<br><font size=2 face="sans-serif">Hi there,</font>
<br>
<br><font size=2 face="sans-serif">Do you have a Nagios Host configured
named by "unknown"?</font>
<br>
<br><font size=2 face="sans-serif">When I am right your handle-cisco-traps
script will determine what kind of trap was received by trapd an then decides
which Nagios state and which output your submit check result will send
to the nagios process but your $hostname is a kind of static, isn't it?</font>
<br>
<br><font size=2 face="sans-serif">###</font>
<br><font size=2 face="sans-serif">read host</font>
<br><font size=2 face="sans-serif">hostname="unknown"</font>
<br><font size=2 face="sans-serif">....</font>
<br><font size=2 face="sans-serif">....</font>
<br><font size=2 face="sans-serif">./submit_check_result $hostname ...
will ever be submit_check_result unknown "SNMP Trap" $state $output</font>
<br><font size=2 face="sans-serif">####</font>
<br>
<br><font size=2 face="sans-serif">Did you try to execute the script manually?
Like:</font>
<br>
<br><font size=2 face="sans-serif">./handle-cisco-traps 5 or later</font>
<br><font size=2 face="sans-serif">./submit_check_results unknown "SNMP
Trap" 1 "All is good" ?</font>
<br>
<br><font size=2 face="sans-serif">But it is a good idea! Do you know if
it is possible to determine the IP Adress of the trap sending host and
take this info through the scripts?</font>
<br>
<br><font size=2 face="sans-serif">We have got 500 Cisco Routers and the
idea with passive Trap Checks is just very good! </font>
<br>
<br><font size=2 face="sans-serif">Thanks for the nice idea</font>
<br>
<br><font size=2 face="sans-serif">Greeting</font>
<br><font size=2 face="sans-serif">Hendrik<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Platt, Nicholas"
<Nick.Platt@myflorida.com></b> </font>
<br><font size=1 face="sans-serif">Gesendet von: nagios-users-admin@lists.sourceforge.net</font>
<p><font size=1 face="sans-serif">10.05.2004 14:07</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">An</font></div>
<td valign=top><font size=1 face="sans-serif">"'nagios-users@lists.sourceforge.net'"
<nagios-users@lists.sourceforge.net></font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Kopie</font></div>
<td valign=top><font size=1 face="sans-serif">"Radcliffe, David"
<david.radcliffe@myflorida.com></font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Thema</font></div>
<td valign=top><font size=1 face="sans-serif">RE: [Nagios-users] Cisco
router SNMP TRAPs - snmptrapd script ver ification</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2 color=#000080 face="Arial">Hello again:</font>
<br><font size=2 color=#000080 face="Arial"> </font>
<br><font size=2 color=#000080 face="Arial">I was advised to not post things
in proprietary format which make sense. The original message
is below. If anyone can help me, it would greatly appreciated.</font>
<br><font size=2 color=#000080 face="Arial"> </font>
<br><font size=2 face="Tahoma">-----Original Message-----<b><br>
From:</b> Platt, Nicholas [mailto:Nick.Platt@myflorida.com] <b><br>
Sent:</b> Friday, May 07, 2004 7:23 PM<b><br>
To:</b> 'nagios-users@lists.sourceforge.net'<b><br>
Cc:</b> Radcliffe, David<b><br>
Subject:</b> [Nagios-users] Cisco router SNMP TRAPs - snmptrapd script
verification</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 face="Arial">Hello:</font>
<br><font size=2 face="Arial"> </font>
<br><font size=2 face="Arial"> </font>
<br><font size=2 face="Arial">Can anyone look over my scripts in the word
attachment and tell why the "submit_check_result" script is not
passing the information to Nagios. It could be because "handle-cisco-traps"
script is not passing the trap information to "submit_check_result"
script. I see the traps showing up on the iptables firewall as allowed
and the sniffer verifies it as well. I've gone to the extent to documenting
all scripts involved in this process and I was wondering if anyone
can help me that has more experience with snmptrapd. I'm fairly
new at this. I want to be able receive traps from our core
and cpe routers so it can set off alarms for various types of traps.
Maybe you can point to more documentation.</font>
<br><font size=2 face="Arial"> </font>
<br><font size=2 face="Arial">Anything in red is what changes I made and
on the submit_check_results, I placed a statement to output the trap information
to a log file just for a test. The log file never gets created because
I fee that the script "submit_check_result" never gets executed.
Included in the attachment is also the sniffer capture. Any
help will greatly be appreciated. Thanks you.</font>
<br><font size=2 color=#000080 face="Arial"> </font>
<div align=center>
<br><font size=6 face="Times New Roman"><b><u>snmptrad</u></b></font></div>
<br><font size=4 face="Times New Roman"><b> </b></font>
<br><font size=4 face="Times New Roman"><b><u>snmptrapd script</u></b></font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman">#!/bin/bash</font>
<br><font size=3 color=blue face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman"># ucd-snmp init file
for snmptrapd</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># chkconfig: - 50 50</font>
<br><font size=3 color=blue face="Times New Roman"># description: Simple
Network Management Protocol (SNMP) Trap Daemon</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># processname: /usr/sbin/snmptrapd</font>
<br><font size=3 color=blue face="Times New Roman"># config: /etc/snmp/snmptrapd.conf</font>
<br><font size=3 color=blue face="Times New Roman"># config: /usr/share/snmp/snmptrapd.conf</font>
<br><font size=3 color=blue face="Times New Roman"># pidfile: /var/run/snmptrapd.pid</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># source function library</font>
<br><font size=3 face="Times New Roman">. /etc/init.d/functions</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">OPTIONS="-s </font><font size=3 color=red face="Times New Roman">-c
/etc/snmp/snmptrapd.conf -C</font><font size=3 face="Times New Roman">
-u /var/run/snmptrapd.pid"</font>
<br><font size=3 face="Times New Roman">RETVAL=0</font>
<br><font size=3 face="Times New Roman">prog="snmptrapd"</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">start() {</font>
<br><font size=3 face="Times New Roman"> echo
-n $"Starting $prog: "</font>
<br><font size=3 face="Times New Roman"> daemon
/usr/sbin/snmptrapd $OPTIONS</font>
<br><font size=3 face="Times New Roman"> RETVAL=$?</font>
<br><font size=3 face="Times New Roman"> echo</font>
<br><font size=3 face="Times New Roman"> touch
/var/lock/subsys/snmptrapd</font>
<br><font size=3 face="Times New Roman"> return
$RETVAL</font>
<br><font size=3 face="Times New Roman">}</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">stop() {</font>
<br><font size=3 face="Times New Roman"> echo
-n $"Stopping $prog: "</font>
<br><font size=3 face="Times New Roman"> killproc
/usr/sbin/snmptrapd</font>
<br><font size=3 face="Times New Roman"> RETVAL=$?</font>
<br><font size=3 face="Times New Roman"> echo</font>
<br><font size=3 face="Times New Roman"> rm
-f /var/lock/subsys/snmptrapd</font>
<br><font size=3 face="Times New Roman"> return
$RETVAL</font>
<br><font size=3 face="Times New Roman">}</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">reload(){</font>
<br><font size=3 face="Times New Roman"> stop</font>
<br><font size=3 face="Times New Roman"> start</font>
<br><font size=3 face="Times New Roman">}</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">restart(){</font>
<br><font size=3 face="Times New Roman"> stop</font>
<br><font size=3 face="Times New Roman"> start</font>
<br><font size=3 face="Times New Roman">}</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">condrestart(){</font>
<br><font size=3 face="Times New Roman"> [ -e /var/lock/subsys/snmptrapd
] && restart</font>
<br><font size=3 face="Times New Roman"> return 0</font>
<br><font size=3 face="Times New Roman">}</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">case "$1" in</font>
<br><font size=3 face="Times New Roman"> start)</font>
<br><font size=3 face="Times New Roman"> start</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> stop)</font>
<br><font size=3 face="Times New Roman"> stop</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> restart)</font>
<br><font size=3 face="Times New Roman"> restart</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> reload)</font>
<br><font size=3 face="Times New Roman"> reload</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> condrestart)</font>
<br><font size=3 face="Times New Roman"> condrestart</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> status)</font>
<br><font size=3 face="Times New Roman"> status
snmptrapd</font>
<br><font size=3 face="Times New Roman"> RETVAL=$?</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> *)</font>
<br><font size=3 face="Times New Roman"> echo
$"Usage: $0 {start|stop|status|restart|condrestart|reload}"</font>
<br><font size=3 face="Times New Roman"> RETVAL=1</font>
<br><font size=3 face="Times New Roman">esac</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">exit $RETVAL</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=4 face="Times New Roman"><b><u>snmptrapd.conf</u></b></font>
<br><font size=3 color=blue face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman"># /etc/snmp/snmptrapd.conf</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">traphandle SNMPv2-MIB::coldStart
/usr/local/nagios/libexec/eventhandlers/handle-cisco-traps 1</font>
<br><font size=3 face="Times New Roman">traphandle SNMPv2-MIB::warmStart
/usr/local/nagios/libexec/eventhandlers/handle-cisco-traps 2</font>
<br><font size=3 face="Times New Roman">traphandle IF-MIB::linkDown /usr/local/nagios/libexec/eventhandlers/handle-cisco-traps
3</font>
<br><font size=3 face="Times New Roman">traphandle IF-MIB::linkUp /usr/local/nagios/libexec/eventhandlers/handle-cisco-traps
4</font>
<br><font size=3 face="Times New Roman">traphandle default /usr/local/nagios/libexec/eventhandlers/handle-cisco-traps
5</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">/usr/local/nagios/libexec/eventhandlers/handle-cisco-traps</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=4 face="Times New Roman"><b><u>handle-cisco-traps</u></b></font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman">#!/bin/sh</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># This script should
handle the traps it will receive</font>
<br><font size=3 color=blue face="Times New Roman"># from the snmptrapd
and defined in the snmptrapd.conf</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">read host</font>
<br><font size=3 face="Times New Roman">hostname="unkown"</font>
<br><font size=3 face="Times New Roman">ip=`host $host | awk -F" "
'{print $3}'</font>
<br><font size=3 face="Times New Roman">esac</font>
<br><font size=3 face="Times New Roman">state=-1</font>
<br><font size=3 face="Times New Roman">output="No Output"</font>
<br><font size=3 face="Times New Roman">case $1 in</font>
<br><font size=3 face="Times New Roman"> 1)
output="Critical: Coldstart"</font>
<br><font size=3 face="Times New Roman"> state=2</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> 2)
output="Warning: Warmstart"</font>
<br><font size=3 face="Times New Roman"> state=1</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> 3)
output="Critical: Link down"</font>
<br><font size=3 face="Times New Roman"> state=2</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> 4)
output="Warning: Link up"</font>
<br><font size=3 face="Times New Roman"> state=2</font>
<br><font size=3 face="Times New Roman"> ;;</font>
<br><font size=3 face="Times New Roman"> 5)
output="Warning: Unknown trap"</font>
<br><font size=3 face="Times New Roman"> state=1</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman"># SNMP Trap is the name of the
service</font>
<br><font size=3 face="Times New Roman">/usr/lib/nagios/plugins/eventhandlers/submit_check_result
$hostname "SNMP Trap" $state "$output"</font>
<p>
<br><font size=4 face="Times New Roman"><b><u>submit_check_result (Nagios)</u></b></font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman">#!/bin/sh</font>
<br><font size=3 color=blue face="Times New Roman"> </font>
<br><font size=3 color=blue face="Times New Roman"># SUBMIT_CHECK_RESULT</font>
<br><font size=3 color=blue face="Times New Roman"># Written by Ethan Galstad
(nagios@nagios.org)</font>
<br><font size=3 color=blue face="Times New Roman"># Last Modified: 02-18-2002</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># This script will write
a command to the Nagios command</font>
<br><font size=3 color=blue face="Times New Roman"># file to cause Nagios
to process a passive service check</font>
<br><font size=3 color=blue face="Times New Roman"># result. Note:
This script is intended to be run on the</font>
<br><font size=3 color=blue face="Times New Roman"># same host that is
running Nagios. If you want to</font>
<br><font size=3 color=blue face="Times New Roman"># submit passive check
results from a remote machine, look</font>
<br><font size=3 color=blue face="Times New Roman"># at using the nsca
addon.</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 color=blue face="Times New Roman"># Arguments:</font>
<br><font size=3 color=blue face="Times New Roman"># $1 = host_name
(Short name of host that the service is</font>
<br><font size=3 color=blue face="Times New Roman">#
associated with)</font>
<br><font size=3 color=blue face="Times New Roman"># $2 = svc_description
(Description of the service)</font>
<br><font size=3 color=blue face="Times New Roman"># $3 = return_code
(An integer that determines the state</font>
<br><font size=3 color=blue face="Times New Roman">#
of the service check, 0=OK, 1=WARNING, 2=CRITICAL,</font>
<br><font size=3 color=blue face="Times New Roman">#
3=UNKNOWN).</font>
<br><font size=3 color=blue face="Times New Roman"># $4 = plugin_output
(A text string that should be used</font>
<br><font size=3 color=blue face="Times New Roman">#
as the plugin output for the service check)</font>
<br><font size=3 color=blue face="Times New Roman">#</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">echocmd="/bin/echo"</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman">CommandFile="/usr/local/nagios/var/rw/nagios.cmd"</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman"># get the current date/time in
seconds since UNIX epoch</font>
<br><font size=3 face="Times New Roman">datetime=`date +%s`</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman"># create the command line to add
to the command file</font>
<br><font size=3 face="Times New Roman">cmdline="[$datetime] PROCESS_SERVICE_CHECK_RESULT;$1;$2;$3;$4"</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=3 face="Times New Roman"># append the command to the end
of the command file</font>
<br><font size=3 face="Times New Roman">`$echocmd $cmdline >> $CommandFile`</font>
<br><font size=3 color=red face="Times New Roman">#`$echocmd $cmdline >>
/backup/snmp-trap-test.log`</font>
<p>
<br><font size=4 face="Times New Roman"><b><u>Sniffer Capture Packet</u></b></font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 face="Courier New">Frame 1 (211 bytes on wire, 211 bytes
captured)</font>
<br><font size=2 face="Courier New">Ethernet II, Src: 00:0e:d7:74:cc:d1,
Dst: 00:b0:d0:32:7a:7c</font>
<br><font size=2 face="Courier New">Internet Protocol, Src Addr: 192.168.24.60
(192.168.24.60), Dst Addr: 192.168.24.58 (192.168.24.58)</font>
<br><font size=2 face="Courier New">User Datagram Protocol, </font><font size=3 face="Courier New">Src
Port: 53914 (53914), Dst Port: snmptrap (162)</font>
<br><font size=2 face="Courier New">Simple Network Management Protocol</font>
<br><font size=2 face="Courier New"> Version: 2C (1)</font>
<br><font size=2 face="Courier New"> Community: test</font>
<br><font size=2 face="Courier New"> PDU type: TRAP-V2 (7)</font>
<br><font size=2 face="Courier New"> Request Id: 0x00000002</font>
<br><font size=2 face="Courier New"> Error Status: NO ERROR
(0)</font>
<br><font size=2 face="Courier New"> Error Index: 0</font>
<br><font size=2 face="Courier New"> Object identifier 1:
1.3.6.1.2.1.1.3.0 (iso.3.6.1.2.1.1.3.0)</font>
<br><font size=2 face="Courier New"> Value: Timeticks: (212951)
0:35:29.51</font>
<br><font size=2 face="Courier New"> Object identifier 2:
1.3.6.1.6.3.1.1.4.1.0 (iso.3.6.1.6.3.1.1.4.1.0)</font>
<br><font size=2 face="Courier New"> Value: OID: iso.3.6.1.6.3.1.1.5.3</font>
<br><font size=2 face="Courier New"> Object identifier 3:
1.3.6.1.2.1.2.2.1.1.1 (iso.3.6.1.2.1.2.2.1.1.1)</font>
<br><font size=2 face="Courier New"> Value: INTEGER: 1</font>
<br><font size=2 face="Courier New"> Object identifier 4:
1.3.6.1.2.1.2.2.1.2.1 (iso.3.6.1.2.1.2.2.1.2.1)</font>
<br><font size=2 face="Courier New"> Value: STRING: "Ethernet0"</font>
<br><font size=2 face="Courier New"> Object identifier 5:
1.3.6.1.2.1.2.2.1.3.1 (iso.3.6.1.2.1.2.2.1.3.1)</font>
<br><font size=2 face="Courier New"> Value: INTEGER: 6</font>
<br><font size=2 face="Courier New"> Object identifier 6:
1.3.6.1.4.1.9.2.2.1.1.20.1 (iso.3.6.1.4.1.9.2.2.1.1.20.1)</font>
<br><font size=2 face="Courier New"> Value: STRING: "administratively
down"</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 color=#000080 face="Arial"> </font>
<br>