How to configure Trap Exploder to write V1 traps to a file

Document ID : KB000010379
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to configure Trap Exploder to write V1 traps to a file so the user has a log of the traps processed by Trap Exploder.

Instructions:

1. Log into the Trap Exploder system

2. Edit the trapexploder.cf file

3. Look for the following section:

# 'file' action:
# This action logs the trap to a file in a human-readable format.  The
# log-file option is the name of the file to log the trap to.
# max-file-size specifies the maximum size that the file can grow to, in
# kilobytes.  When the <log-file> exceeds this size, it is renamed to
# <log-file>.bak, and a new <log-file> is created.  If <log-file>.bak
# already exists when the switchover occurs, it is overwritten.  If
# max-file-size is unspecified or set to 0, then the log file will grow
# indefinitely. the file option is only for V1 trap.
# Format:
#    file log-file [max-file-size]
# filter * * * * * * file /tmp/traps.log 256
# filter * * * * * * file c:\temp\traps.log

4. Add a filter to write the traps to a log file as noted by the instructions above. For example, the following filter will write all traps processed to a file called "/tmp/traps.log" and the maximum size of the file will be 256 kilobytes:

 

filter * * * * * * file /tmp/traps.log 256

5. Save the change to the trapexploder.cf file

6. Restart trapexploder

The following is an example of a trap written to the log file:

 

Trap: 1
        Mon Jul 24 14:53:24 2017
        Src IP: 1.2.3.4
        Agent IP: 4.3.2.1
        Trap Type: Vendor Specific
        Specific Type: 100
        Enterprise: 1.3.6.1.4.1.9999
        Object:1.3.6.1.4.1.9999.1 Value:1