The case of the missing case 9 in the example trap handler.

[Stanley Hopcroft]

Dear Sir,

I am writing to thank you for your letter and say,

On Wed, Oct 15, 2003 at 08:21:34PM -0700, nagios-users-request at lists.sourceforge.net wrote:
> 
> Message: 5
> Date: Wed, 15 Oct 2003 15:47:46 -0600
> From: Drew Cullis <drew.cullis at gwl.com>
> To: Nagios <nagios-users at lists.sourceforge.net>
> Subject: [Nagios-users] expanation of Ethan's examples for snmptrapd
> 
> Hello;
>  I'm in the process of getting snmp working on my RH 7.3 box, using
> Nagios 1.0 & plugins 1.3.1 and monitoring SAN devices. Can anyone
> explain the syntax for Ethan's examples for his snmptrapd.conf file and
> handle-arcserve-trap script?

Not necessarily, however I used this example to begin my Nagios trap 
handling foray and this example taught me a lot.

> Some of it is obvious, but what I don't
> understand are these parts; 
> In the snmptrapd.conf file

>   ::arcServetrap9  
>   the 9 at the end

Here's an example from my ancient and no longer used snmptrapd.conf file

tsitc> co -p -r1.2 snmptrapd.conf | more
RCS/snmptrapd.conf,v  -->  standard output
revision 1.2

#############################
# Foundry ServerIron SNMP Traps
#############################

# 
traphandle FOUNDRY-SN-TRAP-MIB::snTrapL4RealServerUp 
/usr/local/netsaint/libexec/eventhandlers/handle-foundry-traps 21

#

The syntax is OID (fully qualified ie MIB_NAME::Oid) TrapHandler 
TrapNumber

My docco however shows (from the example quoted)

# Tape format failures
traphandle ARCserve-Alarm-MIB::arcServetrap9 
/usr/local/nagios/libexec/eventhandlers/handle-arcserve-trap 9

ie for the OID named arcServetrap9 (a trap) from the ARCserve-Alarm-MIB 
MIB, 

call /usr/local/nagios/libexec/eventhandlers/handle-arcserve-trap

with one argument (ie the shell var $1)

'9'.
 


> In the handle-arcserve-trap file
>         11)
> 
>  # Tape format failures        
> traphandle
> ARCserve-Alarm-MIB::arcServetrap9/usr/local/nagios/libexec/eventhandlers/handle-arcserve-trap
> 9
> 
> # failed to format tape - critical
>         11)
>             output="Critical: Failed to format tape"
>             state=2
>             ;;
>

There should be a case 9: Ooops. A typo has crept in that you have 
spotted.

Well done ! 

However, all the other traps are handled. 

Here is the missing case

        # Tape cannot be formatted - blow up
        9)
            output="Red alert ! Tape cannot be formatted."
            state=2
            ;;

To sum up

 1 The snmptrapd enumerates the traps to be responded to

 2 Vectors the trap to a trap handler

 3 In most cases, the handler decodes the trap (with a case) and sets
   - the PluginOuput
   - the Alert type (2 for critical 0 for Ok).

There is some perplexing redundancy in doing things this way - the 
official Net-SNMP sanctioned or at least provided way - in that the
trap is first recognised in snmptrapd and then passed on to be 
recognised again by the handler.

You may find that this method of handling traps fails to scale since you 
have to

1 Update and restart snmptrapd

and

2 Update or write a trap handler

for each new trap you want a passive service result from.

Your alternatives are

1 Alex Burger's 'snmptt' a much more elegant and scalable way of 
automating trap handling

2 Risto Vaarandi's 'sec' ('sec' is an Event Correlator pproviding at 
least some of the functions of Tivoli Resource Managers IIRC] that can 
be used for many many applications. I use it to decode traps by pattern 
matching the snmptrapd log and writing the passive service check result 
to the Nag command file (like a trap handler does but in Perl embedded 
in the sec configuration). Sec can viewed as turbocharged swatch)

 
>  Has anyone gotten this type of example to work in their environment? My
> understanding is the traphandle gets its info from the ARCserve-Alarm
> MIB, in this example trap 9, then runs the arcserve-trap script,
> inserting trap 9 ????. Is there any correlation between the trap #  and
> the 11 (or any of these numbers) in the other script? Hopefully this
> post is somewhat clear & understandable. Any help would be appreciated.
> 

Your understanding is correct. There is a typo in Mr Galstads example: 
please submit a patch to add the missing case to the HTML of the 
example.

There should be a one to one correspondence between the

. argument(s) passed to the trap handler

. the number of a trap in the MIB

. a case or processing block in the handler. 



> -- 
> 
> Drew Cullis
> ITS UNIX Sys Admin
> Phone: 303-737-6506   Email: drew.cullis at gwl.com
> 
> 


Yours sincerely.
-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null