Trend Micro Officescan snmp-trap

Jim Avery jim at jimavery.me.uk
Wed Apr 6 10:25:40 CEST 2011

Previous message: Trend Micro Officescan snmp-trap
Next message: Correct syntax to check paging file usage on Windows 2008 R2 64-bit server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not sure the specifics of getting Trend to send traps (I simply
asked my Trend admin person to set it up!).  Trend should be able to
provide you with the relevant MIB file.

To configure Nagios to receive the traps, I recommend you use snmptt.
The specific instructions relating to Nagios are at:

http://www.snmptt.org/docs/snmptt.shtml#Nagios-Netsaint


You will need to use the snmpttconvertmib utility to convert Trend's
MIB file to a config for snmptt.  Note I found that the format of the
OID's for the traps generated from our Trend systems didn't always
match what was in the MIB, so I had to create some new config entries
for snmptt based on the ones translated using snmpttconvertmib, but
with the OIDs edited to match what we were receiving - for example:


# These traps are pretty much same as from trend.mib, but with .999.
instead of .141.
EVENT virusFound .1.3.6.1.4.1.6101.999.3.3 "Status Events" critical
FORMAT Virus Found Trap: $*
SDESC
 This event trap will be sent when a virus is found
Variables:
  1: tvcsEventTrapVar
PREEXEC /bin/echo $s | /bin/sed -e s/ok/0/ -e s/warning/1/ -e s/critical/2/
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $A
"SNMP-Trap-Trend" $p1 $N "$*"
EDESC
#
#
#


Note the PREEXEC and EXEC entries which are used to translate the
incoming trap in to a format which can be submitted as a passive check
to Nagios via Nagios' command interface.  You may need to edit the
EVENT line in each config entry to change the severity as appropriate
to "ok", "warning", or "critical" so it can be processed by the
PREEXEC line.


I hope that helps a little.

Cheers,

Jim

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Trend Micro Officescan snmp-trap
Next message: Correct syntax to check paging file usage on Windows 2008 R2 64-bit server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list