Problems with NSCA

Hello

I’m working with Nagios 2.0b4 and I have a problem with
the NSCA addon.
I have the nsca daemon running OK in my Nagios machine and
I have the send_nsca running in another host called
SNMP Management Host, also on that machine I have the
snmptrapd daemon receiving traps from an Enterasys Switch.

I’ve added a new service in the services.cfg file to
receive the traps, following all the steps that you show
in the manual’s example of the ArcServe Backup.

I’ve also created an event-handler to send the SNMP traps
to the Nagios machine and configured OK the snmptrapd.conf
file.

There’s a point when the send_nsca program sends data
(1 data packet sent to host successfully) and in my Nagios
machine I don’t see any alert or message telling me that
I have received a SNMP trap. The alerts section doesn’t
show me anything and I don’t find any log file to view if
I have received the trap.

How can I see if my nsca daemon receives the packets?

Hope you can help me.

Thanks in advance.

You could change your /usr/local/nagios/etc/nsca.cfg file and turn on debug or you could tail -f nagios.cmd and looks at the contents being passed to the nagios.cmd file. The syntax of the commands being sent to nagios to the nagios.cmd file are most likely not the correct syntax.

We could assume that since you get “1 data packet sent to host successfully” That your remote host and the nscad are communicating correctly.

Hello, It

i’m not sure if this will help your situation, but when debug=1 in nsca.cfg, check out /var/log/messages and there is additional info put there from nsca. it helped me realize nsca was having trouble reading the cfg file. otherwise i would have never known.

also, i test send_nsca directly by:

echo -e “host,hostservice,2,pluginoutputmessage\n” | send_nsca -H -d , -c <send.nsca.cfg>

-d is option of course

if you are having a mismatch between the message u send and the info in the services on nagios machine, you will see a warning in the nagios.log:

Jan 16 06:24:42 localhost nagios: Warning: Message queue contained results for service ‘badservicename’ on host ‘hostname’. The service could not be found!

so you’d know if there was a mismatch. and if your alert goes through correctly you’ll see:

1137421556] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;host;service;2;msg

followed by a:

[1137421557] SERVICE ALERT: host;service;CRITICAL;HARD;1;msg

finally got mine working jakkedup. :slight_smile:

mdroz, you mean your other thread that I’ve been working in, is not a problem anymore? It would have been nice if you explained in that thread just what the heck was wrong, so others and I could have gotten a little knowledge out of it. After all, I worked hard on that thread and NEVER have seen it get fixed yet. So please, do a follow up.

i’ve been planning on writing up exactly what went wrong, but i’m stilll not even 100% sure. i think it had to do with permission issues and misconfig issues, but i’m not certain. i reinstalled nagios and set it up from scratch and got it to work, so as you can see it might not be that easy to pin down. i’m still working on it, and although the messages ARE getting back to NSCA on nagios server, i’m not exaclty finished with this project yet. i will provide a detailed update when i get a chance.

i do appreicate your help.

Hello again, thanks for help me, I hope you understand this message.

In my network I have a host Windows XP (winxp_1) and an Enterays Switch (MatrixE7_1) , I have created an snmptrapd.conf in base of the snmptrapd logs; I mean, I copy-paste the MIB info that appeared in the log file, which is the following:

2006-01-14 00:00:41 NET-SNMP version 5.1.3.1 Started.
2006-01-14 00:06:54 148.204.218.236(via 148.204.218.236) TRAP, SNMP v1,
community public
SNMPv2-SMI::enterprises.311.1.1.3.1.1 Link Up Trap (0) Uptime:
3:00:24.21
IF-MIB::ifIndex.4 = INTEGER: 4

2006-01-14 00:12:22 148.204.218.100(via 148.204.218.100) TRAP, SNMP v1,
community public
SNMPv2-SMI::enterprises.52 Enterprise Specific Trap (419) Uptime:
1:28:26.06
SNMPv2-SMI::enterprises.52.4.3.3.2.1.1.1.14 = INTEGER: 14
SNMPv2-SMI::enterprises.52.4.3.3.3.1.1.1.14.1 = INTEGER: 1

In this point is where I think I have an error, since my trap_handler script never is called by the snmptrapd.conf file, which is the following:

############################
#Matrix E7 SNMP Traps
############################
#Enterprise Specific Trap (2)
traphandle SNMPv2-SMI::mib-2.17 /usr/local/nagios/libexec/eventhandlers/trap_handler 1
#Enterprise Specific Trap (419)
traphandle SNMPv2-SMI::enterprises.52 /usr/local/nagios/libexec/eventhandlers/ trap_handler 2
#Enterprise Specific Trap (419)
traphandle SNMPv2-SMI::enterprises.52.4.3.3.2.1.1.1.12 /usr/local/nagios/libexec/eventhandlers/ trap_handler 3

############################
#Itzanami
############################
#Link Up Trap (0)
traphandle SNMPv2-SMI::enterprises.311.1.1.3.1.1 /usr/local/nagios/libexec/eventhandlers/ trap_handler 4

############################
#Management Traps Win
############################
#Cold Start Trap (0)
traphandle SNMPv2-SMI::enterprises.3.1.1 /usr/local/nagios/libexec/eventhandlers/trap_handler 5

Can anyone tell me what is wrong in my snmptrapd.conf file???

The trap_handler script is correct because when I run it manually with ./trap_handler I get

Again, is there a host on the nagios server named “unknown” with a service check of … You can’t submit a passive check to nagios for just any hostname you choose, or any service description you choose. They have to be an already definded host and service.

There is no host “unknown” in any of my config files, in fact, you helped me to solve my second problem, my error was that I have a mismatch between the service_description name and the service name I wrote on my services.cfg file in Nagios (it wasn’t the same service description), thanks for that.

When the log archive of the snmptrapd receives a Windows trap, I can see the trap right there, but my snmptrapd.conf doesn’t call the trap_handle script, that’s my problem.

How can I see if the snmptrapd.conf calls or not the script???

I don’t get anything in Nagios, I repeat, only when I run the script MANUALLY

Thanks jakkedup :shock:

[quote=“lina”]
How can I see if the snmptrapd.conf calls or not the script??? [/quote]

Sorry, I"m the last person to talk to about traps. Hopefully someone else can help you out. All I was looking at is the output sent to nagios and whether it was formatted correct. The format looks good, but the hostname looked odd, and wont be accepted and displayed in nagios.

Many times, I execute the send_nsca script and send a passive check to nagios just to see it shown in the web interface. But the only reason it works, is due to using REAL hostnames and service descriptions.

After many times of doing tests, I have finally received my Enterasys SNMP Traps on my Nagios monitoring server, the problem was the configuration file of the Net-SNMP addon, I had a syntax error defining the SNMP OIDs!

Now my NSCA addon works fine, thanks a lot jakkedup and mdroz8, but I have another problem (not NSCA!!!) now with the notifications, I’ll better look the many many threads that exists about notification problems before asking something that it is already solved, thanks !

:o