SNMP Traps
fmml at cedval.org
fmml at cedval.org
Mon Sep 20 04:32:58 CEST 2004
Hi all,
Excuse me for the delay, you will find below my "recipe". I am sure there
could be many variations, if you find a way to improve it let me know.
I have done first tests last Friday, converted mibs from APC (ups), pull
the plug on the unit, traps came immediatly in Nagios with proper extended
text in Nagios's information field. Good. But for the APC mib creator,
going on battery is just a warning, personnaly I differ opinion, just to
say that you might not want to blindly "believe" the mib definition, at
least for the severity field.
Also, when we restored power, probably a glitch from the UPS software, we
were bombarded by battery conditions messages, but the good news is that
by using SEC, we can "tame" that behavior.
One thing for sure, I am looking at Nagios in very different way now.
Enough said, here the recipe, let me know how it can be improved...
Enhanced SNMP trap support for Nagios
To achieve complete snmp trap handing in Nagios, various software we had
to be configured to work together. Our solution requires:
1. Net-snmp with snmptrapd configured
2. Net-snmp perl module
3. SNMPTT, snmp trap translator
4. Sec, simple event correlator
5. A small python script
6. Nagios
Net-snmp
Version installed: net-snmp-5.0.9-2.30E.3
Net-snmp comes installed by default with the various flavor of Redhat. In
our case, we are interested with the snmp trap modules.
The trap module is a daemon that receives it startup configuration in
/etc/init.d/snamptrapd.conf.
We had to modify one line in /etc/init.d/snamptrapd.conf
From: OPTIONS="-s -u /var/run/snmptrapd.pid"
To: OPTIONS="-On -u /var/run/snmptrapd.pid"
Then modified the file /usr/share/snmp/snmptrapd.conf by adding the
following line:
traphandle default /usr/sbin/snmptt
Restart the daemon to make the changes in effect.
Net-snmp perl module
Installed version: net-snmp-perl-5.0.9-2.30E.3.sh4.rpm
This is not the Net::SNMP standard modules, it comes with Redhat but not
installed by default.
To install just transfer the rpm format and run rpm Ivh
net-snmp-perl-xx.rpm
SNMPTT (SNMP trap translator)
Installed version: v1.0
Did install by following supplied instruction and then configured the file
/etc/snmp/snmptt.ini by altering the some of the parameters as follow:
mode = standalone
dns_enable = 1
net_snmp_perl_enable = 1
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
log_enable = 1
syslog_enable = 1
syslog_level = info
Translating mibs:
This is the procedure to have mibs convert in snmptt format:
Lets say you have a mib files that has powernet361.mib for name:
./snmpttconvertmib --in=/usr/share/snmp/mibs/powernet361.mib
--out=/etc/snmp/snmptt.conf
SEC (Simple event correlator)
Sec was already installed on our server, can't live without SEC :-)
Sec will parse the trap message and isolate the severity and hosts an
event descriptions.
Here is the event line that we configured in /opt/sec/sec.conf:
# Snmptrap event translated by snmptraptt
type=Single
ptype=RegExp
pattern=nagios snmptt.*(INFORMATIONAL|WARNING|SEVERE) \"Status Events\"
(\w+) \- (.*)
desc=snmptrap received from $2
action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py $2
$1 "$3"
snmptraphandling.py
Could have been perl, bash, it just that I really like python (I am not a
programmer).
I am sure that seasonned programmer will shake their heads seeing that
code, but it works...
This is the python script that handle output of sec, extract and format
the information and then transfer to Nagios:
#!/usr/bin/python -u
"""
Written by Francois Meehan (Cedval Info)
First release 2004/09/15
This script receives input from sec.pl concerning translated snmptraps
Ex: ./services.py $1 $2 $3
"""
import commands, string, os, sys, time
global return_code
def check_arg():
try:
host = sys.argv[1]
except:
print "usage: services.py <HOST> <SEVERITY> <DATA>"
sys.exit()
try:
severity = sys.argv[2]
except:
print "usage: services.py <HOST> <SEVERITY> <DATA>"
sys.exit()
try:
mondata_res = sys.argv[3]
except:
print "usage: services.py <HOST> <SEVERITY> <DATA>"
sys.exit()
return (host, severity, mondata_res)
def post_results(host, mondata_res, return_code):
mytime = time.time()
mytime = str(mytime)
mytime = mytime[:-3]
output = open('/var/nagios/rw/nagios.cmd', 'w')
results = "[" + mytime + "] " + "PROCESS_SERVICE_CHECK_RESULT;" +
host + ";" + "snmp_trap_handling" + ";" \
+ return_code + ";" + mondata_res + "\n"
output.write(results)
def get_return_code():
if severity == "INFORMATIONAL":
return_code = "0"
elif severity == "SEVERE":
return_code = "2"
elif severity == "WARNING":
return_code = "1"
return return_code
# Main routine...
if __name__ == '__main__':
(host, severity, mondata_res) = check_arg()
# validating parameters
return_code = get_return_code()
post_results(host, mondata_res, return_code)
Nagios service configuration.
The beauty of this, now matter how many traps you are converting, you just
need one of that service by hosts.
Example of service definitions for a trap:
define service {
use passive-check-template
host_name apc_srv1
service_description snmp_trap_handling
is_volatile 1
contact_groups prodadmins
check_period none
notification_interval 120
notification_options w,u,c,r
notification_period 24x7
check_command passive_check_missing
max_check_attempts 1
check_freshness 0
}
Please feel free to give your comments/improvements.
Regards,
Francois Meehan
Cedval info
> Francois,
>
> Your extension to the snmp traps is just what I'm looking for.
> However, reading through your post it seems just a little confusing.
> I wanted see if I have the process in understood correctly.
>
> 1. NetSNMP is setup and receiving traps from a source
> 2. Configure NetSNMP to send received traps to SNMPTT for processing
> and placement in syslog
> 3. SEC is scanning the syslog. When it finds SNMPTT processed traps
> it calls your python script
> 4. Python script (source?) does the magic of extracting the traps
> from syslog and translating it into something Nagios understands.
>
> Sample nagios configuration the trap service?
>
> Thank you,
>
> Bill
>
> --
> ______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
>
> Powered by Outblaze
>
>
>
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list