cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SNMP Traps Port unable to bind on 162

jenny_baker211
Newcomer

I have tried setting up SNMP traps on port 162. 

I can see the traps are hitting the Activegate instance as these are displaying in TCP dump. 

 

The extension for SNMP traps is repeatedly displaying an error in the logs:

Failed to start listen on port::162 err: listen udp :162: bind: permission denied

 

Do we need to open up port 162 on the activegate instance?

Can this be done in custom.properties?

Or is there a permissions issue using ports under 1024?

 

If anyone has a workaround for this please let me know

3 REPLIES 3

AntonioSousa
DynaMight Guru
DynaMight Guru

@jenny_baker211,

To listen on port 162, you have to have root permission. There are some ways to escaping that, and I believe  the standard way ActiveGate is installed doesn't require additional configuration.

Additionally, there might be another program already listening on port 162. Run the following command to find out if that is the case:

  • netstat -anp | grep 162
Antonio Sousa

Hi Antonio, 

 

Thank you for the reply - I have tried a netstat and nothing else appears to be using this port. 

It looks like we have a specific user running activegate - is it possible to give this user permissions for port 162 - or would I need to pick a new port > 1024 to allow SNMP traps to be handled?

AntonioSousa
DynaMight Guru
DynaMight Guru

@jenny_baker211,

You have several options here:

  1. Running ActiveGate as root. I have cases where this happens, but not the best Security option. Given you are using traps, this might have a reduced exposure, so might be an option:
    https://docs.dynatrace.com/docs/shortlink/activegate-custom-installation-linux#user-service
  2. Reroute traps to a higher port. So you don't have to change it in your network devices, redirect through port forwarding. You will have to change 162 in the Dynatrace configuration to another port, 1162 for instance:
    sudo iptables -t nat -A PREROUTING -p udp --dport 162 -j REDIRECT --to-port 1162
  3. You can also use setcap to permit a certain program to listen on a specific privileged port. Never tried it out with ActiveGate.
Antonio Sousa

Featured Posts