SNMP Trap defination with a fixed OID for several services

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

SNMP Trap defination with a fixed OID for several services

Post by parisa »

Hi,

I have about 2000 nodes in NagiosXI that I want to monitor them by SNMP Trap, every nodes can generate about 15 alarms( the 15 alarms are fixed).
I uploaded relevant MIB in system but when I investigated MIB file and snmptt.conf.nxti, snmptt.log, I observed that all of alarms have only an OID (fixed OID), all received traps have the fixed OID (.1.x.x.x.x.x.x.x.x.x.7.1.0.1 ) and every trap have up to 34 variables in its body that the variables names is shown with enterprises.x.x.x.7.1.y.0 (only "y" changes in variables names between 1 to 34) and every variables have a output based on trap and one of the variables shows type of the alarm.
I have defined the alarms as service in Nagios and I wanted to create traps of them in "SNMP Trap Interface" but I don't know how define some traps with an OID and specify the trap with a variable . ( enterprises.x.x.x.7.1.y.0 )

Thnaks
You do not have the required permissions to view the files attached to this post.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by tgriep »

You should be able to use a * as a wildcard in the EVENT line like this example

Code: Select all

enterprises.x.x.x.7.1.*
so if a trap comes in with the above OID and any variable after the 7.1, it will match the OID and process it.
Take a look at this site under the EVENT section for more details on using a wildcard.
http://snmptt.sourceforge.net/docs/snmptt.shtml
Be sure to check out our Knowledgebase for helpful articles and solutions!
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by parisa »

Thank you @tgriep for your answer.
In the snmptt.conf.nxti, it would look something like:

EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.0.1 "Status Events" critical
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N" --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
SDESC

Notification for real-time alarm.
Variables:
1: XNodeName
2: XNodeType
3: XObjectInstance
4: XEventType
5: XEventTime
6: XProbableCause
7: XSeverity
8: XEventDetail
9: XAdditionalInfo
10: XFaultFlag
11: XFaultFunction
12: XDeviceIP
13: XSerialNo
14: XProbableRepair
15: XResourceIDs
16: XAdditionalVB1
17: XAdditionalVB2
18: XAdditionalVB3
19: XAdditionalVB4
20: XAdditionalVB5
21: XAdditionalVB6
22: XAdditionalVB7
23: XAdditionalVB8
24: XEventName
25: XReasonID
26: XFaultID
27: XDeviceType
28: XTrailName
29: XRootAlarm
30: XGroupID
31: XMaintainStatus
32: XRootAlarmSerialNo
33: XConfirmStatus
34: XRestoreStatus

EDESC

And I want to define traps for output of the variable 24 "XEventName or Alarm-1" that is shown in received traps as below:

Wed Nov 28 15:33:08 2018 .1.x.x.x.x.x.x.x.x.x.7.1.0.1 Normal "Status Events" 10.x.x.23 - Received trap "XEventNotify" with variables "enterprises.x.x.x.7.1.1.0:Node1 enterprises.x.x.x.7.1.2.0:Nodetype1 enterprises.x.x.x.7.1.3.0:source=Object-instance enterprises.x.x.x.7.1.4.0:typ1 enterprises.x.x.x.7.1.5.0:2018/11/28 - 12:02:54Z enterprises.x.x.x.7.1.6.0:\\(1)Cause1;\\(2)Cause2;\\(3)Cause3. enterprises.x.x.x.7.1.7.0:Critical enterprises.x.x.x.7.1.8.0:detail enterprises.x.x.x.7.1.9.0: additional info enterprises.x.x.x.7.1.10.0:Recovery enterprises.x.x.x.7.1.11.0:type enterprises.x.x.x.7.1.12.0:0.0.0.0 enterprises.x.x.x.7.1.13.0:12579266 enterprises.x.x.x.7.1.14.0: enterprises.2011.2.15.1.7.1.15.0:3147990.-1.6.1.50.1.-1.-1 enterprises.x.x.x.7.1.24.0:Alarm-1 enterprises.x.x.x.7.1.25.0:235 enterprises.x.x.x.7.1.26.0:235 enterprises.x.x.x.7.1.27.0:1955 enterprises.x.x.x.7.1.28.0: enterprises.x.x.x.7.1.29.0:0 enterprises.x.x.x.7.1.30.0:268374017 enterprises.x.x.x.7.1.31.0:0 enterprises.x.x.x.7.1.32.0:"

And I have more than 12 Alarms, I receive the traps from a host that more than 2000 nodes connect to it and it get the traps from them.
Do I define traps by enterprises.x.x.x.7.1.* ?
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by tgriep »

If you change the following line from

Code: Select all

EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.0.1 "Status Events" critical
to

Code: Select all

EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.* "Status Events" critical
this should receive the traps if the OID starts with .1.x.x.x.x.x.x.x.x.x.7.1 and anything after, (.1.x.x.x.x.x.x.x.x.x.7.1.x.x.x.x) and process the trap.

FYI, the example that you posted is just the configuration for logging the traps in the SNMP Trap Interface menu in the XI GUI.

You will have to edit the passive entry in the snmptt.conf.nxti cile as well so the traps will get passed to Nagios so they can be processed by the service check.

The passive entry will have a similar EVENT line but the EXEC line will be using the snmptraphandling.py script like the example below.

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py
Be sure to check out our Knowledgebase for helpful articles and solutions!
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by parisa »

I sent sample of trap log to show format received traps in my system and also I sent a sample from snmptt.conf.nxti to explain my problem, thanks for your attention.
I would be grateful if you can explain the solution for me step by step , because when I replace event line to "EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.* "Status Events" critical" format, I face with another problem.

1- Nagios should recognize node name but whole traps is sent from third party servers, Actually all nodes send trap to server: 10.x.x.23 and then the server send the traps to Nagios.

2- How to define trap for every alarm by the OID #.1.x.x.x.x.x.x.x.x.x.7.1.* , the alarm name is passed with variable #24 (enterprises.x.x.x.7.1.24.0:Alarm-1) and it can be more than 12 types.

3- how to define status of the trap ( the trap shows fault or recovery of a issue), because the status is shown by variable#10 (enterprises.x.x.x.x.7.1.10.0) in trap.

Please guide me how I can by .1.x.x.x.x.x.x.x.x.x.7.1.* define traps with above conditions.

Thanks
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by parisa »

I defined a host with IP: 10.x.x.23 to check my problems more easy and defined all of services for it and defined trap for all of services and put service name in "Passive Service Setup" part of "Trap Definition" with OID: .1.x.x.x.x.x.x.x.x.x.7.1.0.1 , but when I receive a trap, status of all of services are changed. (that it is true because I have defined a OID for some traps)
According to your solution, I replaced the OID with .1.x.x.x.x.x.x.x.x.x.7.1.* , but after that when I receive a trap, the trap is not shown in monitoring and actually the status service is not changed in Nagios.
So it seems that I still face with three problems that I have explained in last post.

I don't know, if I should do another configuration about it. Please guide me.
Do you have any solution for the problems?

Thanks
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by tgriep »

Take a look at the SNMP Trap Tutorial article and the following link that describes how SNMP Traps work and integrate with Nagios XI.
https://support.nagios.com/kb/article/n ... al-77.html

Search for this line in the KB article
SNMPTT is using the script /usr/local/bin/snmptraphandling.py which sends PASSIVE check results to the Nagios command pipe. It requires the following arguments:

That describes the format of the following line. This is what you will we editing the most to get the format of the traps translated and sent to the XI gui in the way you want.
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"


1. It sound like the traps are coming to a trap forwarder and then passed on to the Nagios server but you will want to use the original IP address of the sender.
To to that, you will have to edit the EXEC line and replace the $r with $aA which is the Trap agent IP address. This will work as long as the forwarder and the agent sends the IP address.
EXEC /usr/local/bin/snmptraphandling.py "$aA" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"

See this page under the FORMAT: section that talks about the Variables and their meanings.
http://snmptt.sourceforge.net/docs/snmp ... .CONF-EXEC

2. Are you talking about creating a separate service for each alarm types in XI?

3.The section "Create Custom Events In SNMPTT" in the KB is what you would use to create custom entries for the OK, Warning and Critical statue entries that will generate the Alerts in the XI GUI.
Be sure to check out our Knowledgebase for helpful articles and solutions!
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by parisa »

Thanks for your attention

I have read "https://support.nagios.com/kb/article/n ... al-77.html" , in it has been defined a service (SNMP Trap) and a host (Trap Sender), but I have about 12 services for every host to monitor as passive check in SNMP receiver, actually I have a service for every alarm (12 alarms, so 12 services).

Alson KB "nagios-xi-snmp-trap-tutorial-77.html", has been explained that name of server CentOs is shown in " Unconfigured Objects" , so I should see name of my hosts ( I have around 2000 hosts) in the section but it was not.

I get IP of the sender (10.x.x.23) for all of variables: trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" in trap, and I don't know to how I can fix the problem from my side. :(

3) Also because of I have just an OID for all of services ".1.x.x.x.x.x.x.x.x.x.7.1.0.1" and I receive fault and recovery of the alarms with the same OID too. this is problem in definition of Event in SNMPTT.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by tgriep »

3) What you would have to do is to setup duplicate entries in the snmptt.conf file using the same OID but with different Match statements.

For the variable 10 "XFaultFlag" you would define the entries like the following examples.

Code: Select all

EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.* "Status Events" OK
FORMAT Received trap "$N" with variables "$+*"
EXEC /usr/local/bin/snmptraphandling.py "$aA" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"
MATCH $9:xxx
SDESC
In the above, replace xxx with what the XFaultFlag variable returns when it is in an OK state

Code: Select all

EVENT xEventNotify .1.x.x.x.x.x.x.x.x.x.7.1.* "Status Events" CRITICAL
FORMAT Received trap "$N" with variables "$+*"
EXEC /usr/local/bin/snmptraphandling.py "$aA" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"
MATCH $9:yyy
SDESC
This one, replace yyy with what the XFaultFlag variable returns when it is in an Critical state



In the EXEC line that uses the snmptraphandling.py script, the second option on the command line defines the name of the service in XI.
If you want the service name to be defined be the 24th variable "XEventName" you would replace "SNMP Traps" with a $23 like the example below.

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$aA" "$23" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"
The reason it is a 23 it that the index starts at 0 and not 1 like the SDESC section so it is one less.
Be sure to check out our Knowledgebase for helpful articles and solutions!
parisa
Posts: 62
Joined: Tue Sep 25, 2018 3:18 am

Re: SNMP Trap defination with a fixed OID for several servic

Post by parisa »

Thanks for your help
I have defined trap for every service , in below is a sample of it:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.x.7.1.0.1 "XEventNotify" Critical
FORMAT Received trap "$N" with variables "$+*"
EXEC  /usr/local/bin/snmptraphandling.py "$aA" "Alarm_1"  "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*" MATCH $9:Fault
SDESC
The Trap is related to Alarm_1 Alarm
EDESC
According to your solution, the problem of fault/recovery definition for every alarm is resolved but when I used $23 even $24 , it couldn't recognize $23 insteed of Alarm name.

One more question, how can I use MATCH statement several times in a trap definition?
for example, I want to use it for "XFaultFlag" and "XEventName", are below lines correct?
MATCH $9: xxx
MATCH $23:yyy
and does Nagios check both of the conditions ? actually I want "and" of the conditions ?
Locked