Discussion:
[Nagios-users] Regarding SNMP Trap
Ranjeet Kumar
2006-12-27 11:09:24 UTC
Permalink
Hi,



I am trying to get snmp trap to nagios. I am using nagios-2.4-1,
nagios-pluging-1.4.3 & OS - Debian.

I am referring "Pro Nagios 2.0" book to for this.



I translated the mib using snmpttconvertmib as follow: -



/usr/sbin/snmpttconvertmib -in=/usr/share/smnp/mibs/IF-MIB.txt
-out=/etc/snmp/snmtt.conf



as well as added EXEC statement on snmptt.conf. below is the contents of
snmptt.conf



MIB: IF-MIB (file:/usr/share/snmp/mibs/IF-MIB.txt) converted on Thu Dec
21 12:34:15 2006 using snmpttconvertmib v1.1

#

#

#

EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal

FORMAT Interface number $1 on $r is entering the $3 state

EXEC /usr/share/nagios2/plugins/eventhandlers/submit_check_result "$r"
"snmp_trap" 2 "Interface number $1 is entering the $3 state"

#FORMAT A linkDown trap signifies that the SNMP entity, acting in $*

SDESC

A linkDown trap signifies that the SNMP entity, acting in

an agent role, has detected that the ifOperStatus object for

one of its communication links is about to enter the down

state from some other state (but not from the notPresent

state). This other state is indicated by the included value

of ifOperStatus.

Variables:

1: ifIndex

2: ifAdminStatus

3: ifOperStatus

EDESC

#

#

#

EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal

FORMAT Interface number $1 on $r is entering the $3 state

EXEC /usr/share/nagios2/plugins/eventhandlers/submit_check_result "$r"
"snmp_trap" 2 "Interface number $1 is entering the $3 state"

#FORMAT A linkUp trap signifies that the SNMP entity, acting in an $*

SDESC

A linkUp trap signifies that the SNMP entity, acting in an

agent role, has detected that the ifOperStatus object for

one of its communication links left the down state and

transitioned into some other state (but not into the

notPresent state). This other state is indicated by the

included value of ifOperStatus.

Variables:

1: ifIndex

2: ifAdminStatus

3: ifOperStatus

EDESC

EVENT CatchAll .1.* "SNMP Traps" Critical

FORMAT $D

EXEC /usr/share/nagios2/plugins/eventhandlers/submit_check_result "$r"
"snmp_traps" 2 "$O: $1 $2 $3 $4 $5"



I am able to see the logs of translated trap as log but it is not
executing the EXEC command. I tried using manually it works fine.

Please help me in solving this issue.



Thanks,

Ranjeet






The information contained in, or attached to, this e-mail, contains confidential information and is intended solely for the use of the individual or entity to whom they are addressed and is subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email.

www.aztecsoft.com
Dmitriy Kirhlarov
2006-12-27 12:18:02 UTC
Permalink
Post by Ranjeet Kumar
EXEC /usr/share/nagios2/plugins/eventhandlers/submit_check_result "$r"
"snmp_traps" 2 "$O: $1 $2 $3 $4 $5"
I am able to see the logs of translated trap as log but it is not
executing the EXEC command. I tried using manually it works fine.
1. Show your snmptrapd.conf.

2. Check your snmptt.ini file in
[Exec] section.

3. Can you execute
/usr/share/nagios2/plugins/eventhandlers/submit_check_result
manualy?

4. submit_check_result must use nsca for transport.
Is your nsca can take result? Switch on debug in nsca.conf.

5. nagios must have properly configured host and service for
interpretate getted trap.

For me it's work.

Also, see:
http://nagios.org/faqs/viewfaq.php?faq_id=29&expand=false&showdesc=true
http://www.snmptt.org/docs/snmptt.shtml
http://www.samag.com/documents/s=9559/sam0503g/

WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:***@oilspace.com
Building Successful Supply Chains - One Solution At A Time.
www.oilspace.com
Ranjeet Kumar
2006-12-28 05:46:04 UTC
Permalink
Dmitriy,



Below is answers of your questions: -



1. Show your snmptrapd.conf.

traphandle default /usr/sbin/snmptthandler



2. Check your snmptt.ini file in

[Exec] section.

exec_enable = 1

pre_exec_enable = 1

unknown_trap_exec =



3. Can you execute
/usr/share/nagios2/plugins/eventhandlers/submit_check_result

manualy?

Yes I can execute the manually.



4. submit_check_result must use nsca for transport.

Is your nsca can take result? Switch on debug in nsca.conf.

I am not using nsca. I don't think it is required because same
server is acting as snmptrap server as well as nagios monitoring server.
Is it really required?



5. nagios must have properly configured host and service for
interpretate getted trap.

I have not started working on this as exec statement is not
working.

For me it's work.



Also, see: http://nagios.org/faqs/viewfaq.php?faq_id=29
<http://nagios.org/faqs/viewfaq.php?faq_id=29&expand=false&showdesc=true
Post by Dmitriy Kirhlarov
&expand=false&showdesc=true
http://www.snmptt.org/docs/snmptt.shtml

http://www.samag.com/documents/s=9559/sam0503g/



WBR
--
Dmitriy Kirhlarov

OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow,
Russia P:+7 495 105 7247 ext.208 F:+7 495 105 7246
E:***@oilspace.com Building Successful Supply Chains - One
Solution At A Time. www.oilspace.com







Thanks,

Ranjeet






The information contained in, or attached to, this e-mail, contains confidential information and is intended solely for the use of the individual or entity to whom they are addressed and is subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email.

www.aztecsoft.com
Dmitriy Kirhlarov
2006-12-28 09:41:11 UTC
Permalink
Post by Dmitriy Kirhlarov
1. Show your snmptrapd.conf.
traphandle default /usr/sbin/snmptthandler
Check also, what your snmptrapd runned and your snmptt runned as daemon.

In this case, your log files must have messages from snmptrapd and
snmptt.
Post by Dmitriy Kirhlarov
4. submit_check_result must use nsca for transport.
I am not using nsca. I don't think it is required because same
server is acting as snmptrap server as well as nagios monitoring server.
Is it really required?
No. You can work directly with nagios command_file.
Post by Dmitriy Kirhlarov
I have not started working on this as exec statement is not
working.
Try to replace EXEC to some simple command like
date >> /tmp/snmptt.exec.log

It's doesn't work too?
If yes -- check installed perl modules.

I'm using:

snmptt-1.1 SNMP trap handler/translator/swiss-army-knife
Information for snmptt-1.1:

Depends on:
Dependency: perl-5.8.8
Dependency: p5-Config-IniFiles-2.39
Dependency: net-snmp-5.2.3_3

FreeBSD 6.2-PRERELEASE

WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:***@oilspace.com
Building Successful Supply Chains - One Solution At A Time.
www.oilspace.com
Robert Hajime Lanning
2006-12-28 11:39:03 UTC
Permalink
I had performance issues having Nagios process every trap.
We have a fairly large SNMP utilization over here. Our Netscreen
firewalls send quite a few traps sometimes. On order of 10/s or
more during "attacks" (usually virus outbreaks). Wasn't very
happy with my monitoring server keel over during an event.

So, here is what I have done:
1) snmptrapd does run snmptthandler, but I ported snmptthandler
to C. http://lanning.cc/nagios/snmptthandler.c

2) snmptt is run in daemon mode with the modification at the end
of this message.

3) Nagios runs this service check for every host
http://lanning.cc/nagios/check_snmp_trap

4) The extra service notes URL points to this CGI scipt:
http://lanning.cc/nagios/showsnmptraps.txt
(in the near future, I am going to put in a way to look at
traps other than today)

5) snmptt seems to have a memory leak. (based on amount of traps
processed) So, I have a cron job restarting it every 6 hours.

6) snmptrapd seems to also have a memory leak, though smaller
than snmptt. So, I have it restarted once a day.

7) snmptt.conf contains: for each configured trap (including a
catchall ".1.*")
EXEC log_snmptrap "$@" "$A" 2 "...message..."

---------------------------------------
$ diff snmptt snmptt.orig
58,78d57
< sub nagiostraplog
< {
< my $LOGBASE="/usr/local/nagios/var/snmptraps";
<
< my $timestamp = shift;
< my $host = shift;
<
< my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
gmtime($timestamp);
< $year += 1900;
< $mon++;
< my $LOGDir = "$LOGBASE/$host/$year/$mon";
<
< if ( ! -d $LOGDir ) {
< system("umask 022;mkdir -p $LOGDir");
< };
<
< open (NAGLOG,">>$LOGDir/${mday}.log");
< print NAGLOG "[$timestamp] " . join(";",@_) . "\n";
< close (NAGLOG);
< }
<
1539,1556c1518
< if ($command =~ /log_snmptrap/)
< {
< $command =~ s/^.*log_snmptrap\s*//;
< my @args = split(/\s+/,$command);
< my $timestamp = shift(@args);
< my $ip = shift(@args);
< my $severity = shift(@args);
< my $message = join(" ",@args);
< $timestamp =~ s/[^0-9]+//g;
< $ip =~ s/[^0-9.]+//g;
< $severity =~ s/[^0-9]+//g;
< $message =~ s/"//g;
<
&nagiostraplog($timestamp,$ip,$severity,$message);
< }
< else
< {
< system $command;
< }
---
system $command;
----------------------------------------------------
--
And, did Galoka think the Ulus were too ugly to save?
-Centauri
Continue reading on narkive:
Loading...