snmp traps
Hannu Liljemark
hannu.liljemark at gstdomain.net
Sat Jun 3 13:37:59 CEST 2006
On Wed, May 31, 2006 at 12:39:47AM -0700, Vinod wrote:
> I tried to configure nagios to listen to snmp traps from a host.
> i have been referring to documents
> http://www.samag.com/documents/s=9559/sam0503g/
> http://www.snmptt.org/docs/snmptt.shtml#Integration-with-other-software
I've been using http://www.samag.com/documents/s=9559/sam0503g/ with
good success.
> Secondly
> http://www.samag.com/documents/s=9559/sam0503g/
> speicifes
> use passive-check-template
> but its not mentioned how to define the passive-check-template
You can define passive_check_missing in checkcommands.cfg,
although it wont be used in this case:
define command{
command_name passive_check_missing
command_line $USER1$/passive_check_missing.sh
}
Here's what passive_check_missing.sh looks like:
#!/bin/sh
/bin/echo "CRITICAL: Passive Service check is missing!"
exit 2
In services.cfg we define the template that will be used by the
snmp_trap_handling_* service checks:
define service{
register 0
name passive-check-template
use generic-service
check_freshness 1
check_period none
passive_checks_enabled 1
max_check_attempts 1
check_command passive_check_missing
freshness_threshold 600
}
I've been converting mibs with:
snmpttconvertmib --net_snmp_perl --format_desc=6 --in=FOO.mib \
--out=/etc/snmp/snmptt-FOO.conf
as that seems to produce EVENTs with descriptions making more
sense than the default convert shown in the article. You may want
to look though them anyway or replace 6 with smaller number.
Check 'snmpttconvermib --help' for more info.
I've also made a small change to the snmptraphandling.py. Trend
Micro's MIBs use the severity NORMAL when snmptraphandling.py
only matches Normal (case sensitive). So I've added a section
to also match NORMAL.
My sec.conf looks like:
type=Single
ptype=RegExp
pattern=(\w+\s+\d+\s\d+:\d+:\d+)\s[\w\.\-]+\ssnmptt\[\d+\]:\s\
([\d\.]*)\s(Normal|NORMAL|INFORMATIONAL|MINOR|WARNING|SEVERE|\
MAJOR|CRITICAL)\s\"Status Events\"\s([\w\.\-]*)\s\-\s(.*)
desc=snmptrap received from $3
action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py\
$4 $3 "$5"
When converting MIBs, you also may want to check them
through to see what kind of severities are defined for various traps.
So far there seems to a lot of Normal severity traps even for traps
that alert you about hardware failures etc. The article says "One
of the beauties of this solution is that we can use the event severity
set by the mib designer. Nagios will always report the event status
based on this information." and I think this is somewhat problematic
with a lot of MIBs. Many traps seem to define the severity somewhere
else.
Lets take examples from SUN-PLATFORM-MIB. Some Sun server might
send alarm traps and these have Normal severity so snmptt + sec + Nagios
would map them to OK. However they might be something worse: component
has blown up or system is reaching temperatures where metal starts
to melt... so I guess this setup has some drawbacks.
EVENT sunPlatEquipmentAlarm .1.3.6.1.4.1.42.2.70.101.2.0.5\
"Status Events" Normal
EVENT sunPlatEnvironmentalAlarm .1.3.6.1.4.1.42.2.70.101.2.0.4\
"Status Events" Normal
You get the severity as a variable:
7: sunPlatNotificationPerceivedSeverity
Syntax="INTEGER"
1: indeterminate
2: critical
3: major
4: minor
5: warning
6: cleared
Descr="The perceived severity of the alarm, as specified by
the agent that generated it in accordance with X.733,
sec. 8.1.2.3."
I'd be interesting in hearing from others if they've come up with
some solution to this, or if I've misunderstood something.
Regards,
--
Hannu Liljemark | Appelsiini Finland Oy | http://appelsiini.fi
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list