SNMP Traps

[rajasegar]

Is there any docs on how to configure different type of traps into different services in XI?
The idea is to setup a service assigned to a hostgroup. All traps will go to the particular host and relevant TRAP service instead of all dumped into a single SNMP TRAP service.

Thanks.

[Box293]

We don't have a full document that explains this yet but there are some forum posts that cover it.

The key to it is in the EXEC line.

Have a look at this post I made just recently:
https://support.nagios.com/forum/viewto ... 25#p147925

If the same OID has different data coming in, you can also use a MATCH statement. This means you can have multiple EVENTS for the SAME OID, but based on the match statement it can do different things.

Does this help?

[rajasegar]

We don't have a full document that explains this yet but there are some forum posts that cover it.

The key to it is in the EXEC line.

Have a look at this post I made just recently:
https://support.nagios.com/forum/viewto ... 25#p147925

If the same OID has different data coming in, you can also use a MATCH statement. This means you can have multiple EVENTS for the SAME OID, but based on the match statement it can do different things.

Does this help?

Thanks, will check it out now. Nagios official doc just does not go into details.
I just want to monitor the following traps for all the F5 devices and ignore the rest for the time being.
Any help will be greatly appreciated.

Code: Select all

TRAP NAME
bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10)
bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11)
bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12)
bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13)
bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14)
bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75)
bigipActive (.1.3.6.1.4.1.3375.2.4.0.15)
bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16)
bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17)
bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18)
bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34)
bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76)

[rajasegar]

A simple example with be a great help to figure all this out.

[Box293]

Can you post your /etc/snmp/snmptt.conf file, or at least the sections that contain the traps you just highlighted.

[rajasegar]

Can you post your /etc/snmp/snmptt.conf file, or at least the sections that contain the traps you just highlighted.

I am working on it. Need to get hold of network guys to simulate some event.
Let me test is out first before I engage you with issues.

Thanks

Here is some extract. Every single one is pointing to the same service.

Code: Select all

#
EVENT bigipGtmLeftGroup .1.3.6.1.4.1.3375.2.4.0.74 "Status Events" Normal
FORMAT BIG-IP GTM left sync group.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "BIG-IP GTM left sync group.  $*"
SDESC
BIG-IP GTM left sync group.
Variables:
  1: bigipNotifyObjMsg
EDESC
#
#
#
EVENT bigipStandByFail .1.3.6.1.4.1.3375.2.4.0.75 "Status Events" Normal
FORMAT In failover condition, this standby will not be able to go active.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "In failover condition, this standby will not be able to go active.  $*"
SDESC
In failover condition, this standby will not be able to go active.
Variables:
  1: bigipNotifyObjMsg
EDESC
#
#
#
EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"
SDESC
The TMM has run out of source ports and cannot open new communications channels with other machines.
Variables:
  1: bigipNotifyObjMsg
EDESC

[Box293]

Excellent, this was what I am after.

Take this one for example:

Code: Select all

EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"

I've left off SDESC to EDESC as this is informative only.

In the EXEC line, change "SNMP Traps" to "Port Exhaustion"

Restart the snmptt service.

Now, create a Passive Service in Nagios XI called "Port Exhaustion" and Apply Config. You can just use CCM to duplicate an existing "SNMP Traps" service and change the name to "Port Exhaustion".

This is how this trap will be targeted to this specific service (actually, any host that has a service with this name).

Note: When a trap is received and no service exists, it will appear under Admin > Monitoring Config > Unconfigured Objects. From here you can turn it into a service.

Does that make sense?

[rajasegar]

Excellent, this was what I am after.

Take this one for example:

Code: Select all

EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"

I've left off SDESC to EDESC as this is informative only.

In the EXEC line, change "SNMP Traps" to "Port Exhaustion"

Restart the snmptt service.

Now, create a Passive Service in Nagios XI called "Port Exhaustion" and Apply Config. You can just use CCM to duplicate an existing "SNMP Traps" service and change the name to "Port Exhaustion".

This is how this trap will be targeted to this specific service (actually, any host that has a service with this name).

Note: When a trap is received and no service exists, it will appear under Admin > Monitoring Config > Unconfigured Objects. From here you can turn it into a service.

Does that make sense?

Yes.

So to summarise
1) I just remove the EVENT for the OIDs I am not interested to process. It will end up in the snmpttunknown.log
2) The trap will get processed by the the correct host. I am assuming it will use IP address to match.

Thanks for your help. It does make sense now.

[Box293]

Great.

1) I just remove the EVENT for the OIDs I am not interested to process. It will end up in the snmpttunknown.log

Yes, the whole EVENT includes the EVENT, FORMAT, EXEC and SDESC/EDESC lines.

2) The trap will get processed by the the correct host. I am assuming it will use IP address to match.

Yes, it sends the address using the $r value to Nagios. This can be resolved to a DNS name as well, have a look at the SNMPTT documentation for more info on this.

http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS