SNMP Trap Routing w/o NSTI

[sav2880]

Hello,

Looking to begin to dabble with SMTP Traps. I don't need, as of right now, to use a system as extensive as NSTI would be (although I would not mind adding this later), I'm just looking for basic alerts to be sent out when an SNMP Trap is received.

Up to this point, I've been able to get the traps to the Nagios server (SNMPTT is working), and it's logging ones it recognizes to the SNMPTT log file. Problem is, I can't get the information out of SNMPTT and into a specific host's SNMP Trap check.

What step might I be missing here to connect these two together?

[tmcdonald]

Did you follow this guide?

http://assets.nagios.com/downloads/nagi ... ios_XI.pdf

[sav2880]

I did, or at least I'm pretty sure I have! I've got it to the point where traps are being recognized by SNMPTT, I see them in the /var/log/snmptt/snmptt.log file, so they're getting to SNMPTT. The example one I'm using is:

Tue Nov 4 10:35:54 2014 .1.3.6.1.4.1.232.0.11003 MAJOR "Status Events" 10.118.129.0 - Generic trap (11003): HP Onboard Administrator Test Trap sent from enclosure: hpc7k01-lvs01

... and I've added a single-line event to the /etc/snmp/snmptt.conf file for this event:

EVENT chassisTestTrap .1.3.6.1.4.1.232.0.11003 "Test Trap" Warning

... but nothing shows up either in the SNMP Trap check I've setup for the IP (10.118.129.0), nor does anything show up under Monitoring Config --> Unconfgiured Objects, so I've got to be missing something in that transition, but what might it be?

[tmcdonald]

What EXEC line do you have for that trap? Is anything showing up in /var/spool/snmptt currently?

[sav2880]

There is not right now. I'm doing a test of shutting down the snmptt service to see if it drops the trap into /var/spool/snmptt, as I understand that it should (still a rookie in the ways of Linux, as you can tell) ... and in doing so, there is now an entry in the /var/spool/snmptt named #snmptt-trap-1415219313412628. So that's working.

The service is then started, and the spool is empty. Also good. Now, for the command, the example ones look like this:

EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
FORMAT Link down on interface $1. Admin state: $2. Operational state: $3
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1. Admin state: $2. Operational stat$
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state). This other state is indicated by the included value
of ifOperStatus.
EDESC


... with the #EXEC commented out. The one I added doesn't even have an EXEC line in there. What should the EXEC line be if I want Nagios to then pick up on the trap?

[sreinhardt]

Ah the link down trap, is a default one that is never configured correctly, for us or for generic use as far as I am concerned. A valid exec line for use with XI and nsti would be:

EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event requiring $*"

... This is the script that actually forwards to XI
... This is the hostname as XI will see it
... This is the service name
... This is the status as passed to XI
I forget what the next two are, times and such
... This is the status message base that is sent to XI, the $* sends the entirity of the raw trap as well.

One thing to note, if you plan on using nsti, you do not have to be limited to the exec lines as you normally would with a pure XI\trap setup. NSTI is able to use nrdp to forward in much more intelligent manor than just a base snmptt setup can do. Just something to keep in mind as your starting this, if you're going to do NSTI and are just starting on traps, I'd go the whole way and not partially. To get an idea of possibilities, take a look at my posts to banditbbs here: http://support.nagios.com/forum/viewtop ... 54#p115454
Edit: (facepalm) just read the title correctly... withOUT NSTI

[sav2880]

Ah the link down trap, is a default one that is never configured correctly, for us or for generic use as far as I am concerned. A valid exec line for use with XI and nsti would be:

EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event requiring $*"

... This is the script that actually forwards to XI
... This is the hostname as XI will see it
... This is the service name
... This is the status as passed to XI
I forget what the next two are, times and such
... This is the status message base that is sent to XI, the $* sends the entirity of the raw trap as well.

One thing to note, if you plan on using nsti, you do not have to be limited to the exec lines as you normally would with a pure XI\trap setup. NSTI is able to use nrdp to forward in much more intelligent manor than just a base snmptt setup can do. Just something to keep in mind as your starting this, if you're going to do NSTI and are just starting on traps, I'd go the whole way and not partially. To get an idea of possibilities, take a look at my posts to banditbbs here: http://support.nagios.com/forum/viewtop ... 54#p115454

Yeah, that's one of their classic examples. The one I'm testing is much simpler only because I can trigger it whenever I want ... the test SNMP trap from an HP classis.

I'll give this a try and post back in the morning.

[sreinhardt]

Sounds great, let us know! Never hurts to have a test trap that's easy to trigger, just got to get it setup right!

[sav2880]

That was able to make the trap come in okay!

One other question. Is there a way to make it run the same EXEC on any trap that comes in, even unknown ones?

[sreinhardt]

In snmptt.ini (iirc) you should have an unknown exec line. I have not personally done this, but it should work the same. As the name describes, it would only be executed on unknown traps, but can definitely be done.