R: R: configure receiving snmp traps

Marco Borsani m.borsani at it.net
Wed Sep 12 11:20:21 CEST 2012
Previous message: R: configure receiving snmp traps
Next message: R: R: configure receiving snmp traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi

Yes, I supposed this could be the problem.

 

1)      I am sending trap from a client as:

snmptrap -v 1 -c public <Nagios_IP>  1.2.3.4 <Client hostname as it is
configured on Nagios> 3 0 ''

 

2)      Snmptrapd on Nagios receive the trap:

2012-09-12 11:08:23 <REAL CLIENT hostname fully qualified> [CLIENT IP] (via
UDP: [CLIENT IP]:52203->[NAGIOS IP]) TRAP, SNMP v1, community public
iso.2.3.4 Link Up Trap (0) Uptime: 36 days, 19:43:55.96

 

3)      A script like “submit_trap” pass it to Nagios

 

4)      Nagios log file:

[1347440926] Warning:  Passive check result was received for service
'TRAP_service' on host <REAL CLIENT HOSTNAME>, but the host could not be
found!

 

In my configuration is not a “simple” problem of uppercase/lowercase, but I
need to pass exactly the hostnames I need 
 Before sending the trap or
change them as soon as the trap arrived??

 

 

Any idea?

Marco

 

 

 

Da: Hölzel, Arnold [mailto:arnold.holzel at kpn.com] 
Inviato: martedì 11 settembre 2012 17:35
A: Nagios Users List
Oggetto: Re: [Nagios-users] R: configure receiving snmp traps

 

Hello Marco,

 

What is the case (uppercase or lowercase) of the system names in Nagios? I
had the same problem and that was caused by the fact that all our systems in
Nagios are in uppercase and snmptt sends them in lowercase to Nagios.
Because Nagios is case sensitive there is a mismatch and you will not see
anything in Nagios. I had to manually change something in the script to make
everything uppercase (I did not wanted to reconfigure every host in Nagios).


I am not able to look up and send the exact things I changed right now but
if needed I can look it up tomorrow.

 

Met vriendelijke groet/with kind regards, 

Arnold Hölzel

 

From: Marco Borsani [mailto:m.borsani at it.net] 
Sent: dinsdag 11 september 2012 17:01
To: 'Nagios Users List'
Subject: [Nagios-users] R: configure receiving snmp traps

 

Hi Mike

 

Actually , I have :

-           installed snmptt (in daemon mode)

-          Configured a generic passive service in nagios

-          Run a snmptrap command from a client to test the configuration

 

 

What’s happen ?

1)      The TRAP has be sent from the client (HOST B)

2)      The TRAP has be received from Nagios server (HOST A)

3)      Nothing arrived on Nagios 

 

When I run manually submit_trap command,  Nagios show me the message on the
web gui

 

I loose something between the TRAP received and Nagios service
.what could
be ?

 

Moreover in the syslog a read many and messages like:  snmptt-sys[501]:
Unable to delete trap file #snmptt-trap-1347373658632581 from spool dir

 

Regards

Marco

 

Da: Mike Lindsey [mailto:mike-nagios at 5dninja.net] 
Inviato: venerdì 7 settembre 2012 22:41
A: Nagios Users List
Oggetto: Re: [Nagios-users] configure receiving snmp traps

 


You'll need to ensure that snmptrapd is enabled on your Nagios poller, and
the typical route from there to get snmp traps submitted into Nagios is to
install SNMPTT.

 <http://snmptt.sourceforge.net/> http://snmptt.sourceforge.net/

I recommend reading the docs for these, but, a very basic snmptrapd.conf
would be:
###### snmptrapd.conf
snmpTrapdAddr  <udp:localhost,udp:YOUR_IP_HERE,tcp:YOUR_IP_HERE>
udp:localhost,udp:YOUR_IP_HERE,tcp:YOUR_IP_HERE

authCommunity log,execute public
logOption f/var/log/snmptrapd.log
traphandle default /usr/sbin/snmptt -i /usr/local/share/snmp/snmptt.ini
######

And then in the TrapFiles section of snmptt.ini you might have:
######
[TrapFiles]
snmptt_conf_files = <<END
/usr/local/share/snmp/snmptt/asyncos.conf
END
######

In the included config file you map trap oids to script executions, like so:
###### asyncos.conf
# snmptt.conf file for AsyncOS traps.
# 
# All of these are stateless so the handler script needs to set and clear
the service.
# The service entry must have 0 retries set and be volatile.
# 
# .1.3.6.1.4.1.15497
#

# powerSupplyStatusChange
# Status: .1.3.6.1.4.1.15497.1.1.1.8.1.2
EVENT powerSupplyStatusChange .1.3.6.1.4.1.15497.1.1.2.0.2 "asyncos"
Critical
FORMAT $N trap from $r
EXEC /usr/local/nagios/customplugins/submit_trap $r AsyncOS-Trap_Alert $s 0
"$N: $*"
#
#####

Your submit_trap script takes that, and hands it off to Nagios.  You can
submit through NSCA, or you can create a result file in the checkresult
directory, or you can submit through the external command pipe.

I do it through NSCA:
##### submit_trap
#!/usr/local/bin/bash

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/customplugins:/usr/local
/nagios/bin
CONFIG=/usr/local/nagios/etc/send_nsca.cfg
NSCA=`hostname`

HOST=$1
SERVICE=$2
STATUS=$3
STATEFUL=$4
MESSAGE=$5
case $STATUS in
"Critical")
    CODE=2
    ;;
"Warning")
    CODE=1
    ;;
"Normal")
    CODE=0
    ;;
*)
    CODE=3
    ;;
esac

printf "%s\t%s\t%s\t%s\n" "$HOST" "$SERVICE" $CODE "$MESSAGE" | send_nsca -H
$NSCA -c $CONFIG
if [[ "$STATEFUL" == "0" ]] && [[ "$STATUS" != "0" ]]
then
    # Clear Nagios via delayed at now that the volatile ticket's gone
through.
    echo "/usr/local/nagios/customplugins/clear.sh $HOST \"$SERVICE\"
\"$MESSAGE\"" | at now + 15 minutes

fi
#####

...  and clear.sh for clearing stateless alerts.

#####
#!/usr/local/bin/bash

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/bin:/usr/local/ironport/
nagios/bin
HOST=$1
SVC=$2
OUT=$3

if [[ "$HOST" == "" ]] || [[ "$SVC" == "" ]]
then
    echo "Need host, service, optional message."
    exit 3
fi

# Clear it
printf "%b" "$HOST\t$SVC\t0\tWas:$OUT\n" | send_nsca -H `hostname` -c
/usr/local/nagios/etc/send_nsca.cfg

fi
#####

If you're using the auto-clear bits, your Nagios user will need to be able
to add items to the at queue, you'll need to look at your distribution's
documentation on how that's managed.  This is just one way of getting snmp
traps working.  Unfortunately none of them that I know of overly
straightforward.

Even if this doesn't work for you, it should give enough of an insight so
that you've got a better idea on what to google for.  Good luck.

-- 
Mike Lindsey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120912/df3c6826/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: R: configure receiving snmp traps
Next message: R: R: configure receiving snmp traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list