snmp traps

Hannu Liljemark hannu.liljemark at gstdomain.net
Sat Jun 3 13:37:59 CEST 2006


On Wed, May 31, 2006 at 12:39:47AM -0700, Vinod wrote:

> I tried to configure nagios to listen to snmp traps from a host.
> i have been referring to  documents
> http://www.samag.com/documents/s=9559/sam0503g/
> http://www.snmptt.org/docs/snmptt.shtml#Integration-with-other-software

I've been using http://www.samag.com/documents/s=9559/sam0503g/ with
good success.

> Secondly
> http://www.samag.com/documents/s=9559/sam0503g/
> speicifes 
> use    passive-check-template
> but its not mentioned how to define the passive-check-template

You can define passive_check_missing in checkcommands.cfg,
although it wont be used in this case:

define command{
        command_name    passive_check_missing
        command_line    $USER1$/passive_check_missing.sh
        }


Here's what passive_check_missing.sh looks like:

#!/bin/sh

/bin/echo "CRITICAL: Passive Service check is missing!"

exit 2


In services.cfg we define the template that will be used by the
snmp_trap_handling_* service checks:

define service{
        register                        0
        name                            passive-check-template
        use                             generic-service
        check_freshness                 1
        check_period                    none
        passive_checks_enabled          1
        max_check_attempts              1
        check_command                   passive_check_missing
        freshness_threshold             600
}


I've been converting mibs with:

snmpttconvertmib --net_snmp_perl --format_desc=6 --in=FOO.mib \
--out=/etc/snmp/snmptt-FOO.conf

as that seems to produce EVENTs with descriptions making more
sense than the default convert shown in the article. You may want
to look though them anyway or replace 6 with smaller number.
Check 'snmpttconvermib --help' for more info.

I've also made a small change to the snmptraphandling.py. Trend
Micro's MIBs use the severity NORMAL when snmptraphandling.py
only matches Normal (case sensitive). So I've added a section
to also match NORMAL.

My sec.conf looks like:

type=Single
ptype=RegExp
pattern=(\w+\s+\d+\s\d+:\d+:\d+)\s[\w\.\-]+\ssnmptt\[\d+\]:\s\
([\d\.]*)\s(Normal|NORMAL|INFORMATIONAL|MINOR|WARNING|SEVERE|\
MAJOR|CRITICAL)\s\"Status Events\"\s([\w\.\-]*)\s\-\s(.*)
desc=snmptrap received from $3
action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py\
 $4 $3 "$5"

When converting MIBs, you also may want to check them
through to see what kind of severities are defined for various traps.
So far there seems to a lot of Normal severity traps even for traps
that alert you about hardware failures etc. The article says "One
of the beauties of this solution is that we can use the event severity
set by the mib designer. Nagios will always report the event status
based on this information." and I think this is somewhat problematic
with a lot of MIBs. Many traps seem to define the severity somewhere
else.

Lets take examples from SUN-PLATFORM-MIB. Some Sun server might
send alarm traps and these have Normal severity so snmptt + sec + Nagios
would map them to OK. However they might be something worse: component
has blown up or system is reaching temperatures where metal starts
to melt... so I guess this setup has some drawbacks.

EVENT sunPlatEquipmentAlarm .1.3.6.1.4.1.42.2.70.101.2.0.5\
 "Status Events" Normal
EVENT sunPlatEnvironmentalAlarm .1.3.6.1.4.1.42.2.70.101.2.0.4\
 "Status Events" Normal

You get the severity as a variable:

  7: sunPlatNotificationPerceivedSeverity
     Syntax="INTEGER"
       1: indeterminate
       2: critical
       3: major
       4: minor
       5: warning
       6: cleared
     Descr="The perceived severity of the alarm, as specified by
         the agent that generated it in accordance with X.733,
         sec. 8.1.2.3."

I'd be interesting in hearing from others if they've come up with
some solution to this, or if I've misunderstood something.

Regards,

-- 
Hannu Liljemark  |  Appelsiini Finland Oy  |  http://appelsiini.fi


_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list