SNMP trap not captured by Nagiosxi

nfv_nagios · Post by **nfv_nagios** » Tue Jun 19, 2018 11:29 pm

Hi Support

This is a continuation from the old thread. https://support.nagios.com/forum/viewto ... 16&t=47454

I am going crazy trying to figure out what is the problem with Nagios.....i have checked everything...
1) Configuations are correct because i am able to recieve traps from other systems.
2) iptable is disabled.
3) the mib file is loaded in the right place and having the correct permission.
4) tcpdump is capturing the incoming trap.
5) I even tried to add a specific catchall Event.

#
EVENT CatchAll .1.3.6.1.4.1.393.200.* "Status Events" Critical
FORMAT $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "Host: $r; SvcDesc: $*"
#

But NOTHING is captured in snmptt.log, snmptt.debug, snmpttunknown.log and snmptthandler.debug.

I don't know what else is wrong, Nagios is just not accepting the traps from this particular system.

I have attached the snmptt.conf and tcpdump file for your reference.

Please help.

Post by **cdienger** » Wed Jun 20, 2018 4:51 pm

I'm not able to reproduce this but the error in the packet trace would suggest the agent(source) address in the snmptrap message is too large. Try running the following on XI and check to see if it causes anything to be logged in the logs you mentioned as well as /usr/local/nagios/var/nagios.log:

snmptrap -v 1 -c public 10.254.98.200 1.3.6.1.4.1.393.200.50.66 10.252.40.243 6 2 '' 1.3.6.1.4.1.393.200.50.66.1.1 s 5468652053796d616e7465632050726f74656374696f6e20456e67696e6520686173206a7573742073746172746564207570 1.3.6.1.4.1.393.200.50.66.1.2 s 31302e3235322e34302e323433 1.3.6.1.4.1.393.200.50.66.1.3 i 1344 1.3.6.1.4.1.393.200.50.66.1.44 s 313130 1.3.6.1.4.1.393.200.50.66.1.51 s 496e666f726d6174696f6e

nfv_nagios · Post by **nfv_nagios** » Sun Jun 24, 2018 9:03 pm

Hi Support

After executing the suggested command line, i received the following messages in various logs.

/usr/local/nagios/var/nagios.log
[1529891687] Warning: Passive check result was received for service 'SNMP Traps' on host '10.254.98.200', but the host could not be found!
[1529891687] Error: External command failed -> PROCESS_SERVICE_CHECK_RESULT;10.254.98.200;SNMP Traps;2;Host: 10.254.98.200; SvcDesc: 5468652053796d616e7465632050726f74656374696f6e20456e67696e6520686173206a7573742073746172746564207570 31302e3235322e34302e323433 1344 313130 496e666f726d6174696f6e
[1529891687] External command error: Command failed

/var/log/messages
Jun 25 09:57:09 NFVI-COMMON-NAGIOS-01 snmptt[28045]: .1.3.6.1.4.1.393.200.50.66.0.2 Critical "Status Events" 10.252.40.243 - 5468652053796d616e7465632050726f74656374696f6e20456e67696e6520686173206a7573742073746172746564207570 31302e3235322e34302e323433 1344 313130 496e666f726d6174696f6e
Jun 25 09:57:09 NFVI-COMMON-NAGIOS-01 nagios: Warning: Passive check result was received for service 'SNMP Traps' on host '10.254.98.200', but the host could not be found!
Jun 25 09:57:09 NFVI-COMMON-NAGIOS-01 nagios: Error: External command failed -> PROCESS_SERVICE_CHECK_RESULT;10.254.98.200;SNMP Traps;2;Host: 10.254.98.200; SvcDesc: 5468652053796d616e7465632050726f74656374696f6e20456e67696e6520686173206a7573742073746172746564207570 31302e3235322e34302e323433 1344 313130 496e666f726d6174696f6e
Jun 25 09:57:09 NFVI-COMMON-NAGIOS-01 nagios: External command error: Command failed

/var/log/snmptt/snmptt.log
Mon Jun 25 09:54:45 2018 .1.3.6.1.4.1.393.200.50.66.0.2 Critical "Status Events" 10.252.40.243 - 5468652053796d616e7465632050726f74656374696f6e20456e67696e6520686173206a7573742073746172746564207570 31302e3235322e34302e323433 1344 313130 496e666f726d6174696f6e

scottwilkerson · Post by **scottwilkerson** » Mon Jun 25, 2018 7:37 am

You need to run the SNMP Trap wizard and add the host 10.254.98.200

Then they will show up in the interface

nfv_nagios · Post by **nfv_nagios** » Wed Jun 27, 2018 3:13 am

As per advise, i have added the host 10.254.98.200 and now i am able to see trap on Nagios.

With this test, does it mean that there was some issue with the agent(source) address as shown in the trace?

scottwilkerson · Post by **scottwilkerson** » Wed Jun 27, 2018 7:13 am

nfv_nagios wrote:With this test, does it mean that there was some issue with the agent(source) address as shown in the trace?

No. You still need to add all the hosts you are going to receive traps from with the SNMP Trap wizard

nfv_nagios · Post by **nfv_nagios** » Wed Jun 27, 2018 8:18 am

Oh, sorry, maybe i didn't comm clearly in the beginning of the thread.

I have already added host (10.252.40.243) to receive traps.
The problem is nothing get log in Nagios when this particular host send SNMP traps.

Then cdienger mentioned that the packet trace suggest the agent(source) address in the snmptrap message is too large.

So i thought by performing the test is to confirm if the agent(source) address had anything to do with Nagios not having anything records.

scottwilkerson · Post by **scottwilkerson** » Wed Jun 27, 2018 8:46 am

you would want to check /var/log/snmptt/snmpttunknown.log to see if 10.252.40.243 is sending traps that are not matching any of the configuration in the snmptt.ini

If it is logging in /var/log/messages it is being received and should be in one of the snmptt logs

Nagios Support Forum

SNMP trap not captured by Nagiosxi

SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi

Re: SNMP trap not captured by Nagiosxi