Raw edition - syslog and snmptrap ports listen in ipv6 only

rdot84 · October 18, 2025, 10:41pm

I’m new to checkmk.

Just installed checkmk raw 2.4.0p13 on alma 9 and after configuring some hosts and services i wanted to try and use it to receive syslog messages and snmp traps.

So i enabled both in global settings, enabling even “Syslog-like message logging”, and restarted the server.

Tried to send some test syslog messages and snmp traps, but nothing appears in
Monitor\ Event Console \ Events.

Not sure if I’m supposed to do anything else to make checkmk ingest those messages, but I suspect the problem is that the syslog and snmptraps processes managed by checkmk are listening in ipv6 only, in spite of the fact that in the OS i completely disabled ipv6.

[root@checkmk ~]# netstat -anp | egrep '(:514|:162)'
tcp6       0      0 :::514                  :::*                    LISTEN      42399/python3       
udp6       0      0 :::162                  :::*                                42399/python3       
udp6       0      0 :::514                  :::*                                42399/python3

Ho do I make syslog and snmptrap listen on ipv4???

andreas-doehler · October 19, 2025, 6:57am

It is already listening on ipv4. Your screenshot is perfectly normal. You only see ipv4 there if a process explicitly listens on ipv4.

Here on this machine the Apache looks like to only listen on ipv6 but is answering as expected also on ipv4.

netstat -tulpn | grep apache
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      847/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      285/apache2

curl -v http://127.0.0.1:80/
*   Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/1.1 200 OK

For this you need some rules active in your event console. Minimum is a “catch all” rule.

rdot84 · October 19, 2025, 11:06pm

Thanks a lot.

Didn’t know that “tcp6 0 :::80” would listen to ipv4 as well.

And you were right that adding the rule was the real missing part.

mbunkus · October 20, 2025, 8:42am

To expand on Andreas’ explanation a bit: on Linux there’s a knob in the proc file system controlling this behavior called /proc/sys/net/ipv6/bindv6only Its default, at least on most Linux distros I’m aware of, is 0 meaning the option is off, meaning sockets listening to certain wildcard addresses will not bind to IPv6 only, but to IPv4 as well.

Note that I’m specifically talking about wildcard addresses, usually displayed as *:<port> or maybe :::<port> with :: being the IPv6 wildcard address (IPv4 equivalent 0.0.0.0). An entry such as ::1:12345 would really mean that this socket is only listening on the IPv6 localhost address ::1 on port 12345, but not on the IPv4 localhost address 127.0.0.1, as ::1 is not a wildcard address. Therefore if you have daemons configured to listen on localhost only and they properly support IPv6 they’ll show up twice in netstat or lsof output.