snmptt not working

Jan Scholten Jan.Scholten at iconz.net
Wed Nov 3 22:22:42 CET 2004
Previous message: snmptt not working
Next message: NT Mail Counter for the Queue/Spool Dir Filling up
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I wrote some documentation how i catched snmp traps and translate them  
with snmptt, i send you the text (long!) but hope it helps! If you have  
corrections (since its still a 0.1 documentation) just let me know!

Jan

******************************************
Catching SNMP Traps
Catching SNMP Traps is very useful in an environment of SNMP-Trap capable  
devices, like switches or routers. A switch can send a SNMP Trap to a  
specified SNMP-Server when a link goes down, a cold restart has happened  
or whether are fan failed or the system temperature is to high. It’s a  
very neat feature not to check whether a link is still established, but to  
have a message sent, when the link is going down!
I will mention the steps necessary to catch SNMP Traps as well as  
providing a sample configuration and useful scripts to handle and  
correctly assign the incoming traps to the right device in Nagios.
The traps will be catched by snmptrapd and translated by snmptt the “SNMP  
Trap Translator”, a perl script that has multiple formatting options for  
Traps. Snmptt will forward it’s output to a small script, that determines  
which switch was the trap sender and than calls a script, which writes to  
the external command file. Nagios will read and process this command.
We need a basic perl installation, the snmpd package (which includes  
snmptrapd) and some perl librarys libconfig-inifiles-perl and if you want  
to run snmptt as a daemon you need libtime-hires-perl.
As there is no snmptt Debian package we need to install it from the  
source, the documentation of snmptt is very good  
( http://www.snmptt.org/docs/snmptt.shtml#Installation-Unix ):
download snmptt
wget http://optusnet.dl.sourceforge.net/sourceforge/snmptt/snmptt_1.0.tgz
unpack:
tar xvfz snmptt_1.0.tgz
copy snmptt to /usr/sbin/ and ensure it is executable (chmod +x snmptt)
cp snmptt /usr/sbin/
chmod +x /usr/sbin/snmptt

copy snmptthandler to /usr/sbin/ and ensure it is executable (chmod +x  
snmptthandler)
cp snmptthandler /usr/sbin/
chmod + x /usr/sbin/snmptthandler

copy snmptt.ini to /etc/snmp/ or /etc/ and edit the options inside the  
file.
cp snmptt.ini /etc/snmp/


For standalone mode:
Modify the Net-SNMP snmptrapd.conf file by adding the following line:
vi /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptt

check that mode is standalone in /etc/snmp/snmptt.ini
For Daemon mode:
vi /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptthandler

check that mode is daemon in /etc/snmp/snmptt.ini
To secure snmptt:
add a user snmptt and set daemon_uid = snmptt in /etc/snmp/snmptt.ini
adduser snmptt
vi /etc/snmp/snmptt.ini
daemon_uid = snmptt

Make sure that the logfiles /var/log/snmptt* and the tmp files  
/var/spool/snmptt are accessible by  the user. I chown them to snmptt  
!ToDo! check whether dirs exists before startup
chown snmptt /var/log/snmptt*
chown snmptt /var/spool/snmptt



When in daemon mode start snmptt –daemon
snmptt—daemon
You may want to add a Startup Script in /etc/init.d and the appropriate  
/etc/rcX.d










Configuration for spamtrapd:
edit the snmpd startup-script, so that snmptrapd is started:
vi /etc/default/snmpd
# snmpd control (yes means start daemon).
SNMPDRUN=no
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -p /var/run/snmpd.pid’
# snmptrapd control (yes means start daemon).  As of net-snmp version #  
5.0, master agentx support must be enabled in snmpd before snmptrapd # can  
be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=yes
# snmptrapd options (use syslog).
TRAPDOPTS=’-Lsd -p /var/run/snmptrapd.pid -On’
! Important: start snmpdtrapd and add the –On option, to receive numeric  
OIDs. !
use snmpconf to create a basic configuration, important points are:
That you have following points in your  snmpd.conf:
trapsink  localhost
!ToDo!

snmptt needs .conf files to recognize traps. There are some MIB Files  
included the snmp package (/usr/share/snmp/mibs), which are a good start  
we convert them for snmptt, by using a short script, but before that copy  
the mibs to a working directory and create a output dir:
cp /usr/share/snmp/mibs ~/snmptt/mibs
mkdir ~/snmptt/conf.out
export MIBS=all

Here is small script that uses snmpttconvertmib to extract every trap out  
of the MIB files and stores them in a snmptt-readable form.
#!/bin/sh
for mibfile in ‘ls ${HOME}/snmptt/mibs‘
do
rm $(HOME)/snmptt/conf.out/${mibfile}.CONF
snmpttconvertmib—in=${HOME}/snmptt/mibs/$mibfile— 
out=${HOME}/snmptt/conf.out/${mibfile}.CONF
done
Script ConvertMIB.sh
The Script creates one conf-File per MIB File, just for the clarity,  
instead of one conf file out of all MIBS. We need to add all the .conf  
files to the snmptt.ini.
So best way is to  copy the files in the conf.out dir to  where ever you  
want and add all the files to snmptt.ini (under TrapFiles) (/etc/snmp/conf  
maybe a good idea)
hint: you get get a list easy by going to the.conf directory and typing:
find ‘pwd‘ -name \*
just copy and paste the list!

To have Nagios informed that a trap has arrived we need to create an  
external Nagios command: The Format is
PROCESS_SERVICE_CHECK_RESULT [HOST] [SERVICE] [RETURNCODE] [OUTPUT]
where:
•	[HOST] is the host_name in Nagios hosts.cfg
•	[SERVICE] is the service_dexcription in the Nagios services.cfg (it must  
be defined for the HOST)
•	[RETURNCODE] is 0 – OK, or 1 – Warning, or 2 – Critical or -1 – Unknown
•	[OUTPUT] some text that will be shown in Nagios

By adding a EXEC line in the snmptt-trap-config files we define a external  
command to be executed, when this trap arrives. This external script  
converts the Agent-Address to a Nagios host_name and passes the other  
parameters to the submit_check_result which is included in the  
Nagios-Package








A example config file looks like this:

#
MIB: CISCO-CONFIG-MAN-MIB (file:/root/snmptt/mibs/CISCO-CONFIG-MAN-MIB.my)  
converted on Wed Oct 13 14:29:45 2004 using snmpttconvertmib v1.0
#
EVENT ciscoConfigManEvent .1.3.6.1.4.1.9.9.43.2.0.1 “Status Events” Normal
FORMAT Notification of a configuration management event as $*
EXEC /usr/bin/hostwrapper.sh $aA TRAP 1 “Device $aA has been configured”
SDESC
Notification of a configuration management event as
recorded in ccmHistoryEventTable.
Variables:
1: ccmHistoryEventCommandSource
2: ccmHistoryEventConfigSource
3: ccmHistoryEventConfigDestination
EDESC
The EXEC line was added $aA is a macro of snmptt and is replaced by the  
Agent-Address (see snmptt doc for more info)
#!/bin/bash
myhostname=‘grep $1 /usr/local/nagios/etc/myhosts | awk ‘{print $2}’‘
#echo $myhostname
/usr/local/nagios/libexec/submit_check_result $myhostname $2 $3 “$4”
Script hostwrapper.sh
210.48.12.104 	vincepix
192.168.100.164	testswitch
10.0.0.3   		Switch3
file: myhosts
If a trap arrives, snmptrapd catches the trap, hands it to snmptt which  
checks with it config files and when know executes the appropriate EXEC  
command. The hostwrapper translates the Agent-Address and submits the data  
to the submit_check_result script which writes to the Nagios external  
command file.
As a result when a .1.3.6.1.4.1.9.9.43.2.0.1  appears a
[1096510790] EXTERNAL COMMAND:  
PROCESS_SERVICE_CHECK_RESULT;testswitch;TRAP;1;Switch has been Configured
is sent to Nagios.
***********************************************

> Hi
>
> I have cisco catalyst switches in my company. Switches are configured to  
> send snmp traps to Nagios host. I'm unable to translate those traps with  
> Snmptt. Snmptt is configured to log traps into log file  
> (/var/log/snmptt.log). Configuration files are:
>
> snmptrapd.conf:
> traphandle default /usr/sbin/snmptt
>
> I start snmptrapd with command:
> /usr/local/sbin/snmptrapd -On
>
> /etc/snmp/snmptt.conf:
>
> EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco coldStart trap" >>  
> /var/log/snmptt.log
> SDESC
> A coldStart trap signifies that the sending
> protocol entity is reinitializing itself such
> that the agent's configuration or the protocol
> entity implementation may be altered.
> Variables:
>   1: sysUpTime
>   2: whyReload
> EDESC
> #
> #
> #
> EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco linkdown trap on interface $1" >>  
> /var/log/snmptt.log
> SDESC
> A linkDown trap signifies that the sending
> protocol entity recognizes a failure in one of
> the communication links represented in the
> agent's configuration.
> Variables:
>   1: ifIndex
>   2: ifDescr
>   3: ifType
>   4: locIfReason
> EDESC
> #
> #
> #
> EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
> EXEC /bin/echo "node=$A msg_text=cisco linkup trap on interface $1" >>  
> /var/log/snmptt.log
> SDESC
> A linkUp trap signifies that the sending
> protocol entity recognizes that one of the
> communication links represented in the agent's
> configuration has come up.
> Variables:
>   1: ifIndex
>   2: ifDescr
>   3: ifType
>   4: locIfReason
> EDESC
>
> I see only snmptrapd messages in my syslog. Nothing goes to snmptt.log  
> file.
>
> Any help would be great
>
> Marek
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when  
> reporting any issue. ::: Messages without supporting info will risk  
> being sent to /dev/null
>
>



-- 
Jan Scholten
Research and Development Intern
Iconz.co.nz


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: snmptt not working
Next message: NT Mail Counter for the Queue/Spool Dir Filling up
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list