Regarding SNMP Trap

[Robert Hajime Lanning]

I had performance issues having Nagios process every trap.
We have a fairly large SNMP utilization over here.  Our Netscreen
firewalls send quite a few traps sometimes.  On order of 10/s or
more during "attacks" (usually virus outbreaks).  Wasn't very
happy with my monitoring server keel over during an event.

So, here is what I have done:
1) snmptrapd does run snmptthandler, but I ported snmptthandler
   to C.  http://lanning.cc/nagios/snmptthandler.c

2) snmptt is run in daemon mode with the modification at the end
   of this message.

3) Nagios runs this service check for every host
   http://lanning.cc/nagios/check_snmp_trap

4) The extra service notes URL points to this CGI scipt:
   http://lanning.cc/nagios/showsnmptraps.txt
   (in the near future, I am going to put in a way to look at
   traps other than today)

5) snmptt seems to have a memory leak. (based on amount of traps
   processed)  So, I have a cron job restarting it every 6 hours.

6) snmptrapd seems to also have a memory leak, though smaller
   than snmptt.  So, I have it restarted once a day.

7) snmptt.conf contains:  for each configured trap (including a
   catchall ".1.*")
   EXEC log_snmptrap "$@" "$A" 2 "...message..."

---------------------------------------
$ diff snmptt snmptt.orig
58,78d57
< sub nagiostraplog
< {
<    my $LOGBASE="/usr/local/nagios/var/snmptraps";
<
<    my $timestamp = shift;
<    my $host = shift;
<
<    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
gmtime($timestamp);
<    $year += 1900;
<    $mon++;
<    my $LOGDir = "$LOGBASE/$host/$year/$mon";
<
<    if ( ! -d $LOGDir ) {
<      system("umask 022;mkdir -p $LOGDir");
<    };
<
<    open (NAGLOG,">>$LOGDir/${mday}.log");
<    print NAGLOG "[$timestamp] " . join(";", at _) . "\n";
<    close (NAGLOG);
< }
<
1539,1556c1518
<                                 if ($command =~ /log_snmptrap/)
<                                 {
<                                   $command =~ s/^.*log_snmptrap\s*//;
<                                   my @args = split(/\s+/,$command);
<                                   my $timestamp = shift(@args);
<                                   my $ip = shift(@args);
<                                   my $severity = shift(@args);
<                                   my $message = join(" ", at args);
<                                   $timestamp =~ s/[^0-9]+//g;
<                                   $ip =~ s/[^0-9.]+//g;
<                                   $severity =~ s/[^0-9]+//g;
<                                   $message =~ s/"//g;
<                                  
&nagiostraplog($timestamp,$ip,$severity,$message);
<                                 }
<                                 else
<                                 {
<                                    system $command;
<                                 }
---
>                                 system $command;
----------------------------------------------------

-- 
And, did Galoka think the Ulus were too ugly to save?
                                         -Centauri


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null