SNMP-TRAP from Cisco Routers

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Thu May 1 04:50:43 CEST 2003
Previous message: send_nsca and nagios passive service problems
Next message: NagMIN Update Information - Releases - Beta - French
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Gentlemen,

I am writing to thank you for your letter and say,

On Wed, Apr 30, 2003 at 05:27:37PM +0530, Atul Shrivastava wrote:
> Thanks for this info.
> 
> But I am really confused how to get the SNMP Traps processed when the
> snmptrapd receives the traps and writes it in some file. I have visited
> the net-snmp site but can't get any useful info from that. Same is the
> condition from the Nagios site.

This is the docco that was useful to me.

1. http://nagios.sourceforge.net/docs/1_0/int-snmptrap.html

This is a comprehensive fully worked example of the two points (passive 
service checks and trap handler). The example, of a traphandler on 
another host and a central or distributed Nagios monitor, uses 
'send_ncsa' to send the passive check result from the machine ruuning 
snmptrapd to the Nag monitor.

If snmptrapd is running on the same box as Nag, use 'echo >> 
<Nag_command_queue>' as shown in the example in my last letter.

Please note that _you_ have to write the trap handler script using the 
example given. If you cannot or do not code, you are in trouble, because 
this code needs to be tailored to meet your requirements.

The problems with this approach is precisely that __you__ must get a 
traphandler to handle your traps (for each trap you add); there is no 
Nag trap infrastructure to simplify this.

(Another approach that may be a lot lot easier is 
Alex Burger's snmptt product on SourceForge)

2. http://www.net-snmp.org/tutorial/commands/snmptrap.html


> 
> What is required is that where i should make the shell script to get
> executed as you have given as example and in nagios configs where I define
> to take the inputs from where. I am really confused about that. Pls help
> me in getting out of that loop.

In a nutshell,

3.1 snmptrapd is sent traps by your Compaq servers or Cisco products. It 
logs the trap and calls the shell script defined in snmptrapd.conf to 
handle that trap

3.2 The shell script (trap handler) must decode the trap. It does this
by being called with the trap number and reading stdin to get the host
(the server sending the trap), the host ip, and name value pairs 
decribing the trap.

Here's part of my input handling, all from the docco.

# Arguments:
#  $1 = trap type

# First line passed from snmptrapd is FQDN of host that sent the trap

read host

# Second line passed from snmptrapd is ip address of host that sent the 
trap

read ip

# Subsequent lines passed from snmptrapd contain the varbinds, one pair 
of OIDs and values per line
# 
# 
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitIfIndex.15.21  
15
# 
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitDlci.15.21  
21
# 
transmission.frame-relay.frCircuitTable.frCircuitEntry.frCircuitState.15.21  
inactive(3)

Dlci=9999
CircuitState='unknown'

while read oid val
do
         if [ `expr "$oid" : '.*Dlci'` -gt 0 ]
         then
           Dlci=$val
         elif [ `expr "$oid" : '.*CircuitState'` -gt 0 ]
         then
           CircuitState=$val
         fi
done


A trap handler will have code like

case "$1" in

        # failed to format tape - critical
        11)
            output="Critical: Failed to format tape"
            state=2
            ;;

        # failed to read tape header - critical
        10)
            output="Critical: Failed to read tape header"
            state=2
            ;;

        # failed to position tape - critical
        11)
            output="Critical: Failed to position tape"
            state=2
            ;;

to work out what the trap is and to generate the 'fault decription 
($output)' that goes in the passive service check result.


FWIW, the shell is a very bad way of doing this unless you are 
good coder. I suggest Perl or something with compile time checks 
for mortals (and it works faster).

> Can you tell me a procedure for the same.
>
 
Nagios is giving you a subset of what Tivoli, Uni-Centre etc provide
you, at an infinitisimal fraction of the cost.

The products share this however: you must spend some effort setting them 
up or pay someone to do so.

 
> Regards,
> 
> Atul Shrivastava
> 
> 
>

Yours sincerely.

-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: send_nsca and nagios passive service problems
Next message: NagMIN Update Information - Releases - Beta - French
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list