snmptt not expanding the mib variables properly

[Box293]

Excellent information provided, your configurations appear correct.

I have some more tests for you to run.

First stop SNMPTT

Code: Select all

service stop snmptt

Send those five traps again you sent previously

The will now be spooled here:

Code: Select all

/var/spool/snmptt/

Create a tar.gz of these files:

Code: Select all

tar -pczf /tmp/spooled_traps.tar.gz /var/spool/snmptt/

Send us this file:

Code: Select all

/tmp/spooled_traps.tar.gz

Please bare with us while we work through this, SNMP gets tricky at times.

[tbyrne]

Here are the files you requested.

[Box293]

Great, after playing around I understand what your problem is and I have a solution.

What is going on is this, in Nagios you are seeing something like:

Code: Select all

sbdBagageStatus: device name - test-device, Connection status - 2, bagage status - 2 SQNI Raw: raw2 / enterprises.881.4.3.10.1.1.1.2 ():test-device enterprises.881.4.3.10.1.1.1.3 ():2 enterprises.881.4.3.10.1.1.1.11 ():2 enterprises.881.4.3.10.1.1.1.9 ():

Now this is happening because of the EXEC string:

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "sbdBagageStatus: device name - $1, Connection status - $2, bagage status - $3 SQNI Raw: $4"

Specifically:

Code: Select all

$-*

Which is this:

Code: Select all

enterprises.881.4.3.10.1.1.1.2 ():test-device enterprises.881.4.3.10.1.1.1.3 ():2 enterprises.881.4.3.10.1.1.1.11 ():2 enterprises.881.4.3.10.1.1.1.9 ():

snmptraphandling.py accepts the following format:

Code: Select all

<HOST> <SERVICE> <SEVERITY> <TIME> <PERFDATA> <DATA>

So $-* is being sent as the perfdata.

What is $-* ?

The SNMPTT Documentation says:

$-* - Expand all variable-bindings in the format of variable name (variable type):value (see Note 2,3,5)

So basically you don't want this sent through. Simply change your EXEC line to:

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "sbdBagageStatus: device name - $1, Connection status - $2, bagage status - $3 SQNI Raw: $4"

Now you are sending NO perfdata, but we still need to send nothing so we need the quotes "".

Restart snmptt and send another trap and you'll get something like:

Code: Select all

sbdBagageStatus: device name - test-device, Connection status - 1, bagage status - 1 SQNI Raw: raw1 /

One last thing you'll notice the / at the end. This is normally supposed to separate the "data" from the "performance data". Seeing as we're not sending any performance data then we don't need that /. A while ago I update the snmptraphandling.py script to fix this, please find attached.

snmptraphandling.zip

Once you replace the snmptraphandling.py script in /usr/local/bin/ you'll get the output:

Code: Select all

sbdBagageStatus: device name - test-device, Connection status - 1, bagage status - 1 SQNI Raw: raw1

I have previously reported this as a Feature Request and it is marked as being resolved and will be added in a future release, I'm just not sure when:
http://tracker.nagios.com/view.php?id=604

[tbyrne]

Box293,

I was finally able to test out your changes.

I still have the same issue. The first trap message shows up correctly and each additional trap message with new integer values shows the same data as the first trap. I only see the new changes when I restart the snmptt service. and again its only the first trap message shows correctly.

Regards,

[Box293]

Can you please do the following and post the results:

Code: Select all

snmptt --version
snmptrapd --version
ps -aef | grep snmp | grep -v grep

The first trap message shows up correctly and each additional trap message with new integer values shows the same data as the first trap. I only see the new changes when I restart the snmptt service. and again its only the first trap message shows correctly.

Can you please give us some screenshots of this. I want to see the first correct message, then the next message that shows the same data. Then also show us what the real values should be ... how do you know the value is coming through correctly or incorrectly?.

[tbyrne]

I use a mib browser tool, from iReasoning to send traps to my Nagios server. That way I can know exactly what I should be receiving.

The system I am testing on is a virtual image I downloaded from Nagios, modified with my mib files and configuration changes. So the snmptt and snmptrad versions should be what are on the released image.

I typically just increment the integer values for each mib starting from 1 - to the last and check the /var/log/snmptt/snmptt.log and snmpttunknown.log I will attach the trap sender image in next post. limited to 3 per post.

[tbyrne]

trap sender screen shot

[Box293]

Thanks for the screenshots, very helpful.

But I am confused. As per your screenshot that shows the snmptraphanding.py being executed, each time the value is different i.e. raw1, raw2, raw3 etc etc

From what I can see here, the value is changing each time.

The first trap message shows up correctly and each additional trap message with new integer values shows the same data as the first trap. I only see the new changes when I restart the snmptt service. and again its only the first trap message shows correctly.

Can you point out in your screenshots how the data is the same. I see it changing i.e. raw1, raw2, raw3 etc etc

When you say the first trap shows us correctly, I assume you mean in the Nagios XI interface. Please provide a screenshot of the Nagios XI Interface with the same data each time.

[tbyrne]

Box293,

The raw data is just String data and that always shows properly, I change it to show that its a new trap message, its the Integer values that should be translated to the corresponding string values from the MIB that do not show properly. If I send a 1 for CommState for the first test after snmptt reset I get "unknown", if I send a 2 for CommState for the second test after snmptt reset I still see "unknown" where I should see "OK", for the third test I send 3 for CommState and I should see "error", I still see "unknown".

After I restart snmptt and I send a 2 for CommState, I will see "OK" in the message, I then send a 3 for CommState and I will see "OK".

I tried sending different trap messages to see if switching between messages would cause the proper translation but it did not work.

[Box293]

If you have paid support, I would like to handle this using our ticketing system. We can perform a remote session to get to the root of the problem.

Send an email to [email protected] referencing this forum thread.

Otherwise let me know and we'll keep diagnosing here.