Snmptrap-snmptt-nagios


#1

Hello

If someone has a working setup where nagios receives snmp traps, I would really like to see some example config. provide snmptrapd.conf etc.


#2

This is the installation tutorial that works:
snmptt.sourceforge.net/docs/snmp … n-Overview

I have set it up as explained and installed nagtrap (which gives you web frontend in Nagios web GUI that prints all traps recorded in database).
Nagtrap:
nagtrap.org/dokuwiki/doku.ph … stallation

The main thing you should do is properly configure snmptt to receive traps you wish to accept and then with the EXEC variable in snmptt.conf file you can run a script that would process the Passive check result to nagios,
done through submit_check_result. You have to define some passive services for traps in nagios which would accept passive results from a script.

example of snmptt.conf file (in which you defined which traps should be recorded in database and processed and which not, everything is very well explained in the link I’ve provided above for the snmptt):

EVENT event_name event_OID "category" severity FORMAT $2 - $1 - $X $x EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $R 'service_description' 2 "$2" NODES x.x.x.x MATCH MODE=and MATCH $2: (needed string) MATCH $1: !(forbidden_string)

That way, any trap that comes and is filtered through **snmptt.conf **rules, will send a submit_check_result to nagios.
Original *submit_check_result *must have arguments like this:

in the upper example i have provided:
$R for the $HOSTNAME$ as it is described in:
snmptt.sourceforge.net/docs/snmp … ONF-FORMAT
’service_description’ for the '$SERVICEDESC$'
you can extract part of the $1 variable binding from trap as service description and provide the same extracted part as service_description variable in nagios service definition
2 for the $SERVICESTATE$
This can be 0, 1, 2 or 3 dependently on how you consider the trap output. As Warning state, Critical, Ok or Unknown
$2 for the ‘$OUTPUT$’

Those $1, $2, $3 and so on in the snmptt.conf file are the trap variable bindings. Check the traps you’re receiving and use them as you wish. In this link those are explained as $n:
snmptt.sourceforge.net/docs/snmp … ONF-FORMAT

submit_check_result script should look like this:

[code]#!/bin/sh

SUBMIT_CHECK_RESULT

Written by Ethan Galstad (nagios@nagios.org)

Last Modified: 02-18-2002

This script will write a command to the Nagios command

file to cause Nagios to process a passive service check

result. Note: This script is intended to be run on the

same host that is running Nagios. If you want to

submit passive check results from a remote machine, look

at using the nsca addon.

Arguments:

$1 = host_name (Short name of host that the service is

associated with)

$2 = svc_description (Description of the service)

$3 = return_code (An integer that determines the state

of the service check, 0=OK, 1=WARNING, 2=CRITICAL,

3=UNKNOWN).

$4 = plugin_output (A text string that should be used

as the plugin output for the service check)

echocmd="/bin/echo"

CommandFile="/path/to/rw/nagios.cmd"

get the current date/time in seconds since UNIX epoch

datetime=date +%s

create the command line to add to the command file

cmdline="$datetime] PROCESS_SERVICE_CHECK_RESULT;$1;$2;$3;$4"

append the command to the end of the command file

$echocmd $cmdline >> $CommandFile[/code]


#3

Quite a resort. I have installed all the needes programs, but I feel I am so far from getting it to work. This is a big project for me to do…


#4

Yeah, it is, but once you get it working you’ll se the benefit.


#5

Okay, now I got it working. Few problems are: If service is active_check disabled, it seems I cannot “force check” it, to clear the trap. So I use active_check enabled and then can clear the trap. What about host names, could I make an alias ni nagios that HOST and host would mean the same? What is nagtrap used for? It seems that it is only part that is not working, but I can get important traps and notifications sent using nagios and that was my main goal

The main question remaining is, how to set up nagvis and see the nagvis webpage? I have read the documentation and installation instruction but still there is only blank page I am seeing.


#6

As i am having quite some problems configuring nagios to work with traps i’ll try to post a few steps to start with…

I’m runnning nagios (compiled from source) on Debian.

You’ll need snmptrapd (it’s part of snmpd), snmptt and obviously nagios.

configure /etc/default/snmpd to run snmptrapd with the -On option and restrat snmpd

these are the two lines i needed to change:

TRAPDRUN=yes
TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'

for testing i created two MIB definition files as shown here:
net-snmp.org/wiki/index.php/ … MIv1_Traps

if you installed snmptt you should also have snmpttmibtranslate, run it against all mib files you have:

cd /usr/share/mibs/netsnmp
for i in *; do  snmpttconvertmib --in=$i --out=/etc/snmp/snmpttconf/all.conf; done

this translates the mib file sand puts them in the out file.

modify /etc/snmp/snmptt.ini to use that last file…

snmptt_conf_files = <<END
/etc/snmp/snmpttconf/all.conf
END

restart snmptt

Now you can modify snmptt.ini to use DEBUG, set the debug file too…

remeber to restart snmptt

If you cretaed the two MIB files above you should now be able to send a trap with:

snmptrap -v 2c -c public 10.10.10.10 "" NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

change community and receiving host IP address to meet your needs and you should see the trap managed by snmptt in the debug file.

If all worked up to here we now need to modify the all.conf file so that snmptt does something with the trap, we want it to be sent to nagios.

first we modify the trap we are intersted in (in this case the demo notification) so that it calls an eventhandler (which will write the info in the nagios.cmd file)

search the right trap in all.conf and add an EXEC line:

EVENT netSnmpExampleHeartbeatNotification .1.3.6.1.4.1.8072.2.3.0.1 "Status Events" Normal
FORMAT An example notification, used to illustrate the $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result localhost testtrap 1 "test trap recevied"

don’t touch the SDESC part…

we are telling snmptt to run the submit_check_result script with some parameters. theorically we should use $r as hostname, but that gives us the FQDN on localhost and that’s not what we wnat right now.

now we need the script itself:

create the eventhandlers directory if you don’t already have it and then
vi /usr/local/nagios/libexec/eventhandlers/submit_check_result

#!/bin/bash
data=`date +%s`
echo ""$data"] PROCESS_SERVICE_CHECK_RESULT;$1;$2;$3;$4" >> /usr/local/nagios/var/rw/nagios.cmd

now create a passive check named traptest for the localhost in nagios, restart nagios and snmptt and you should get the trap in nagios (it will be a warning having an exit code of 1.

Add the user snmptt to the nagcmd group

usermod -a -G nagcmd snmptt

or the submit_check-result script run by user snmptt won’t be able to write in the nagios command file

In the EXEC command od all.cpnf we used localhost, to use the correct hostname you need to associate the IP address of the trap generator to the hostname you use in nagios in the /etc/hosts file and change the EXEC lines:

To receive Link Down and up traps i used the following:

EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r "IF-MIB Trap
s" 1 "Link Change: $* state changed to Down"

on the host i defined a service called “IF-MIB Traps” and this is what i get:

hostname IF-MIB Traps OK 05-04-2011 12:11:15 0d 0h 5m 57s 1/1 Link Change: 16 state changed to Up

I hope i didn’t miss any important passages in writing this down… let me know if you have problems :slight_smile:


#7

First and foremost; to the contributors of this post, this was a great extension to the official documentation. I have followed the documentation and the write-ups here and still have 1 problem. The traps being filtered from SNMPTT to Nagios are not showing up in the GUI. I see the traps being fed in by the event scheduler:

You can catch them going to nagios.cmd:

more /usr/local/nagios/var/rw/nagios.cmd
[1361991698] PROCESS_SERVICE_CHECK_RESULT;asr9k-ag04-1;TRAP;1;A linkUp trap signifies that the SNMP entity, acting in an 8 tunnel-ip11001 tunnel up

I have the service define for nagios:


###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
###############################################################################

# Define the switch that we'll be monitoring

define host{
        use             generic-switch          ; Inherit default values from a template
        host_name       asr9k-ag04-1            ; The name we're giving to this switch
        alias           asr9k-ag04-1            ; A longer name associated with the switch
        address         10.122.81.69            ; IP address of the switch
        hostgroups      switches                ; Host groups this switch is associated with
        }




###############################################################################
###############################################################################
#
# HOST GROUP DEFINITIONS
#
###############################################################################
###############################################################################

# Create a new hostgroup for switches

define hostgroup{
        hostgroup_name  switches                ; The name of the hostgroup
        alias           Network Switches        ; Long name of the group
        }




###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################

# Create a service to PING to switch

define service{
        name                    ping                    ; Name of service
        use                     generic-service         ; Inherit values from a template
        service_description     ping                    ; The service description
        check_command           check_ping!200.0,20%!600.0,60%  ; The command used to monitor the service
        normal_check_interval   5                       ; Check the service every 5 minutes under normal conditions
        retry_check_interval    1                       ; Re-check the service every minute until its final/hard state is determined
        }


# Monitor uptime via SNMP
#define service{
#       use                     generic-service ; Inherit values from a template
#       service_description     Uptime
#       check_command           check_snmp!-C public -o sysUpTime.0
#       }



# Monitor Port 1 status via SNMP
#define service{
#       use                     generic-service ; Inherit values from a template
#       service_description     Port 1 Link Status
#       check_command           check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
#       }

###############################
#Trap services
###############################
define service{
        name                            TRAP
        use                             generic-service
        register                        0
        service_description             TRAP
        is_volatile                     1
        check_command                   check-host-alive
        flap_detection_enabled          0
        process_perf_data               0
        max_check_attempts              1
        normal_check_interval           1
        retry_check_interval            1
        passive_checks_enabled          1
        check_period                    24x7
        notification_interval           31536000
        active_checks_enabled           0
        notification_options            w,u,c
}


###############################################################################
###############################################################################
#
# ASSOCIATE SERVICE DEFINITIONS
#
###############################################################################
###############################################################################

define service{
        host_name       asr9k-ag04-1            ; hostname is define /etc/hosts file
        use             ping                    ; ping / alive service
}

define service{
        host_name       asr9k-ag04-1            ; hostname is define /etc/hosts file
        use             TRAP                    ; ping / alive service
}

There has to be something I missed with the initial setup… Any help with be much appreciate.

Nagios® Core™ 3.3.1


#8

Figured out the problem … i had an old installation of nagios before I upgraded that used a different spooling path.

/var/spool/nagios/nagios.cmd is the default path 3.3.1