NagiosXI 2011R1.1 ESX VMWare server appliance.
We recently got HP Lefthand (P4000) storage. This storage is on its own iSCSI network. We have one server (10.10.10.3) which is in the normal LAN and in the iSCSI LAN (10.10.102.*).
On this host we configured the free trapfwd (http://www.ncomtech.com/trapfwd.html) program, to forward traps from the storage nodes to the nagiosxi server, with W2003RK srvany.
In the trapfwd.log file I can see traps coming in, and get forwarded to nagiosxi server.
On the nagiosxi server, I executed the "Intergrating SNMP Traps" procedure from the library.
Added the LEFTHAND-NETWORKS-NSM-NOTIFICATION-MIB to /usr/share/snmp/mibs directory.
Executed addmib..., changed Normal to Critical for all LEFTHAND lines in the file snmptt.cfg. Restarted all snmp* services.
Added snmptrap to the host SERVER by using the wizard.
I see in the syslog file messages, the following lines (this information is changed to protect the innocent):
May 12 14:41:59 nagiosxi snmptrapd[15990]: 2011-05-12 14:41:59 10.10.102.11(via UDP: [10.10.10.3]:62154) TRAP, SNMP v1, community ****** .1.3.6.1.4.1.8072.3.2.10 Cold Start Trap (0) Uptime: 0:00:09.55
May 12 14:41:59 nagiosxi nagios: Warning: Passive check result was received for service 'SNMP Traps' on host 'SERVER', but the host could not be found!
May 12 14:41:59 nagiosxi snmptt-sys[0]: Can not open log file /var/log/snmptt/snmptt.log
May 12 14:41:59 nagiosxi snmptt[0]: .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" 10.10.102.11 - A coldStart trap signifies that the SNMP entity,
May 12 14:42:00 nagiosxi nagios: Warning: Passive check result was received for service 'SNMP Traps' on host 'SERVER', but the host could not be found!
The thirth line tells me that the NagiosXI-SNMPTrap.sh missed creating the directory. No big deal.
A Trap is received for the host "SERVER", which was not found in the Nagiosxi database.
We do have a nagios-host on the 10.10.10.3 number, which is called "SERVER.fqdn.dns". The hostname is not found, but the IP number is there! Nagios cannot find the name SERVER, instead is has to search for ip numbers.
Questions:
How can I change the way NagiosXI searches with SNMP traps ? Look for ip-numbers instead of hostnames ?
Or can I add an alias to a NagiosXI host (not prefereable) ?
SNMP trap search for hostname instead IP
-
tonyyarusso
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: SNMP trap search for hostname instead IP
We had one other person ask about this a few months ago, and while I don't know what their final resolution was, here is what I told them (which apparently answered the question at least partially, since I haven't heard from them since about it):
Okay, it looks like this should be possible with the SNMPTT
configuration. The "preferred" way would be to allow SNMPTT to resolve
the FQDNs through a DNS lookup. To do that, you would want to create an
entry for every host in /etc/hosts on the XI server, and set dns_enable
to 1 in /etc/snmp/snmptt.conf.
Alternatively, if all of your hosts have the same domain and you don't
want to create host records for them, you can enable strip_domain and
add your domain to strip_domain_list (just in case) in /etc/snmptt.ini,
then back in /etc/snmptt.conf on every single trap definition change
"$r" to "$r.yourdomain.tld".
Unfortunately neither way is particularly "clean" - there's built-in
functionality for stripping a domain off, but not adding one back on.
So, getting host lookups on the system to return the FQDN is really the
way to go.
for documentation on the subject:
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS
http://snmptt.cvs.sourceforge.net/viewv ... iew=markup
Re: SNMP trap search for hostname instead IP
Thank you.
You pointed out which item was used to find hosts in Nagios.
I have looked into the manual of snmptt.conf http://www.snmptt.org/docs/snmptt.shtml if there is a way to put the IP number, instead of hostname.
I found the variable $ar to contain the IP number.
I changed all $r to $ar in the file /etc/snmp/snmptt.conf (:1,$ s/"$r"/"$ar"/g)
I caused the system to send a SNMP trap, e voila ! Nagios reported a PROBLEM to the correct host, based on IP number !
It worked !
Only if I add an new MIB, I have to change it again.
Something has to change in the addmib command config.
You pointed out which item was used to find hosts in Nagios.
I have looked into the manual of snmptt.conf http://www.snmptt.org/docs/snmptt.shtml if there is a way to put the IP number, instead of hostname.
I found the variable $ar to contain the IP number.
I changed all $r to $ar in the file /etc/snmp/snmptt.conf (:1,$ s/"$r"/"$ar"/g)
I caused the system to send a SNMP trap, e voila ! Nagios reported a PROBLEM to the correct host, based on IP number !
It worked !
Only if I add an new MIB, I have to change it again.
Something has to change in the addmib command config.
-
tonyyarusso
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: SNMP trap search for hostname instead IP
Excellent. I'll make a note to look into the addmib code someday.