How-To Configure snmptrapd

Configure `snmptrapd` on Debian (UDP/162 → file logging)

Overview (final state)

snmptrapd runs as Debian-snmp
systemd socket activation binds UDP/162
Traps are written to:
/var/log/snmp/snmptraps.log
No root execution required
Compatible with Splunk UF file monitoring

1. Install `snmptrapd`

sudo apt update sudo apt install -y snmp snmptrapd

2. Enable and start the socket (binds UDP/162)

sudo systemctl enable --now snmptrapd.socket sudo systemctl start snmptrapd.socket

Verify:

sudo ss -lunp | grep :162

You should see snmptrapd with systemd owning the socket.

3. Configure trap authorization

Edit the config:

sudo nano /etc/snmp/snmptrapd.conf

Minimum required (for testing and general ingestion):

disableAuthorization yes

Without this, traps are silently discarded.

4. Create a dedicated log file

snmptrapd runs as Debian-snmp, so permissions must match.

sudo mkdir -p /var/log/snmp sudo touch /var/log/snmp/snmptraps.log sudo chown Debian-snmp:Debian-snmp /var/log/snmp /var/log/snmp/snmptraps.log sudo chmod 750 /var/log/snmp sudo chmod 640 /var/log/snmp/snmptraps.log

5. Configure systemd override to log to file

Do not edit files under /lib/systemd/system.

Create a drop-in override:

sudo mkdir -p /etc/systemd/system/snmptrapd.service.d sudo tee /etc/systemd/system/snmptrapd.service.d/override.conf >/dev/null <<'EOF' [Service] Type=simple ExecStart= ExecStart=/usr/sbin/snmptrapd -f -Lf /var/log/snmp/snmptraps.log EOF

Why:

Type=simple avoids sd_notify issues
Socket activation already provides UDP/162
-Lf ensures all traps go to the file

6. Reload systemd and restart services

sudo systemctl daemon-reload sudo systemctl restart snmptrapd.socket sudo systemctl restart snmptrapd.service

Verify:

systemctl status snmptrapd.service --no-pager -l

Expected command line:

/usr/sbin/snmptrapd -f -Lf /var/log/snmp/snmptraps.log

7. Test trap reception

Watch the log:

tail -f /var/log/snmp/snmptraps.log

Send a test trap:

snmptrap -v 2c -c public 127.0.0.1 '' .1.3.6.1.6.3.1.1.5.3

You should see the trap immediately.

If not:

sudo tcpdump -i lo -nn udp port 162

0 reviews

Print Article

Updating...

How-To Configure snmptrapd

Configure `snmptrapd` on Debian (UDP/162 → file logging)

Overview (final state)

1. Install `snmptrapd`

2. Enable and start the socket (binds UDP/162)

3. Configure trap authorization

4. Create a dedicated log file

5. Configure systemd override to log to file

6. Reload systemd and restart services

7. Test trap reception

Deleting...

Updating...

How-To Configure snmptrapd

Configure snmptrapd on Debian (UDP/162 → file logging)

Overview (final state)

1. Install snmptrapd

2. Enable and start the socket (binds UDP/162)

3. Configure trap authorization

4. Create a dedicated log file

5. Configure systemd override to log to file

6. Reload systemd and restart services

7. Test trap reception

Deleting...

Configure `snmptrapd` on Debian (UDP/162 → file logging)

1. Install `snmptrapd`