Handle unknown host in PROCESS_SERVICE_CHECK_RESULT

[Jim Avery]

On 14/08/07, Paul Dugas <paul at dugas.cc> wrote:
> Per an earlier suggestion from the mailing-list (thanks!), I have a
> default SNMP trap handler setup to send a PROCESS_SERVICE_CHECK_RESULT
> command for the "TRAP" service for the IP of the device that sent the
> trap.  In some cases, the "TRAP" service doesn't exist for the host or
> the host doesn't exist in my configs yet.  I'd like to know if there is
> a way to determine this ahead of time and instead update a
> TRAP-FROM-UNKNOWN-HOST or NO-TRAP-SERVICE-FOR-HOST service that I keep
> on my Nagios host.  The idea is to kick me, the admin, when I start
> getting traps from new devices or those I've not yet fully configured.
>
> Alternatively, is there a way to have Nagios fire off another plugin
> when an attempt is made to update an invalid host or service?

I followed the examples in Wolfgang Barth's book (page 262), and have
a case statement in the event handler script.  Expanding a little on
what Barth suggests, I set up the "* )" case so that traps for any
host name for which there is no specific case get submitted as if for
localhost.

for example

case $hostnamefromtrap in
server001 | 10.10.0.1 )
  hostnameinnagios="server1"
  ;;
server002 | 10.10.0.2 )
  hostnameinnagios="server2"
  ;;
* )
  hostnameinnagios="localhost"
  ;;
esac

Without the case statement, you have to make sure that all your hosts
defined in Nagios have names precisely matching the ones found in the
traps.  I find that in practice, the trap information will sometimes
contain just the hostname, sometimes the fully-qualified domain name,
and sometimes the IP address depending on what part of the boot
process the host has completed at the time.  The case statement is,
IMO, essential to getting this working reliably although it would be a
bit of a pain to maintain it for hundreds of hosts I admit.

I believe there is a trap handling system available which stores the
trap information in a MySQL database and has a web front-end for
examining them - this might be the way to go if your requirements are
much more complicated than mine.  Forgive me, but I can't recall the
name of the project.

hth,

Jim

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null