Trap Handling Scheme

[Jim Avery]

On 06/08/07, Paul Dugas <paul at dugas.cc> wrote:
> What about all the other "pending doom" traps the UPS can send?
> Temperatures, bad batteries, etc.?  Do I have a corresponding service
> for every one and manually clear them when they fire?  Or, could I have
> a single generic "TRAP" service that logged and send notifications for
> them?

I have a bit of a mixture.  For most, I just have a generic "SNMP"
service for the host and have it always go "Critical" regardless of
what the trap is.  So long as the traps are few and far between, this
is no problem, I just manually reset the status to OK by sending a
passive check result once I've investigated what the problem is.  I
only bother to configure specific named trap services in Nagios where
it makes sense to do so.

If you have a setup where you let Nagios process the trap which sets
status back to OK, it may make sense to have Nagios notify by email so
these traps won't go unnoticed.  A danger, though, is that if you get
a storm of traps from a system, you could be inundated with emails.

I have configured the event handler script so that if any traps arrive
from hosts which I don't know about, they go to the generic "SNMP"
service for localhost.  That way, if someone is setting up a new
device and points traps at my Nagios system, I will know about it as
soon as any trap arrives and can retrospectively configure Nagios to
recognise that host.

I also have a line in snmptt.ini like so:
unknown_trap_exec =
/usr/local/nagios/libexec/eventhandler/submit_unknown_check_result

this writes the trap information to a log file if snmptt comes across
a trap which isn't defined in the snmptt.conf file.  I have a Nagios
service defined to check this log file so I will know if any unknown
traps come in - I can then go find the relevant MIB and add it to the
snmptt.conf file.

I can't pretend I'm entirely happy with the way my system works, as
it's not entirely intuitive, but it is catch-all so I'm unlikely to
miss anything!

hth,

Jim

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null