getting snmptt working -> unknown traps

Denny Schierz linuxmail at 4lin.net
Mon Mar 10 22:53:16 CET 2008
Previous message: OT?: email to voice
Next message: getting snmptt working -> unknown traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi,

i'm trying to get snmptt working but i have no success. The trap
receiver snmptrapd is running and he receives traps:

Nagios 3rc3
NagTrap Version 0.1.2:
MySQL  5.x

ps ax | grep snmp
6493  ??  Ss 0:00.69 snmptrapd -Lf /var/log/snmptt.debug -On -C -c
/usr/local/share/snmp/snmpd.conf

my snmpd.conf looks like:
#####

disableAuthorization yes
traphandle default /usr/local/sbin/snmptt ini=/usr/local/etc/snmptt.ini

#####

and now the snmptt.ini
#####

[General]
snmptt_system_name = logserver
mode = standalone
multiple_event = 1
dns_enable = 0
strip_domain = 0
strip_domain_list = <<END
domain.com
END
resolve_value_ip_addresses = 0
net_snmp_perl_enable = 1
net_snmp_perl_best_guess = 0
translate_log_trap_oid = 0
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
translate_integers = 1
wildcard_expansion_separator = " "
allow_unsafe_regex = 0
remove_backslash_from_quotes = 0
dynamic_nodes = 0
description_mode = 0
description_clean = 1
threads_enable = 0
threads_max = 10
[DaemonMode]
daemon_fork = 1
daemon_uid =
pid_file = /var/run/snmptt.pid
spool_directory = /var/spool/snmptt/
sleep = 5
use_trap_time = 1
keep_unlogged_traps = 1
[Logging]
stdout_enable = 1
log_enable = 1
log_file = /var/log/snmptt.log
log_system_enable = 1
log_system_file = /var/log/snmpttsystem.log
unknown_trap_log_enable = 1
unknown_trap_log_file = /var/log/snmpttunknown.log
statistics_interval = 0
syslog_enable = 1
syslog_facility = local0
syslog_level_debug = <<END
END
syslog_level_info = <<END
END
syslog_level_notice = <<END
END
syslog_level_warning = <<END
END
syslog_level_err = <<END
END
syslog_level_crit = <<END
END
syslog_level_alert = <<END
END
syslog_level = warning
syslog_system_enable = 1
syslog_system_facility = local0
syslog_system_level = warning
[SQL]
db_translate_enterprise = 0
db_unknown_trap_format = '$-*'
sql_custom_columns = <<END
END
sql_custom_columns_unknown = <<END
END
mysql_dbi_enable = 1
mysql_dbi_host = datenbankserver
mysql_dbi_port = 3306
mysql_dbi_database = snmptt
mysql_dbi_table = snmptt
mysql_dbi_table_unknown = snmptt_unknown
mysql_dbi_table_statistics =
mysql_dbi_username = snmpttuser
mysql_dbi_password = snmpttpass
mysql_ping_on_insert = 1
mysql_ping_interval = 300
[Exec]
exec_enable = 1
pre_exec_enable = 1
unknown_trap_exec =
unknown_trap_exec_format =
exec_escape = 1
[Debugging]
DEBUGGING = 2
DEBUGGING_FILE = /var/log/snmptt.debug
DEBUGGING_FILE_HANDLER = /var/log/snmptthandler.debug
[TrapFiles]
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
END
######

you can see, we use mysql, cause of NagTrap.

Here you can see the MIB: http://pastebin.com/m4b101454

and i converted it with the snmpttmibconverter:

./snmpttconvertmib --in=asc.mib --out=snmptt.conf --net_snmp_perl

/etc/snmp/snmptt.conf
#####
MIB: ASC-SNMP-MIB-EXT (file:./asc.mib) converted on Fri Mar  7 13:01:25
2008 using snmpttconvertmib v1.2
#
#
#
EVENT ascEvoNotif .1.3.6.1.4.1.4063.2.1.1.1 "Status Events" Normal
FORMAT RecorderID:    $1
SDESC
RecorderID:    %s
Hostname
Module:        %s
Type:          %s
Code:          %s
Number:        %s
Opened:        %s
Updated:       %s
Closed:        %s
Text:          %s
Close Comment: %s
Variables:
  1: ascEvoSystemID
     Syntax="OCTETSTR"
     Descr="System ID, this is the unique recorder ID"
  2: ascEvoSystemName
     Syntax="OCTETSTR"
     Descr="System name, the hostname of the recorder"
  3: ascEvoModuleName
     Syntax="OCTETSTR"
     Descr="Module name, the process which caused the message"
  4: ascEvoErrType
     Syntax="OCTETSTR"
     Descr="Error type LOG_ERROR, LOG_WARNING, LOG_INFO, LOG_AUDIT"
  5: ascEvoErrCode
     Syntax="OCTETSTR"
     Descr="Error code"
  6: ascEvoErrUniqueID
     Syntax="OCTETSTR"
     Descr="Unique error counter"
  7: ascEvoErrOpenTime
     Syntax="OCTETSTR"
     Descr="Error opened time"
  8: ascEvoErrUpdateTime
     Syntax="OCTETSTR"
     Descr="Error updated time is the same as ascEvoOpenTime on first
occurence"
  9: ascEvoErrCloseTime
     Syntax="OCTETSTR"
     Descr="Error closed time if closed else empty"
 10: ascEvoErrText
     Syntax="OCTETSTR"
     Descr="Error text as an additional description"
 11: ascEvoErrCloseComment
     Syntax="OCTETSTR"
     Descr="Error close comment if closed else empty"
EDESC

#####

someone from a german portal (nagios-portal.de) says, that is looks
quite strange ...

the unknowntrap.log shows something like:

########
Mon Mar 10 10:17:38 2008: Unknown trap (.1.3.6.1.4.1.4063.2.1.2)
received from asc2.foo.com at:
Value 0: asc2.foo.com
Value 1: 16.24.37.23
Value 2: 10:19:18:29.24
Value 3: .1.3.6.1.4.1.4063.2.1.2
Value 4: 16.24.37.23
Value 5:
Value 6:
Ent Value 0: .1.3.6.1.4.1.4063.2.1.2.1=5175771137
Ent Value 1: .1.3.6.1.4.1.4063.2.1.2.2=evolution
Ent Value 2: .1.3.6.1.4.1.4063.2.1.2.3=IASAPISV
Ent Value 3: .1.3.6.1.4.1.4063.2.1.2.4=LOG_AUDIT
Ent Value 4: .1.3.6.1.4.1.4063.2.1.2.5=USER_SOFTWARE_START
Ent Value 5: .1.3.6.1.4.1.4063.2.1.2.6=1001
Ent Value 6: .1.3.6.1.4.1.4063.2.1.2.7=2008/03/10 10:15:36,137
Ent Value 7: .1.3.6.1.4.1.4063.2.1.2.8=2008/03/10 10:15:36,137
Ent Value 8: .1.3.6.1.4.1.4063.2.1.2.9=2008/03/10 10:17:37,698
Ent Value 9: .1.3.6.1.4.1.4063.2.1.2.10=Local User 1 is executing POWERplay
Ent Value 10: .1.3.6.1.4.1.4063.2.1.2.11=7.00.54

Mon Mar 10 10:19:27 2008: Unknown trap (.1.3.6.1.4.1.4063.2.1.2)
received from asc2.foo.com at:
Value 0: asc2.foo.com
Value 1: 16.24.37.23
Value 2: 10:19:20:18.51
Value 3: .1.3.6.1.4.1.4063.2.1.2
Value 4: 16.24.37.23
Value 5:
Value 6:
Ent Value 0: .1.3.6.1.4.1.4063.2.1.2.1=5175771137
Ent Value 1: .1.3.6.1.4.1.4063.2.1.2.2=evolution
Ent Value 2: .1.3.6.1.4.1.4063.2.1.2.3=IASAPISV
Ent Value 3: .1.3.6.1.4.1.4063.2.1.2.4=LOG_AUDIT
Ent Value 4: .1.3.6.1.4.1.4063.2.1.2.5=USER_LOGIN
Ent Value 5: .1.3.6.1.4.1.4063.2.1.2.6=1000
Ent Value 6: .1.3.6.1.4.1.4063.2.1.2.7=2008/03/10 10:15:24,032
Ent Value 7: .1.3.6.1.4.1.4063.2.1.2.8=2008/03/10 10:15:24,032
Ent Value 8: .1.3.6.1.4.1.4063.2.1.2.9=2008/03/10 10:19:26,804
Ent Value 9: .1.3.6.1.4.1.4063.2.1.2.10=User Login for 1 at PORTAL
Ent Value 10: .1.3.6.1.4.1.4063.2.1.2.11=Logout
#########

if i test to translate, it works:

snmptranslate   .1.3.6.1.4.1.4063.2.1.2
ASC-SNMP-MIB-EXT::ascEvoObj

so, why are these traps unknown? any suggestions?

cu denny

-- 
Stoppt den Überwachungswahn - Stoppt den Schäuble Katalog:
http://www.nopsis.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080310/a01b68bb/attachment.sig>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: OT?: email to voice
Next message: getting snmptt working -> unknown traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list