arcserve traps, snmptrapd, into nagios... missing 1 piece
Stanley Hopcroft
Stanley.Hopcroft at IPAustralia.Gov.AU
Fri Dec 13 07:43:08 CET 2002
Dear Sir,
I am writing to thank you for your letter and say,
On Thu, Dec 12, 2002 at 01:58:27PM -0700, NYCE, GREG wrote:
> I've followed the instructions in the Nagios documentation
> http://nagios.sourceforge.net/docs/1_0/int-snmptrap.html in terms of setting
> up snmptrapd as a traphandler, and it dutifully fires off the event-handler
> script. However, what I'm wanting to do is somehow move over the trap
> "message/status" and pipe that into the output. See example traps below...
> want to move the number of errors/warnings into the Service status.
>
> Dec 11 17:48:41 netmon snmptrapd[5143]: 192.168.1.34: Enterprise Specific
> Trap (arcServetrapMed) Uptime: 0:00:00.00,
> enterprises.cheyenne.arcServe.arcServeServerName.0 = "BAK01",
> enterprises.cheyenne.arcServe.arcServetrapdesc.0 = "BAK01: Backup Operation
> Incomplete..Number of Errors/Warnings: 0/6"
>
> Dec 11 20:43:49 netmon snmptrapd[5143]: 192.168.1.34: Enterprise Specific
> Trap (arcServetrapMed) Uptime: 0:00:00.00,
> enterprises.cheyenne.arcServe.arcServeServerName.0 = "BAK01",
> enterprises.cheyenne.arcServe.arcServetrapdesc.0 = "BAK01: Backup Operation
> Incomplete..Number of Errors/Warnings: 0/2"
>
> So, is that just a matter of knowing what variable (varbind?) that the
> snmptrap would hold that in?
Yes.
Here is part of an example that does what I think you are wanting to do
for Frame Relay traps
# Arguments:
# $1 = trap type
# First line passed from snmptrapd is FQDN of host that sent the trap
read host
# Second line passed from snmptrapd is ip address of host that sent the
trap
read ip
# Subsequent lines passed from snmptrapd contain the varbinds, one pair
of OIDs and values perl line
#
#
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitIfIndex.15.21
15
#
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitDlci.15.21
21
#
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitState.15.21
inactive(3)
Dlci=9999
CircuitState='unknown'
while read oid val
do
if [ `expr "$oid" : '.*Dlci'` -gt 0 ]
then
Dlci=$val
elif [ `expr "$oid" : '.*CircuitState'` -gt 0 ]
then
CircuitState=$val
fi
done
# Given a FQDN, get the short name of the host as it is setup in
NetSaint
hostname="unknown"
case $host in
so-*)
hostname=`expr "$host" : '\(so-...\)'`
# traps could come from so-ade-isdn, so-ade-frame etc.
;;
localhost)
# FIXME.
# Testing only.
hostname="so-cbr"
;;
*)
exit 0
esac
service_desc="Frame relay PVC state change"
# Get severity level (OK, WARNING, UNKNOWN, or CRITICAL) and plugin
output based on trape type
state_OK=0
state_UNKNOWN=3
state_WARNING=1
state_CRITICAL=2
echocmd="/bin/echo"
CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
state=state_UNKNOWN
output="No output"
case $1 in
# frDLCIStatusChange (a frame relay PVC has changed state)
1)
if [ `expr "$CircuitState" : 'active'` -gt 0 ]
then
output="Ok. Frame relay PVC $Dlci has changed state to
$CircuitState."
state=$state_OK
elif [ `expr "$CircuitState" : 'inactive'` -gt 0 ]
then
output="Failed. Frame relay PVC $Dlci has changed state to
$CircuitState."
state=$state_CRITICAL
else
output="Uknown. Frame relay PVC $Dlci has changed state to
$CircuitState."
state=$state_UNKNOWN
fi
;;
# frDLCIStatusChange reset (Bogon OID. This bogus trap lets us
reset a Fault state.)
1111)
output="Ok. Frame relay PVC $Dlci has changed state to
$CircuitState."
state=$state_OK
;;
esac
So the principle is following the Net-SNMP docco your trap handler is
called with the number of the trap and then fed on stdin
1 FQDN of trap reporting host
2 IP of " "
3 'VarBinds' on successive lines, consisting of space separated OIDName
and OIDVals.
Your script must read the 'varbinds' and work out what they mean,
assigning them as required to local storage (for inclusion in the
check ouput).
You know what the VarBinds are from the trap definition of the MIB you
are handling.
This one is looking for OIDs containing 'Dlci' and 'CircuitState'.
and saves them in $Dlci and $CircuitState (the script would be better
written in Perl from the intelligibility/maintainability perspective,
but I stupidly thought the shell would run faster).
> Based on teh
> documentation, it appears that
> the server name is held in $host...
>
Yep.
> ___________________________
>
> greg.nyce at aei.com
> 970-407-6948
>
This is pretty much a pain to do and maintain.
You may care to check out Alex Brugers SNMPTT (SNMP Trap Translator
which does it much more cleanly and easily).
I am going to once I get free of dealing with outsourced provider
problems.
Yours sincerely.
--
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------
'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'
from Meditation 17, J Donne.
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
More information about the Users
mailing list