SNMP Traps Version

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
fpernet
Posts: 55
Joined: Tue Aug 23, 2011 3:40 am

SNMP Traps Version

Post by fpernet »

Hi all,

We have a SOPHOS UTM 9 we would like to monitor using SNMP. SOPHOS is providing the MIB and is able to send it in only two version: 2c and 3.
We have a Nagios XI 2014R1.2 virtual machine x64.

We added the MIB with success AFAIK.
We are receiving traps but they go to unknown traps.

The tcpdump is:

Code: Select all

15:06:55.670444 IP (tos 0x0, ttl 64, id 29293, offset 0, flags [DF], proto UDP (17), length 142)
    proxy.idsa.local.43070 > idnagios.idsa.ch.snmptrap: [udp sum ok]  { SNMPv2c C=idcs { V2Trap(101) R=1950607514  system.sysUpTime.0=150467600 S:1.1.4.1.0=E:9789.1500 E:9789.1500.1.5="[portal.idsa.ch][INFO][005]" } }
The snmpttunknown.log gives:

Code: Select all

Mon Jul  7 14:55:09 2014: Unknown trap (.1.3.6.1.4.1.9789.1500) received from proxy at:
Value 0: proxy
Value 1: 192.168.10.254
Value 2: 17:9:46:09.00
Value 3: .1.3.6.1.4.1.9789.1500
Value 4: 192.168.10.254
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.9789.1500.1.5=[portal.idsa.ch][INFO][005]
It seems that all traps are analysed with 9789.1500 instead of 9789.1500.1.5. A test with a snmpV1 test trap is fine. If I modify this trap and change the OID from .1.3.6.1.4.1.9789.1500.1.5 to .1.3.6.1.4.1.9789.1500, then it works fine and the trap appears in Nagios for the host PROXY.

I've got the feeling that it has something to do with the snmp version (1, 2c or 3) ...

Does somebody faced a similar problem ? Don't Nagios (snmptt or snmptrapd) allow to make a difference following the snmp version ?

Many thanks in advance

Francois
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: SNMP Traps Version

Post by sreinhardt »

snmptrapd is what would specify the version you are checking, by default it works with snmpv1 and 2, but can be configured to work with 3 as well. You may be right that this is a difference between snmp versions, however any differences should have been covered by the vendors mib, which does not seem to be the case here. Simply adding the additional .1 should not cause any other issues at this time, an update to your device in the future may require you to revert back to the original mib though. Also, no neither nagios nor snmptt should or do allow for interpretation of data inputted. They both rightfully expect that any checks against input should match checks exactly, otherwise you could have all sorts of vendor and version mismatching that shouldn't be happening.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
Locked

Return to “Nagios XI”