Page 1 of 1

SNMP trap correlation

Posted: Tue Mar 08, 2022 10:14 am
by dslaughter
I'm receiving snmp traps for 2 trunks. If one is down its ok but if both are down I need to send a notification. Also I need to pull an ip address and do a dns lookup and put the name received back into the alarm text.

It would be great if there was a severity level that will not send a notification and show up in alarm list. Something like critical, warning, info, ok, unknown.

trunk1 down x.x.x.1 {dns lookup name}
trunk2 up x.x.x.2 {dns lookup name}
^^^^^^ ok

trunk1 down x.x.x.1 {dns lookup name}
trunk2 down x.x.x.2 {dns lookup name}
^^^^^^^^^^^ bad send notification

How can I do the correlation and dns lookup when these kind of snmp traps come in?

Re: SNMP trap correlation

Posted: Thu Mar 10, 2022 8:52 am
by dslaughter
hello?

Re: SNMP trap correlation

Posted: Thu Mar 10, 2022 1:32 pm
by pbroste
Hello @dslaughter

Thanks for reaching out and would like to take a look at your Nagios XI System Profile so we can see what is going on.

To send us your system profile.
  • Login to the Nagios XI GUI using a web browser.
  • Click the "Admin" > "System Profile" Menu
  • Click the "Download Profile" button
  • Save the profile.zip file and share via Private Message
Thanks,
Perry

Re: SNMP trap correlation

Posted: Tue Mar 15, 2022 9:00 am
by dslaughter
Did you get my pm?

Re: SNMP trap correlation

Posted: Tue Mar 15, 2022 12:03 pm
by pbroste
Hello @dslaughter

Thanks for following up and sending along the Profile, it was nice to get a good overview.

Did some checking and want to find out if this will help you out a bit. Found this previous post with the following:
tonyyarusso wrote:We had one other person ask about this a few months ago, and while I don't know what their final resolution was, here is what I told them (which apparently answered the question at least partially, since I haven't heard from them since about it):
Okay, it looks like this should be possible with the SNMPTT
configuration. The "preferred" way would be to allow SNMPTT to resolve
the FQDNs through a DNS lookup. To do that, you would want to create an
entry for every host in /etc/hosts on the XI server, and set dns_enable
to 1 in /etc/snmp/snmptt.conf.

Alternatively, if all of your hosts have the same domain and you don't
want to create host records for them, you can enable strip_domain and
add your domain to strip_domain_list (just in case) in /etc/snmptt.ini,
then back in /etc/snmptt.conf on every single trap definition change
"$r" to "$r.yourdomain.tld".

Unfortunately neither way is particularly "clean" - there's built-in
functionality for stripping a domain off, but not adding one back on.
So, getting host lookups on the system to return the FQDN is really the
way to go.

for documentation on the subject:
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS
http://snmptt.cvs.sourceforge.net/viewv ... iew=markup
And then here is the response:
You pointed out which item was used to find hosts in Nagios.
I have looked into the manual of snmptt.conf http://www.snmptt.org/docs/snmptt.shtml if there is a way to put the IP number, instead of hostname.
I found the variable $ar to contain the IP number.
I changed all $r to $ar in the file /etc/snmp/snmptt.conf (:1,$ s/"$r"/"$ar"/g)
I caused the system to send a SNMP trap, e voila ! Nagios reported a PROBLEM to the correct host, based on IP number ! :D :D 8-) :lol:
It worked !
Only if I add an new MIB, I have to change it again.
Something has to change in the addmib command config.
Please take a look over this and let us know if this will help out. Hopefully, this will provide a possible workaround.

Thanks,
Perry

Re: SNMP trap correlation

Posted: Thu Mar 17, 2022 11:58 am
by pbroste
Hello @dslaughter

Want to check in with you to find out what your file /etc/snmp/snmptt.conf looks like? Made reference in the previous post on possible updates to variables; $r to $ar.
Also we're moving to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.
Thanks,
Perry

Re: SNMP trap correlation

Posted: Wed Mar 23, 2022 6:43 pm
by dslaughter
Thanks for your help. We have decided to take a different approach to this problem. You can close this.

Re: SNMP trap correlation

Posted: Thu Mar 24, 2022 9:41 am
by pbroste
Thanks for following up @dslaughter, please let us know if you need any further.

locking,
Perry
We're moving to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.