No files found under /var/spool/snmptt

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

No files found under /var/spool/snmptt

Post by shineyroman »

Hi Guys,

I am new to the forum and this is my first post. I am trying to configure SNMP Traps for Fortigate ( mainly VPN up/Down) using a Centos Nagios Core server. I am able to see the trap being received by the Nagios server using tcpdump. However, nothing happens after that. I do not see any spool files created under /var/spool/snmptt ( after stoppong the snmptt service ).

Folder permissions -

drwxrwxr-x 2 snmptt snmptt 6 Jan 30 17:25 /var/spool/snmptt
drwxrwxr-x 2 snmptt snmptt 102 Jan 31 10:43 /var/log/snmptt
drwxr-xr-x. 2 root nagios 108 Jan 31 10:46 /etc/snmp/
-rw------- 1 root root 18861 Oct 30 19:52 /etc/snmp/snmpd.conf
-rw------- 1 root nagios 288 Jan 31 10:13 /etc/snmp/snmptrapd.conf
-rw-r--r-- 1 root nagios 30703 Jan 30 17:54 /etc/snmp/snmptt.conf
-rw-r--r-- 1 root nagios 26294 Jan 30 17:38 /etc/snmp/snmptt.ini

Have attached my snmptrapd.conf and snmptt.ini files as well.
Would really appreciate some help. Thank you ..
Attachments
snmptt_ini.txt
(26.24 KiB) Downloaded 170 times
snmptrapd.conf.txt
(296 Bytes) Downloaded 176 times
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: No files found under /var/spool/snmptt

Post by scottwilkerson »

Have you looked for errors in the /var/log/snmptt/ logs?
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

Re: No files found under /var/spool/snmptt

Post by shineyroman »

Thank you scott for the reply.

I just got it to work about 5 min back. Port 162 was not explicitly allowed in the iptables. Once I edited the firewall, snmptt spool files were being created and translated

snmptt.log snippet

Thu Jan 31 12:31:46 2019 enterprises.12356.101.2.0.301 Normal "Status Events"

However, now that I can see that the traps are being translated , I am not sure why I am not receiving the notifications. Would you have any ideas regarding this. Sorry if its unrelated to the original post.
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

Re: No files found under /var/spool/snmptt

Post by shineyroman »

I tried executing the submit_check_result commad from the snmptt.conf file on the command line. I got the below error:

/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result: line 36: /usr/local/nagios/var/rw/nagios.cmd: No such file or directory

The issue is that the nagios.cmd on my server is at a different location > /var/nagios/rw/nagios.cmd

Can I just copy the nagios.cmd file to the location referenced in the script?
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: No files found under /var/spool/snmptt

Post by scottwilkerson »

shineyroman wrote:Can I just copy the nagios.cmd file to the location referenced in the script?
No, this is a command pipe created by nagios.

You need to change the location in the file that is calling it, in your /etc/snmp/snmptt.conf you would would have an EXEC line such as

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A topologyChange trap is sent by a bridge when any of $*"
With this exampe, you would edit /usr/local/bin/snmptraphandling.py and find all references of /usr/local/nagios/var/rw/nagios.cmd and change to your location.

In your case it is likely /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result that would be edited
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

Re: No files found under /var/spool/snmptt

Post by shineyroman »

Thank you Scott

I have edited the submit_check_result to point to the location of the nagios.cmd file

echocmd="/bin/echo"

CommandFile="/var/nagios/rw/nagios.cmd"

The command now runs from the CLI without any error. However, the notifications are still not being generated when the traps are received.
Is there any way to check that the exec command within the snmptt.conf is executed correctly.

Or any other checks that I have to do to ensure that notifications are send. Would it be a problem if the host name of the Fortigate on the nagios server and the name received via the SNMP trap is not identical i.e name defined on nagios server under hosts vs the FGT name send in SNMP Trap

I have also attached the service definitions.
Attachments
services definition.txt
(3.77 KiB) Downloaded 155 times
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: No files found under /var/spool/snmptt

Post by scottwilkerson »

Can you share your EXEC line?

Can you also attach your submit_check_result script?

Can you finally, look in the nagios.log and see if there is any errors about the host/service not being found?
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

Re: No files found under /var/spool/snmptt

Post by shineyroman »

Hi Scott,

I have attached the sumit_check_result command.

Please find the EXEC commands below:

EVENT fgTrapVpnTunUp .1.3.6.1.4.1.12356.101.2.0.301 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"

EVENT fgTrapVpnTunDown .1.3.6.1.4.1.12356.101.2.0.302 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
SDESC

The nagios.log seems to be empty:

locate nagios.log
/usr/src/nagios-4.3.2/t/var/nagios.log

cat ls -lrt /usr/src/nagios-4.3.2/t/var/nagios.log
-rw-r--r--. 1 root root 0 Jul 6 2017 /usr/src/nagios-4.3.2/t/var/nagios.log

Thank you for all your help. Really appreciate it.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: No files found under /var/spool/snmptt

Post by scottwilkerson »

shineyroman wrote:I have attached the sumit_check_result command.
the attachment was missing
shineyroman wrote:The nagios.log seems to be empty:
That doesn't seem correct at all, if nagios is running ok, there is a log.

look for the log location in your nagios.cfg
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
shineyroman
Posts: 16
Joined: Wed Mar 28, 2018 11:26 am

Re: No files found under /var/spool/snmptt

Post by shineyroman »

Apologies, attaching the file.

Meanwhile will check nagios.cfg
Attachments
submit_check_result.txt
(1.18 KiB) Downloaded 173 times
Locked