SNMP Traps
fmml at cedval.org
fmml at cedval.org
Mon Sep 20 15:51:35 CEST 2004
Just found a little typo, in sec.conf, you might want to change:
pattern=nagios snmptt.*(INFORMATIONAL|WARNING|SEVERE) \"Status Events\"
(\w+) \- (.*)
to:
pattern=snmptt.*(INFORMATIONAL|WARNING|SEVERE) \"Status Events\" (\w+) \-
(.*)
Regards,
Francois Meehan
Cedval info
www.cedval.org
Notre-Dame Ile Perrot, Quebec, Canada
> Hi all,
>
> Excuse me for the delay, you will find below my "recipe". I am sure there
> could be many variations, if you find a way to improve it let me know.
>
> I have done first tests last Friday, converted mibs from APC (ups), pull
> the plug on the unit, traps came immediatly in Nagios with proper extended
> text in Nagios's information field. Good. But for the APC mib creator,
> going on battery is just a warning, personnaly I differ opinion, just to
> say that you might not want to blindly "believe" the mib definition, at
> least for the severity field.
>
> Also, when we restored power, probably a glitch from the UPS software, we
> were bombarded by battery conditions messages, but the good news is that
> by using SEC, we can "tame" that behavior.
>
> One thing for sure, I am looking at Nagios in very different way now.
>
> Enough said, here the recipe, let me know how it can be improved...
>
> Enhanced SNMP trap support for Nagios
>
> To achieve complete snmp trap handing in Nagios, various software we had
> to be configured to work together. Our solution requires:
>
> 1. Net-snmp with snmptrapd configured
> 2. Net-snmp perl module
> 3. SNMPTT, snmp trap translator
> 4. Sec, simple event correlator
> 5. A small python script
> 6. Nagios
>
>
> Net-snmp
>
> Version installed: net-snmp-5.0.9-2.30E.3
>
> Net-snmp comes installed by default with the various flavor of Redhat. In
> our case, we are interested with the snmp trap modules.
>
> The trap module is a daemon that receives it startup configuration in
> /etc/init.d/snamptrapd.conf.
>
> We had to modify one line in “/etc/init.d/snamptrapd.conf
>
> From: OPTIONS="-s -u /var/run/snmptrapd.pid"
> To: OPTIONS="-On -u /var/run/snmptrapd.pid"
>
> Then modified the file /usr/share/snmp/snmptrapd.conf by adding the
> following line:
>
> traphandle default /usr/sbin/snmptt
>
> Restart the daemon to make the changes in effect.
>
> Net-snmp perl module
>
> Installed version: net-snmp-perl-5.0.9-2.30E.3.sh4.rpm
>
> This is not the Net::SNMP standard modules, it comes with Redhat but not
> installed by default.
>
> To install just transfer the rpm format and run “rpm –Ivh
> net-snmp-perl-xx.rpm”
>
> SNMPTT (SNMP trap translator)
>
> Installed version: v1.0
>
> Did install by following supplied instruction and then configured the file
> /etc/snmp/snmptt.ini by altering the some of the parameters as follow:
>
> mode = standalone
> dns_enable = 1
> net_snmp_perl_enable = 1
> translate_value_oids = 1
> translate_enterprise_oid_format = 1
> translate_trap_oid_format = 1
> translate_varname_oid_format = 1
> log_enable = 1
> syslog_enable = 1
> syslog_level = info
>
> Translating mibs:
>
> This is the procedure to have mibs convert in snmptt format:
>
> Let’s say you have a mib files that has powernet361.mib for name:
>
> ./snmpttconvertmib --in=/usr/share/snmp/mibs/powernet361.mib
> --out=/etc/snmp/snmptt.conf
>
>
> SEC (Simple event correlator)
>
> Sec was already installed on our server, can't live without SEC :-)
>
> Sec will parse the trap message and isolate the severity and hosts an
> event descriptions.
>
> Here is the event line that we configured in /opt/sec/sec.conf:
>
> # Snmptrap event translated by snmptraptt
> type=Single
> ptype=RegExp
> pattern=nagios snmptt.*(INFORMATIONAL|WARNING|SEVERE) \"Status Events\"
> (\w+) \- (.*)
> desc=snmptrap received from $2
> action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py $2
> $1 "$3"
>
> snmptraphandling.py
>
> Could have been perl, bash, it just that I really like python (I am not a
> programmer).
>
> I am sure that seasonned programmer will shake their heads seeing that
> code, but it works...
>
> This is the python script that handle output of sec, extract and format
> the information and then transfer to Nagios:
>
> #!/usr/bin/python -u
> """
> Written by Francois Meehan (Cedval Info)
> First release 2004/09/15
>
> This script receives input from sec.pl concerning translated snmptraps
>
>
> Ex: ./services.py $1 $2 $3
> """
> import commands, string, os, sys, time
> global return_code
>
> def check_arg():
>
> try:
> host = sys.argv[1]
> except:
> print "usage: services.py <HOST> <SEVERITY> <DATA>"
> sys.exit()
> try:
> severity = sys.argv[2]
> except:
> print "usage: services.py <HOST> <SEVERITY> <DATA>"
> sys.exit()
> try:
> mondata_res = sys.argv[3]
> except:
> print "usage: services.py <HOST> <SEVERITY> <DATA>"
> sys.exit()
>
> return (host, severity, mondata_res)
>
> def post_results(host, mondata_res, return_code):
> mytime = time.time()
> mytime = str(mytime)
> mytime = mytime[:-3]
> output = open('/var/nagios/rw/nagios.cmd', 'w')
> results = "[" + mytime + "] " + "PROCESS_SERVICE_CHECK_RESULT;" +
> host + ";" + "snmp_trap_handling" + ";" \
> + return_code + ";" + mondata_res + "\n"
> output.write(results)
>
> def get_return_code():
> if severity == "INFORMATIONAL":
> return_code = "0"
> elif severity == "SEVERE":
> return_code = "2"
> elif severity == "WARNING":
> return_code = "1"
> return return_code
>
>
> # Main routine...
> if __name__ == '__main__':
> (host, severity, mondata_res) = check_arg()
> # validating parameters
> return_code = get_return_code()
> post_results(host, mondata_res, return_code)
>
>
> Nagios service configuration.
>
> The beauty of this, now matter how many traps you are converting, you just
> need one of that service by hosts.
>
> Example of service definitions for a trap:
>
> define service {
> use passive-check-template
> host_name apc_srv1
> service_description snmp_trap_handling
> is_volatile 1
> contact_groups prodadmins
> check_period none
> notification_interval 120
> notification_options w,u,c,r
> notification_period 24x7
> check_command passive_check_missing
> max_check_attempts 1
> check_freshness 0
> }
>
>
> Please feel free to give your comments/improvements.
>
>
> Regards,
>
>
> Francois Meehan
> Cedval info
>
>
>
>
>
>> Francois,
>>
>> Your extension to the snmp traps is just what I'm looking for.
>> However, reading through your post it seems just a little confusing.
>> I wanted see if I have the process in understood correctly.
>>
>> 1. NetSNMP is setup and receiving traps from a source
>> 2. Configure NetSNMP to send received traps to SNMPTT for
>> processing
>> and placement in syslog
>> 3. SEC is scanning the syslog. When it finds SNMPTT processed traps
>> it calls your python script
>> 4. Python script (source?) does the magic of extracting the traps
>> from syslog and translating it into something Nagios understands.
>>
>> Sample nagios configuration the trap service?
>>
>> Thank you,
>>
>> Bill
>>
>> --
>> ______________________________________________
>> Check out the latest SMS services @ http://www.linuxmail.org
>> This allows you to send and receive SMS through your mailbox.
>>
>>
>> Powered by Outblaze
>>
>>
>>
>
>
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list