snmp traps

Vinod vins192004 at yahoo.com
Mon Jun 5 08:27:41 CEST 2006


Hi Hannu

Thanks a lot for the information you provided.
I still have some issues in the services.cfg file
i have pasted it below, i get this error in cgi
Status information:CRITICAL: Passive Service check is missing!
If i set the check_period none nagios does not start.
Please advice

define service{
        name                            generic-service 
        active_checks_enabled           0       
        passive_checks_enabled          1       
        parallelize_check               1       
        obsess_over_service             1       
        check_freshness                 0       
        notifications_enabled           1       
        event_handler_enabled           1       
        flap_detection_enabled          1       
        failure_prediction_enabled      1       
        process_perf_data               1       
        retain_status_information       1       
        retain_nonstatus_information    1       
        register                        0        
        retry_check_interval    1
        }


                                                                                                                             
define service{
        register                        0
        name                            passive-check-template
        use                             generic-service
        check_freshness                 1
        check_period                    none
        passive_checks_enabled          1
        max_check_attempts              1
        check_command                   passive_check_missing
        notification_interval 120
       notification_period     24x7
       notification_options    w,c,r
        freshness_threshold             600
}
                                                                                                                             


define service {
    use    passive-check-template
    host_name     node
   contact_groups    admins
    service_description    snmp_trap_handling_ok
    register        1
   normal_check_interval   2
    retry_check_interval    2
    check_period 24x7
}

Regards
Vinod Moraes


Hannu Liljemark <hannu.liljemark at gstdomain.net> wrote: On Wed, May 31, 2006 at 12:39:47AM -0700, Vinod wrote:

> I tried to configure nagios to listen to snmp traps from a host.
> i have been referring to  documents
> http://www.samag.com/documents/s=9559/sam0503g/
> http://www.snmptt.org/docs/snmptt.shtml#Integration-with-other-software

I've been using http://www.samag.com/documents/s=9559/sam0503g/ with
good success.

> Secondly
> http://www.samag.com/documents/s=9559/sam0503g/
> speicifes 
> use    passive-check-template
> but its not mentioned how to define the passive-check-template

You can define passive_check_missing in checkcommands.cfg,
although it wont be used in this case:

define command{
        command_name    passive_check_missing
        command_line    $USER1$/passive_check_missing.sh
        }


Here's what passive_check_missing.sh looks like:

#!/bin/sh

/bin/echo "CRITICAL: Passive Service check is missing!"

exit 2


In services.cfg we define the template that will be used by the
snmp_trap_handling_* service checks:

define service{
        register                        0
        name                            passive-check-template
        use                             generic-service
        check_freshness                 1
        check_period                    none
        passive_checks_enabled          1
        max_check_attempts              1
        check_command                   passive_check_missing
        freshness_threshold             600
}


I've been converting mibs with:

snmpttconvertmib --net_snmp_perl --format_desc=6 --in=FOO.mib \
--out=/etc/snmp/snmptt-FOO.conf

as that seems to produce EVENTs with descriptions making more
sense than the default convert shown in the article. You may want
to look though them anyway or replace 6 with smaller number.
Check 'snmpttconvermib --help' for more info.

I've also made a small change to the snmptraphandling.py. Trend
Micro's MIBs use the severity NORMAL when snmptraphandling.py
only matches Normal (case sensitive). So I've added a section
to also match NORMAL.

My sec.conf looks like:

type=Single
ptype=RegExp
pattern=(\w+\s+\d+\s\d+:\d+:\d+)\s[\w\.\-]+\ssnmptt\[\d+\]:\s\
([\d\.]*)\s(Normal|NORMAL|INFORMATIONAL|MINOR|WARNING|SEVERE|\
MAJOR|CRITICAL)\s\"Status Events\"\s([\w\.\-]*)\s\-\s(.*)
desc=snmptrap received from $3
action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py\
 $4 $3 "$5"

When converting MIBs, you also may want to check them
through to see what kind of severities are defined for various traps.
So far there seems to a lot of Normal severity traps even for traps
that alert you about hardware failures etc. The article says "One
of the beauties of this solution is that we can use the event severity
set by the mib designer. Nagios will always report the event status
based on this information." and I think this is somewhat problematic
with a lot of MIBs. Many traps seem to define the severity somewhere
else.

Lets take examples from SUN-PLATFORM-MIB. Some Sun server might
send alarm traps and these have Normal severity so snmptt + sec + Nagios
would map them to OK. However they might be something worse: component
has blown up or system is reaching temperatures where metal starts
to melt... so I guess this setup has some drawbacks.

EVENT sunPlatEquipmentAlarm .1.3.6.1.4.1.42.2.70.101.2.0.5\
 "Status Events" Normal
EVENT sunPlatEnvironmentalAlarm .1.3.6.1.4.1.42.2.70.101.2.0.4\
 "Status Events" Normal

You get the severity as a variable:

  7: sunPlatNotificationPerceivedSeverity
     Syntax="INTEGER"
       1: indeterminate
       2: critical
       3: major
       4: minor
       5: warning
       6: cleared
     Descr="The perceived severity of the alarm, as specified by
         the agent that generated it in accordance with X.733,
         sec. 8.1.2.3."

I'd be interesting in hearing from others if they've come up with
some solution to this, or if I've misunderstood something.

Regards,

-- 
Hannu Liljemark  |  Appelsiini Finland Oy  |  http://appelsiini.fi


_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060604/163b3632/attachment.html>
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list