R: R: R: configure receiving snmp traps

Giorgio Zarrelli zarrelli at linux.it
Wed Sep 12 15:06:02 CEST 2012


Use The "hosts" file for static name - ip mappings

Ciao,

Giorgio

Il giorno 12/set/2012, alle ore 14:34, "Marco Borsani" <m.borsani at it.net> ha scritto:

> Hello
>  
> I have already change “dns_enable” (is set to 0) and “strip_domain” (I test all the possibilities).
>  
> The problem is that in nagios, all the hosts are known as : <IP_address at something_to_identified_the_host_site>
> We use this annotation since 2004 !
>  
> Any idea usefull to solve the problem?
> Perhaps any OPTION in the snmptrap command (from client) ?
>  
> Marco
>  
> Da: Hölzel, Arnold [mailto:arnold.holzel at kpn.com] 
> Inviato: mercoledì 12 settembre 2012 11:47
> A: Nagios Users List
> Oggetto: Re: [Nagios-users] R: R: configure receiving snmp traps
>  
> Hello Marco,
>  
> You can check your snmptt.ini file (/etc/snmp/snmptt.ini) there you can configure SNMPTT to strip the domain names. See the “dns_enable”, “strip_domain” and the “stip_domain_list” options, maybe that is the problem?
>  
> -          Our systems send their SNMP messages to our monitoring server
> -          the monitoring server does a DNS lookup, strips the domain name and sends the data to a “submit_trap” script
> -          the “submit_trap” script converts the hostname to uppercase and send the data to Nagios.
>  
> Hope it helps
>  
> Met vriendelijke groet/with kind regards,
> Arnold Hölzel
>  
> From: Marco Borsani [mailto:m.borsani at it.net] 
> Sent: woensdag 12 september 2012 11:20
> To: 'Nagios Users List'
> Subject: [Nagios-users] R: R: configure receiving snmp traps
>  
> Hi
> Yes, I supposed this could be the problem.
>  
> 1)      I am sending trap from a client as:
> snmptrap -v 1 -c public <Nagios_IP>  1.2.3.4 <Client hostname as it is configured on Nagios> 3 0 ''
>  
> 2)      Snmptrapd on Nagios receive the trap:
> 2012-09-12 11:08:23 <REAL CLIENT hostname fully qualified> [CLIENT IP] (via UDP: [CLIENT IP]:52203->[NAGIOS IP]) TRAP, SNMP v1, community public  iso.2.3.4 Link Up Trap (0) Uptime: 36 days, 19:43:55.96
>  
> 3)      A script like “submit_trap” pass it to Nagios
>  
> 4)      Nagios log file:
> [1347440926] Warning:  Passive check result was received for service 'TRAP_service' on host <REAL CLIENT HOSTNAME>, but the host could not be found!
>  
> In my configuration is not a “simple” problem of uppercase/lowercase, but I need to pass exactly the hostnames I need … Before sending the trap or change them as soon as the trap arrived??
>  
>  
> Any idea?
> Marco
>  
>  
>  
> Da: Hölzel, Arnold [mailto:arnold.holzel at kpn.com] 
> Inviato: martedì 11 settembre 2012 17:35
> A: Nagios Users List
> Oggetto: Re: [Nagios-users] R: configure receiving snmp traps
>  
> Hello Marco,
>  
> What is the case (uppercase or lowercase) of the system names in Nagios? I had the same problem and that was caused by the fact that all our systems in Nagios are in uppercase and snmptt sends them in lowercase to Nagios. Because Nagios is case sensitive there is a mismatch and you will not see anything in Nagios. I had to manually change something in the script to make everything uppercase (I did not wanted to reconfigure every host in Nagios).
> I am not able to look up and send the exact things I changed right now but if needed I can look it up tomorrow.
>  
> Met vriendelijke groet/with kind regards,
> Arnold Hölzel
>  
> From: Marco Borsani [mailto:m.borsani at it.net] 
> Sent: dinsdag 11 september 2012 17:01
> To: 'Nagios Users List'
> Subject: [Nagios-users] R: configure receiving snmp traps
>  
> Hi Mike
>  
> Actually , I have :
> -           installed snmptt (in daemon mode)
> -          Configured a generic passive service in nagios
> -          Run a snmptrap command from a client to test the configuration
>  
>  
> What’s happen ?
> 1)      The TRAP has be sent from the client (HOST B)
> 2)      The TRAP has be received from Nagios server (HOST A)
> 3)      Nothing arrived on Nagios
>  
> When I run manually submit_trap command,  Nagios show me the message on the web gui
>  
> I loose something between the TRAP received and Nagios service….what could be ?
>  
> Moreover in the syslog a read many and messages like:  snmptt-sys[501]: Unable to delete trap file #snmptt-trap-1347373658632581 from spool dir
>  
> Regards
> Marco
>  
> Da: Mike Lindsey [mailto:mike-nagios at 5dninja.net] 
> Inviato: venerdì 7 settembre 2012 22:41
> A: Nagios Users List
> Oggetto: Re: [Nagios-users] configure receiving snmp traps
>  
> 
> You'll need to ensure that snmptrapd is enabled on your Nagios poller, and the typical route from there to get snmp traps submitted into Nagios is to install SNMPTT.
> 
> http://snmptt.sourceforge.net/
> 
> I recommend reading the docs for these, but, a very basic snmptrapd.conf would be:
> ###### snmptrapd.conf
> snmpTrapdAddr udp:localhost,udp:YOUR_IP_HERE,tcp:YOUR_IP_HERE
> 
> authCommunity log,execute public
> logOption f/var/log/snmptrapd.log
> traphandle default /usr/sbin/snmptt -i /usr/local/share/snmp/snmptt.ini
> ######
> 
> And then in the TrapFiles section of snmptt.ini you might have:
> ######
> [TrapFiles]
> snmptt_conf_files = <<END
> /usr/local/share/snmp/snmptt/asyncos.conf
> END
> ######
> 
> In the included config file you map trap oids to script executions, like so:
> ###### asyncos.conf
> # snmptt.conf file for AsyncOS traps.
> # 
> # All of these are stateless so the handler script needs to set and clear the service.
> # The service entry must have 0 retries set and be volatile.
> # 
> # .1.3.6.1.4.1.15497
> #
> 
> # powerSupplyStatusChange
> # Status: .1.3.6.1.4.1.15497.1.1.1.8.1.2
> EVENT powerSupplyStatusChange .1.3.6.1.4.1.15497.1.1.2.0.2 "asyncos" Critical
> FORMAT $N trap from $r
> EXEC /usr/local/nagios/customplugins/submit_trap $r AsyncOS-Trap_Alert $s 0 "$N: $*"
> #
> #####
> 
> Your submit_trap script takes that, and hands it off to Nagios.  You can submit through NSCA, or you can create a result file in the checkresult directory, or you can submit through the external command pipe.
> 
> I do it through NSCA:
> ##### submit_trap
> #!/usr/local/bin/bash
> 
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/customplugins:/usr/local/nagios/bin
> CONFIG=/usr/local/nagios/etc/send_nsca.cfg
> NSCA=`hostname`
> 
> HOST=$1
> SERVICE=$2
> STATUS=$3
> STATEFUL=$4
> MESSAGE=$5
> case $STATUS in
> "Critical")
>     CODE=2
>     ;;
> "Warning")
>     CODE=1
>     ;;
> "Normal")
>     CODE=0
>     ;;
> *)
>     CODE=3
>     ;;
> esac
> 
> printf "%s\t%s\t%s\t%s\n" "$HOST" "$SERVICE" $CODE "$MESSAGE" | send_nsca -H $NSCA -c $CONFIG
> if [[ "$STATEFUL" == "0" ]] && [[ "$STATUS" != "0" ]]
> then
>     # Clear Nagios via delayed at now that the volatile ticket's gone through.
>     echo "/usr/local/nagios/customplugins/clear.sh $HOST \"$SERVICE\" \"$MESSAGE\"" | at now + 15 minutes
> 
> fi
> #####
> 
> ...  and clear.sh for clearing stateless alerts.
> 
> #####
> #!/usr/local/bin/bash
> 
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/nagios/bin:/usr/local/ironport/nagios/bin
> HOST=$1
> SVC=$2
> OUT=$3
> 
> if [[ "$HOST" == "" ]] || [[ "$SVC" == "" ]]
> then
>     echo "Need host, service, optional message."
>     exit 3
> fi
> 
> # Clear it
> printf "%b" "$HOST\t$SVC\t0\tWas:$OUT\n" | send_nsca -H `hostname` -c /usr/local/nagios/etc/send_nsca.cfg
> 
> fi
> #####
> 
> If you're using the auto-clear bits, your Nagios user will need to be able to add items to the at queue, you'll need to look at your distribution's documentation on how that's managed.  This is just one way of getting snmp traps working.  Unfortunately none of them that I know of overly straightforward.
> 
> Even if this doesn't work for you, it should give enough of an insight so that you've got a better idea on what to google for.  Good luck.
> 
> -- 
> Mike Lindsey
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120912/74bb7939/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list