snmptt not working
Jan Scholten
Jan.Scholten at iconz.net
Wed Nov 3 22:22:42 CET 2004
I wrote some documentation how i catched snmp traps and translate them
with snmptt, i send you the text (long!) but hope it helps! If you have
corrections (since its still a 0.1 documentation) just let me know!
Jan
******************************************
Catching SNMP Traps
Catching SNMP Traps is very useful in an environment of SNMP-Trap capable
devices, like switches or routers. A switch can send a SNMP Trap to a
specified SNMP-Server when a link goes down, a cold restart has happened
or whether are fan failed or the system temperature is to high. It’s a
very neat feature not to check whether a link is still established, but to
have a message sent, when the link is going down!
I will mention the steps necessary to catch SNMP Traps as well as
providing a sample configuration and useful scripts to handle and
correctly assign the incoming traps to the right device in Nagios.
The traps will be catched by snmptrapd and translated by snmptt the “SNMP
Trap Translator”, a perl script that has multiple formatting options for
Traps. Snmptt will forward it’s output to a small script, that determines
which switch was the trap sender and than calls a script, which writes to
the external command file. Nagios will read and process this command.
We need a basic perl installation, the snmpd package (which includes
snmptrapd) and some perl librarys libconfig-inifiles-perl and if you want
to run snmptt as a daemon you need libtime-hires-perl.
As there is no snmptt Debian package we need to install it from the
source, the documentation of snmptt is very good
( http://www.snmptt.org/docs/snmptt.shtml#Installation-Unix ):
download snmptt
wget http://optusnet.dl.sourceforge.net/sourceforge/snmptt/snmptt_1.0.tgz
unpack:
tar xvfz snmptt_1.0.tgz
copy snmptt to /usr/sbin/ and ensure it is executable (chmod +x snmptt)
cp snmptt /usr/sbin/
chmod +x /usr/sbin/snmptt
copy snmptthandler to /usr/sbin/ and ensure it is executable (chmod +x
snmptthandler)
cp snmptthandler /usr/sbin/
chmod + x /usr/sbin/snmptthandler
copy snmptt.ini to /etc/snmp/ or /etc/ and edit the options inside the
file.
cp snmptt.ini /etc/snmp/
For standalone mode:
Modify the Net-SNMP snmptrapd.conf file by adding the following line:
vi /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptt
check that mode is standalone in /etc/snmp/snmptt.ini
For Daemon mode:
vi /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptthandler
check that mode is daemon in /etc/snmp/snmptt.ini
To secure snmptt:
add a user snmptt and set daemon_uid = snmptt in /etc/snmp/snmptt.ini
adduser snmptt
vi /etc/snmp/snmptt.ini
daemon_uid = snmptt
Make sure that the logfiles /var/log/snmptt* and the tmp files
/var/spool/snmptt are accessible by the user. I chown them to snmptt
!ToDo! check whether dirs exists before startup
chown snmptt /var/log/snmptt*
chown snmptt /var/spool/snmptt
When in daemon mode start snmptt –daemon
snmptt—daemon
You may want to add a Startup Script in /etc/init.d and the appropriate
/etc/rcX.d
Configuration for spamtrapd:
edit the snmpd startup-script, so that snmptrapd is started:
vi /etc/default/snmpd
# snmpd control (yes means start daemon).
SNMPDRUN=no
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -p /var/run/snmpd.pid’
# snmptrapd control (yes means start daemon). As of net-snmp version #
5.0, master agentx support must be enabled in snmpd before snmptrapd # can
be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=yes
# snmptrapd options (use syslog).
TRAPDOPTS=’-Lsd -p /var/run/snmptrapd.pid -On’
! Important: start snmpdtrapd and add the –On option, to receive numeric
OIDs. !
use snmpconf to create a basic configuration, important points are:
That you have following points in your snmpd.conf:
trapsink localhost
!ToDo!
snmptt needs .conf files to recognize traps. There are some MIB Files
included the snmp package (/usr/share/snmp/mibs), which are a good start
we convert them for snmptt, by using a short script, but before that copy
the mibs to a working directory and create a output dir:
cp /usr/share/snmp/mibs ~/snmptt/mibs
mkdir ~/snmptt/conf.out
export MIBS=all
Here is small script that uses snmpttconvertmib to extract every trap out
of the MIB files and stores them in a snmptt-readable form.
#!/bin/sh
for mibfile in ‘ls ${HOME}/snmptt/mibs‘
do
rm $(HOME)/snmptt/conf.out/${mibfile}.CONF
snmpttconvertmib—in=${HOME}/snmptt/mibs/$mibfile—
out=${HOME}/snmptt/conf.out/${mibfile}.CONF
done
Script ConvertMIB.sh
The Script creates one conf-File per MIB File, just for the clarity,
instead of one conf file out of all MIBS. We need to add all the .conf
files to the snmptt.ini.
So best way is to copy the files in the conf.out dir to where ever you
want and add all the files to snmptt.ini (under TrapFiles) (/etc/snmp/conf
maybe a good idea)
hint: you get get a list easy by going to the.conf directory and typing:
find ‘pwd‘ -name \*
just copy and paste the list!
To have Nagios informed that a trap has arrived we need to create an
external Nagios command: The Format is
PROCESS_SERVICE_CHECK_RESULT [HOST] [SERVICE] [RETURNCODE] [OUTPUT]
where:
• [HOST] is the host_name in Nagios hosts.cfg
• [SERVICE] is the service_dexcription in the Nagios services.cfg (it must
be defined for the HOST)
• [RETURNCODE] is 0 – OK, or 1 – Warning, or 2 – Critical or -1 – Unknown
• [OUTPUT] some text that will be shown in Nagios
By adding a EXEC line in the snmptt-trap-config files we define a external
command to be executed, when this trap arrives. This external script
converts the Agent-Address to a Nagios host_name and passes the other
parameters to the submit_check_result which is included in the
Nagios-Package
A example config file looks like this:
#
MIB: CISCO-CONFIG-MAN-MIB (file:/root/snmptt/mibs/CISCO-CONFIG-MAN-MIB.my)
converted on Wed Oct 13 14:29:45 2004 using snmpttconvertmib v1.0
#
EVENT ciscoConfigManEvent .1.3.6.1.4.1.9.9.43.2.0.1 “Status Events” Normal
FORMAT Notification of a configuration management event as $*
EXEC /usr/bin/hostwrapper.sh $aA TRAP 1 “Device $aA has been configured”
SDESC
Notification of a configuration management event as
recorded in ccmHistoryEventTable.
Variables:
1: ccmHistoryEventCommandSource
2: ccmHistoryEventConfigSource
3: ccmHistoryEventConfigDestination
EDESC
The EXEC line was added $aA is a macro of snmptt and is replaced by the
Agent-Address (see snmptt doc for more info)
#!/bin/bash
myhostname=‘grep $1 /usr/local/nagios/etc/myhosts | awk ‘{print $2}’‘
#echo $myhostname
/usr/local/nagios/libexec/submit_check_result $myhostname $2 $3 “$4”
Script hostwrapper.sh
210.48.12.104 vincepix
192.168.100.164 testswitch
10.0.0.3 Switch3
file: myhosts
If a trap arrives, snmptrapd catches the trap, hands it to snmptt which
checks with it config files and when know executes the appropriate EXEC
command. The hostwrapper translates the Agent-Address and submits the data
to the submit_check_result script which writes to the Nagios external
command file.
As a result when a .1.3.6.1.4.1.9.9.43.2.0.1 appears a
[1096510790] EXTERNAL COMMAND:
PROCESS_SERVICE_CHECK_RESULT;testswitch;TRAP;1;Switch has been Configured
is sent to Nagios.
***********************************************
> Hi
>
> I have cisco catalyst switches in my company. Switches are configured to
> send snmp traps to Nagios host. I'm unable to translate those traps with
> Snmptt. Snmptt is configured to log traps into log file
> (/var/log/snmptt.log). Configuration files are:
>
> snmptrapd.conf:
> traphandle default /usr/sbin/snmptt
>
> I start snmptrapd with command:
> /usr/local/sbin/snmptrapd -On
>
> /etc/snmp/snmptt.conf:
>
> EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco coldStart trap" >>
> /var/log/snmptt.log
> SDESC
> A coldStart trap signifies that the sending
> protocol entity is reinitializing itself such
> that the agent's configuration or the protocol
> entity implementation may be altered.
> Variables:
> 1: sysUpTime
> 2: whyReload
> EDESC
> #
> #
> #
> EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco linkdown trap on interface $1" >>
> /var/log/snmptt.log
> SDESC
> A linkDown trap signifies that the sending
> protocol entity recognizes a failure in one of
> the communication links represented in the
> agent's configuration.
> Variables:
> 1: ifIndex
> 2: ifDescr
> 3: ifType
> 4: locIfReason
> EDESC
> #
> #
> #
> EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco linkup trap on interface $1" >>
> /var/log/snmptt.log
> SDESC
> A linkUp trap signifies that the sending
> protocol entity recognizes that one of the
> communication links represented in the agent's
> configuration has come up.
> Variables:
> 1: ifIndex
> 2: ifDescr
> 3: ifType
> 4: locIfReason
> EDESC
>
> I see only snmptrapd messages in my syslog. Nothing goes to snmptt.log
> file.
>
> Any help would be great
>
> Marek
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue. ::: Messages without supporting info will risk
> being sent to /dev/null
>
>
--
Jan Scholten
Research and Development Intern
Iconz.co.nz
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list