1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
7 Logging is controlled by the configuration provided to **SNMPTRAP** by CBS,
8 or via the fallback config file specified as the environment
9 variable "CBS_SIM_JSON" at startup. The section of that JSON configuration
10 that influences the various forms of application logging is referenced
11 throughout this document, with examples.
13 Using the JSON configuration, a base directory is specified for application
14 data and EELF log files. Specific filenames (again, from the JSON
15 config) are appended to the base directory value to create a full-path
16 filename for use by SNMPTRAP.
18 Also available is the ability to modify how frequently logs are rolled to
19 time-stamped versions (and a new empty file is started) as well as what
20 severity level to log to program diagnostic logs. Files will be rolled to
21 an archived/timestamped version hourly. The actual archival (to a
22 timestamped filename) occurs when the first trap is
23 received **in a new hour** (or minute, or day - depending
24 on "roll_frequency" value).
26 Defaults are shown below:
33 "roll_frequency": "hour",
34 "minimum_severity_to_log": 2
40 Where to Access Information: APPLICATION DATA (TRAPS)
41 -----------------------------------------------------
43 APPLICATION DATA (TRAPS)
44 ^^^^^^^^^^^^^^^^^^^^^^^^
46 **SNMPTRAP** produces application-specific logs (e.g. trap logs/payloads,
47 etc) as well as various other statistical and diagnostic logs. The
48 location of these logs is controlled by the JSON config, using these
54 "**runtime_base_dir**": "/opt/app/snmptrap",
58 "arriving_traps_log": "snmptrapd_arriving_traps.log",
59 "snmptrapd_diag": "snmptrapd_prog_diag.log",
60 "traps_stats_log": "snmptrapd_stats.csv",
61 "perm_status_file": "snmptrapd_status.log",
62 "roll_frequency": "hour",
63 "minimum_severity_to_log": 2
68 The base directory for all data logs is specified with:
72 Remaining log file references are appended to the *runtime_base_dir*
73 value to specify a logfile location. The result using the
74 above example would create the files:
78 /opt/app/snmptrap/logs/snmptrapd_arriving_traps.log
79 /opt/app/snmptrap/logs/snmptrapd_prog_diag.log
80 /opt/app/snmptrap/logs/snmptrapd_stats.csv
81 /opt/app/snmptrap/logs/snmptrapd_status.log
87 **SNMPTRAP** logs all arriving traps. These traps are saved in a
88 filename created by appending *runtime_base_dir*, *log_dir*
89 and *arriving_traps_log* from the JSON config. Using the example
90 above, the resulting arriving trap log would be:
94 /opt/app/snmptrap/logs/snmptrapd_arriving_traps.log
96 An example from this log is shown below:
100 1529960544.4896748 Mon Jun 25 17:02:24 2018; Mon Jun 25 17:02:24 2018 com.att.dcae.dmaap.IST3.DCAE-COLLECTOR-UCSNMP 15299605440000 1.3.6.1.4.1.999.0.1 server001 127.0.0.1 server001 v2c 751564798 0f40196a-78bb-11e8-bac7-005056865aac , "varbinds": [{"varbind_oid": "1.3.6.1.4.1.999.0.1.1", "varbind_type": "OctetString", "varbind_value": "TEST TRAP"}]
102 *(Add: varbind type enumerations)*
107 SNMPTRAP's first priority is to receive and decode SNMP traps, then
108 publish the results to a configured DMAAP/MR message bus. Traps that
109 are successfully published (e.g. publish attempt gets a "200/ok"
110 response from the DMAAP/MR server) are logged to a file named by
111 the technology being used combined with the topic being published to.
113 If you find a trap in this published log, it has been acknowledged as
114 received by DMAAP/MR. If consumers complain of "missing traps", the
115 source of the problem will be downstream (*not with SNMPTRAP*) if
116 the trap has been logged here.
118 For example, with a json config of:
126 "topic_url": "http://172.17.0.1:3904/events/ONAP-COLLECTOR-SNMPTRAP"
133 "**runtime_base_dir**": "/opt/app/snmptrap",
135 result in traps that are confirmed (200/ok) as published logged to the file:
139 /opt/app/snmptrap/logs/DMAAP_ONAP-COLLECTOR-SNMPTRAP.json
141 An example from this JSON log is shown below:
146 "uuid": "0f40196a-78bb-11e8-bac7-005056865aac",
147 "agent address": "127.0.0.1",
148 "agent name": "server001",
149 "cambria.partition": "server001",
152 "epoch_serno": 15299605440000,
153 "protocol version": "v2c",
154 "time received": 1529960544.4896748,
155 "trap category": "DCAE-COLLECTOR-UCSNMP",
156 "sysUptime": "751564798",
157 "notify OID": "1.3.6.1.4.1.999.0.1",
161 "varbind_oid": "1.3.6.1.4.1.999.0.1.1",
162 "varbind_type": "OctetString",
163 "varbind_value": "TEST TRAP"
173 For program/operational logging, **SNMPTRAP** follows the EELF logging
174 convention. Please be aware that the EELF specification results in
175 messages spread across various files. Some work may be required to
176 find the right location (file) that contains the message you are
179 EELF logging is controlled by the configuration provided
180 to **SNMPTRAP** by CBS, or via the fallback config file specified
181 as an environment variable "CBS_SIM_JSON" at startup. The section
182 of that JSON configuration that influences EELF logging is:
189 "**eelf_base_dir**": "/opt/app/snmptrap/logs",
190 "eelf_error": "error.log",
191 "eelf_debug": "debug.log",
192 "eelf_audit": "audit.log",
193 "eelf_metrics": "metrics.log",
194 "roll_frequency": "hour",
200 The base directory for all EELF logs is specified with:
204 Remaining eelf_<file> references are appended to the eelf_base_dir value
205 to specify a logfile location. The result using the above example would
210 /opt/app/snmptrap/logs/error.log
211 /opt/app/snmptrap/logs/debug.log
212 /opt/app/snmptrap/logs/audit.log
213 /opt/app/snmptrap/logs/metrics.log
215 Again using the above example configuration, these files will be rolled
216 to an archived/timestamped version hourly. The actually archival (to a
217 timestamped filename) occurs when the first trap is
218 received **in a new hour** (or minute, or day - depending
219 on "roll_frequency" value).
221 Error / Warning Messages
222 ------------------------
227 Detailed application log messages can be found in "snmptrapd_diag" (JSON
228 config reference). These can be very verbose and roll quickly
229 depending on trap arrival rates, number of varbinds encountered,
230 minimum_severity_to_log setting in JSON config, etc.
232 In the default config, this file can be found at:
236 /opt/app/snmptrap/logs/snmptrapd_diag.log
238 Messages will be in the general format of:
242 2018-04-25T17:28:10,305|<module>|snmptrapd||||INFO|100||arriving traps logged to: /opt/app/snmptrap/logs/snmptrapd_arriving_traps.log
243 2018-04-25T17:28:10,305|<module>|snmptrapd||||INFO|100||published traps logged to: /opt/app/snmptrap/logs/DMAAP_com.att.dcae.dmaap.IST3.DCAE-COLLECTOR-UCSNMP.json
244 2018-04-25T17:28:10,306|<module>|snmptrapd||||INFO|100||Runtime PID file: /opt/app/snmptrap/tmp/snmptrapd.py.pid
245 2018-04-25T17:28:48,019|snmp_engine_observer_cb|snmptrapd||||DETAILED|100||snmp trap arrived from 192.168.1.139, assigned uuid: 1cd77e98-48ae-11e8-98e5-005056865aac
246 2018-04-25T17:28:48,023|snmp_engine_observer_cb|snmptrapd||||DETAILED|100||dns cache expired or missing for 192.168.1.139 - refreshing
247 2018-04-25T17:28:48,027|snmp_engine_observer_cb|snmptrapd||||DETAILED|100||cache for server001 (192.168.1.139) updated - set to expire at 1524677388
248 2018-04-25T17:28:48,034|snmp_engine_observer_cb|snmptrapd||||DETAILED|100||snmp trap arrived from 192.168.1.139, assigned uuid: 0f40196a-78bb-11e8-bac7-005056
249 2018-04-25T17:28:48,036|notif_receiver_cb|snmptrapd||||DETAILED|100||processing varbinds for 0f40196a-78bb-11e8-bac7-005056
250 2018-04-25T17:28:48,040|notif_receiver_cb|snmptrapd||||DETAILED|100||adding 0f40196a-78bb-11e8-bac7-005056 to buffer
252 2018-06-25T21:02:24,491|notif_receiver_cb|snmptrapd||||DETAILED|100||trap 0f40196a-78bb-11e8-bac7-005056865aac : {"uuid": "0f40196a-78bb-11e8-bac7-005056865aac", "agent address": "192.168.1.139", "agent name": "server001", "cambria.partition": "server001", "community": "", "community len": 0, "epoch_serno": 15299605440000, "protocol version": "v2c", "time received": 1529960544.4896748, "trap category": "com.att.dcae.dmaap.IST3.DCAE-COLLECTOR-UCSNMP", "sysUptime": "751564798", "notify OID": "1.3.6.1.4.1.999.0.1", "notify OID len": 9, "varbinds": [{"varbind_oid": "1.3.6.1.4.1.999.0.1.1", "varbind_type": "OctetString", "varbind_value": "TEST TRAP"}]}
253 2018-06-25T21:02:24,496|post_dmaap|snmptrapd||||DETAILED|100||post_data_enclosed: {"uuid": "0f40196a-78bb-11e8-bac7-005056865aac", "agent address": "192.168.1.139", "agent name": "server001", "cambria.partition": "server001", "community": "", "community len": 0, "epoch_serno": 15299605440000, "protocol version": "v2c", "time received": 1529960544.4896748, "trap category": "com.att.dcae.dmaap.IST3.DCAE-COLLECTOR-UCSNMP", "sysUptime": "751564798", "notify OID": "1.3.6.1.4.1.999.0.1", "notify OID len": 9, "varbinds": [{"varbind_oid": "1.3.6.1.4.1.999.0.1.1", "varbind_type": "OctetString", "varbind_value": "TEST TRAP"}]}
261 "perm_status_file": "snmptrapd_status.log",