SNMP Traps

fmml at cedval.org fmml at cedval.org
Mon Sep 20 04:32:58 CEST 2004
Previous message: SNMP Traps
Next message: SNMP Traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,

Excuse me for the delay, you will find below my "recipe". I am sure there
could be many variations, if you find a way to improve it let me know.

I have done first tests last Friday, converted mibs from APC (ups), pull
the plug on the unit, traps came immediatly in Nagios with proper extended
 text in Nagios's information field. Good. But for the APC mib creator,
going on battery is just a warning, personnaly I differ opinion, just to
say that you might not want to blindly "believe" the mib definition, at
least for the severity field.

Also, when we restored power, probably a glitch from the UPS software, we
were bombarded by battery conditions messages, but the good news is that
by using SEC, we can "tame" that behavior.

One thing for sure, I am looking at Nagios in very different way now.

Enough said, here the recipe, let me know how it can be improved...

Enhanced SNMP trap support for Nagios

To achieve complete snmp trap handing in Nagios, various software we had
to be configured to work together. Our solution requires:

1.	Net-snmp with snmptrapd configured
2.	Net-snmp perl module
3.	SNMPTT, snmp trap translator
4.	Sec, simple event correlator
5.	A small python script
6.	Nagios


Net-snmp

Version installed: net-snmp-5.0.9-2.30E.3

Net-snmp comes installed by default with the various flavor of Redhat.  In
our case, we are interested with the snmp trap modules.

The trap module is a daemon that receives it startup configuration in
/etc/init.d/snamptrapd.conf.

We had to modify one line in “/etc/init.d/snamptrapd.conf

From:  OPTIONS="-s -u /var/run/snmptrapd.pid"
To:  OPTIONS="-On -u /var/run/snmptrapd.pid"

Then modified the file /usr/share/snmp/snmptrapd.conf by adding the
following line:

traphandle default /usr/sbin/snmptt

Restart the daemon to make the changes in effect.

Net-snmp perl module

Installed version: net-snmp-perl-5.0.9-2.30E.3.sh4.rpm

This is not the Net::SNMP standard modules, it comes with Redhat but not
installed by default.

To install just transfer the rpm format and run “rpm –Ivh 
net-snmp-perl-xx.rpm”

SNMPTT (SNMP trap translator)

Installed version: v1.0

Did install by following supplied instruction and then configured the file
/etc/snmp/snmptt.ini by altering the some of the parameters as follow:

mode = standalone
dns_enable = 1
net_snmp_perl_enable = 1
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
log_enable = 1
syslog_enable = 1
syslog_level = info

Translating mibs:

This is the procedure to have mibs convert in snmptt format:

Let’s say you have a mib files that has powernet361.mib for name:

./snmpttconvertmib --in=/usr/share/snmp/mibs/powernet361.mib
--out=/etc/snmp/snmptt.conf


SEC (Simple event correlator)

Sec was already installed on our server, can't live without SEC :-)

Sec will parse the trap message and isolate the severity and hosts an
event descriptions.

Here is the event line that we configured in /opt/sec/sec.conf:

# Snmptrap event translated by snmptraptt
type=Single
ptype=RegExp
pattern=nagios snmptt.*(INFORMATIONAL|WARNING|SEVERE) \"Status Events\"
(\w+) \- (.*)
desc=snmptrap received from $2
action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py $2
$1 "$3"

snmptraphandling.py

Could have been perl, bash, it just that I really like python (I am not a
programmer).

I am sure that seasonned programmer will shake their heads seeing that
code, but it works...

This is the python script that handle output of sec, extract and format
the information and then transfer to Nagios:

#!/usr/bin/python -u
"""
Written by Francois Meehan (Cedval Info)
First release 2004/09/15

This script receives input from sec.pl concerning translated snmptraps


Ex: ./services.py $1 $2 $3
"""
import commands, string, os, sys, time
global return_code

def check_arg():

        try:
                host = sys.argv[1]
        except:
                print  "usage: services.py <HOST> <SEVERITY> <DATA>"
                sys.exit()
        try:
                severity = sys.argv[2]
        except:
                print  "usage: services.py <HOST> <SEVERITY> <DATA>"
                sys.exit()
        try:
                mondata_res = sys.argv[3]
        except:
                print  "usage: services.py <HOST> <SEVERITY> <DATA>"
                sys.exit()

        return (host, severity, mondata_res)

def post_results(host, mondata_res, return_code):
        mytime = time.time()
        mytime = str(mytime)
        mytime = mytime[:-3]
        output = open('/var/nagios/rw/nagios.cmd', 'w')
        results = "[" + mytime + "] " + "PROCESS_SERVICE_CHECK_RESULT;" +
host + ";" + "snmp_trap_handling" + ";" \
        + return_code + ";" + mondata_res + "\n"
        output.write(results)

def get_return_code():
        if severity == "INFORMATIONAL":
                return_code = "0"
        elif severity == "SEVERE":
                return_code = "2"
        elif severity == "WARNING":
                return_code = "1"
        return return_code


# Main routine...
if __name__ == '__main__':
        (host, severity, mondata_res) = check_arg()
# validating parameters
        return_code = get_return_code()
        post_results(host, mondata_res, return_code)


Nagios service configuration.

The beauty of this, now matter how many traps you are converting, you just
need one of that service by hosts.

Example of service definitions for a trap:

define service {
    use    passive-check-template
    host_name    apc_srv1
    service_description    snmp_trap_handling
    is_volatile 1
    contact_groups    prodadmins
    check_period    none
    notification_interval    120
    notification_options    w,u,c,r
    notification_period    24x7
    check_command    passive_check_missing
    max_check_attempts    1
    check_freshness    0
}


Please feel free to give your comments/improvements.


Regards,


Francois Meehan
Cedval info





> Francois,
>
>      Your extension to the snmp traps is just what I'm looking for.
> However, reading through your post it seems just a little confusing.
> I wanted see if I have the process in understood correctly.
>
>      1. NetSNMP is setup and receiving traps from a source
>      2. Configure NetSNMP to send received traps to SNMPTT for processing
> and placement in syslog
>      3. SEC is scanning the syslog. When it finds SNMPTT processed traps
> it calls your python script
>      4. Python script (source?) does the magic of extracting the traps
> from syslog and translating it into something Nagios understands.
>
>      Sample nagios configuration the trap service?
>
> Thank you,
>
>      Bill
>
> --
> ______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
>
> Powered by Outblaze
>
>
>



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: SNMP Traps
Next message: SNMP Traps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list