R: configure receiving snmp traps

Marco Borsani m.borsani at it.net
Tue Sep 11 17:01:18 CEST 2012 

Hi Mike

 

Actually , I have :

-           installed snmptt (in daemon mode)

-          Configured a generic passive service in nagios

-          Run a snmptrap command from a client to test the configuration

 

 

What’s happen ?

1)      The TRAP has be sent from the client (HOST B)

2)      The TRAP has be received from Nagios server (HOST A)

3)      Nothing arrived on Nagios 

 

When I run manually submit_trap command,  Nagios show me the message on the
web gui

 

I loose something between the TRAP received and Nagios service
.what could
be ?

 

Moreover in the syslog a read many and messages like:  snmptt-sys[501]:
Unable to delete trap file #snmptt-trap-1347373658632581 from spool dir

 

Regards

Marco

 

Da: Mike Lindsey [mailto:mike-nagios at 5dninja.net] 
Inviato: venerdì 7 settembre 2012 22:41
A: Nagios Users List
Oggetto: Re: [Nagios-users] configure receiving snmp traps

 


You'll need to ensure that snmptrapd is enabled on your Nagios poller, and
the typical route from there to get snmp traps submitted into Nagios is to
install SNMPTT.

 <http://snmptt.sourceforge.net/> http://snmptt.sourceforge.net/

I recommend reading the docs for these, but, a very basic snmptrapd.conf
would be:
###### snmptrapd.conf
snmpTrapdAddr  <udp:localhost,udp:YOUR_IP_HERE,tcp:YOUR_IP_HERE>
udp:localhost,udp:YOUR_IP_HERE,tcp:YOUR_IP_HERE

authCommunity log,execute public
logOption f/var/log/snmptrapd.log
traphandle default /usr/sbin/snmptt -i /usr/local/share/snmp/snmptt.ini
######

And then in the TrapFiles section of snmptt.ini you might have:
######
[TrapFiles]
snmptt_conf_files = <<END
/usr/local/share/snmp/snmptt/asyncos.conf
END
######

In the included config file you map trap oids to script executions, like so:
###### asyncos.conf
# snmptt.conf file for AsyncOS traps.
# 
# All of these are stateless so the handler script needs to set and clear
the service.
# The service entry must have 0 retries set and be volatile.
# 
# .1.3.6.1.4.1.15497
#

# powerSupplyStatusChange
# Status: .1.3.6.1.4.1.15497.1.1.1.8.1.2
EVENT powerSupplyStatusChange .1.3.6.1.4.1.15497.1.1.2.0.2 "asyncos"
Critical
FORMAT $N trap from $r
EXEC /usr/local/nagios/customplugins/submit_trap $r AsyncOS-Trap_Alert $s 0
"$N: $*"
#
#####

Your submit_trap script takes that, and hands it off to Nagios.  You can
submit through NSCA, or you can create a result file in the checkresult
directory, or you can submit through the external command pipe.

I do it through NSCA:
##### submit_trap
#!/usr/local/bin/bash

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/customplugins:/usr/local
/nagios/bin
CONFIG=/usr/local/nagios/etc/send_nsca.cfg
NSCA=`hostname`

HOST=$1
SERVICE=$2
STATUS=$3
STATEFUL=$4
MESSAGE=$5
case $STATUS in
"Critical")
    CODE=2
    ;;
"Warning")
    CODE=1
    ;;
"Normal")
    CODE=0
    ;;
*)
    CODE=3
    ;;
esac

printf "%s\t%s\t%s\t%s\n" "$HOST" "$SERVICE" $CODE "$MESSAGE" | send_nsca -H
$NSCA -c $CONFIG
if [[ "$STATEFUL" == "0" ]] && [[ "$STATUS" != "0" ]]
then
    # Clear Nagios via delayed at now that the volatile ticket's gone
through.
    echo "/usr/local/nagios/customplugins/clear.sh $HOST \"$SERVICE\"
\"$MESSAGE\"" | at now + 15 minutes

fi
#####

...  and clear.sh for clearing stateless alerts.

#####
#!/usr/local/bin/bash

PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/bin:/usr/local/ironport/
nagios/bin
HOST=$1
SVC=$2
OUT=$3

if [[ "$HOST" == "" ]] || [[ "$SVC" == "" ]]
then
    echo "Need host, service, optional message."
    exit 3
fi

# Clear it
printf "%b" "$HOST\t$SVC\t0\tWas:$OUT\n" | send_nsca -H `hostname` -c
/usr/local/nagios/etc/send_nsca.cfg

fi
#####

If you're using the auto-clear bits, your Nagios user will need to be able
to add items to the at queue, you'll need to look at your distribution's
documentation on how that's managed.  This is just one way of getting snmp
traps working.  Unfortunately none of them that I know of overly
straightforward.

Even if this doesn't work for you, it should give enough of an insight so
that you've got a better idea on what to google for.  Good luck.



-- 
Mike Lindsey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120911/0c18354e/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list