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, .\" WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, .\" ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS .\" SOFTWARE. .\" ******************************************************************/ .TH SNMPTRAPD 8 "07 Aug 2001" .UC 4 .SH NAME snmptrapd - Receive and log snmp trap messages. .SH SYNOPSIS snmptrapd [common options] [-P] [-o file] [-s] [-f] [-p port] [-e] [-l [d0-7]] [-a] [-C] [-c confFile] [-F FORMAT] .SH DESCRIPTION Snmptrapd is an SNMP application that receives and logs snmp trap messages sent to the SNMP-TRAP port (162) on the local machine. .PP The log messages are of the form: .br .I Sep 17 22:39:52 suffern snmptrapd: 128.2.13.41: .I Cold Start Trap (0) Uptime: .I 8 days, 0:35:46 .PP .I Snmptrapd must be run as root so that UDP port 162 can be opened. .SH COMMAND LINE ARGUMENTS In addition to the command arguments described under .IR snmpcmd (1) the following arguments are understood: .IP "-P" Print the logged messages to stderr. .IP "-o file" Logs messages to a given file. .IP "-p port" Specifies the port to run on, if the default 162 is not desired. .IP "-s" Log the messages to syslog(8). These syslog messages are sent with the level of LOG_WARNING, and to the LOG_LOCAL0 facility (by default). The demon will also fork away from its caller when the syslog facilities are used. This is the default unless the '-P' flag or '-o' flag is used. .IP "-n" Don't do reverse translation from IP address to host name. .IP "-l [d0-7]" Specifies the syslog facility to use, demon or local[0-7]. .IP "-a" makes .I snmptrapd ignore AuthenticationFailure traps .IP "-d" Causes the application to dump input and output packets. .IP "-D" Turn debugging output on. .IP "-f" Don't fork away from the caller when using syslog(). .IP "-C" Don't read the default set of configuration files. .IP "-c confFile" Force the reading of confFile as a configuration file. .IP "-F FORMAT" When logging to standard output, use the format in the string FORMAT. .PP FORMAT is a printf-like string. .I Snmptrapd interprets the following formatting sequences: .TP %% a literal % .TP %t decimal number of seconds since the operating system's epoch .TP %y current year .TP %m current (numeric) month .TP %l current day of month .TP %h current hour .TP %j current minute .TP %k current second .TP %T up-time in seconds (in decimal) .TP %Y the year field from the up-time .TP %M the numeric month field from the up-time .TP %L the day of month field from the up-time .TP %H the hour field from the up-time .TP %J the minute field from the up-time .TP %K the seconds field from the up-time .TP %A agent's hostname if available, otherwise IP address .TP %a agent's IP address .TP %B PDU's hostname if available, otherwise IP address .TP %b PDU's IP address .TP %N Enterprise string .TP %w Trap type (numeric, in decimal) .TP %W Trap description .TP %q Trap sub-type (numeric, in decimal) .TP %P Security information from the PDU (community name for v1/v2c, user and context for v3) .TP %v list of trap's variables .PP In addition to these values, you may also specify an optional field width and precision, just as in printf, and a flag value. The following flags are legal: .TP - left justify .TP 0 use leading zeros .TP # use alternate form .PP The "use alternate form" flag changes the behavior of some format flags. Normally, the fields that display time information base it on the local time, but this flag tells them to use GMT instead. Also, the variable list is normally a tab-separated list, but this flag changes it to a comma-separated one. The alternate form for the uptime is similar to "3 days, 0:14:34.65" .PP Examples: .PP To get a message like "14:03 TRAP3.1 from humpty.ucd.edu" you could use something like this: .PP .RS .NF snmptrapd -P -F "%02.2h:%02.2j TRAP%w.%q from %A\en" .FI .RE .PP If you want the same thing but in GMT rather than local time, use .PP .RS .NF snmptrapd -P -F "%#02.2h:%#02.2j TRAP%w.%q from %A\en" .FI .RE .PP .SH EXTENSIBILITY AND CONFIGURATION See the snmptrapd.conf(5) manual page. .PP .SH "SEE ALSO" snmpcmd(1), syslog(8), variables(5)