SNMP Traps issue

[inas.labib]

Hi ,

We use NagiosXI 5.2.2 .
Configured SNMP Traps and uploaded proper MIBS. MIBs uploaded succesfully.
Below are the traps we received and the alert in nagios GUI is still showing "OK:Trap reset"


/var/log/snmptt/snmptt.log :
Wed Dec 9 19:08:37 2015 .1.3.6.1.4.1.26543.2.7.1.7.0.63 Normal "Status Events" switch1 - A swValidLogout trap signifies that a user logout has occured. vipin(admin) connection closed
from Telnet/SSH switch1 (null) (null)

Wed Dec 9 19:09:24 2015 .1.3.6.1.4.1.26543.2.7.1.7.0.19 Normal "Status Events" switch1 - A swLoginFailure trap signifies that someone failed to enter a Failed login attempt via SSH (host
x.x.x.x , user prasanna) switch1 (null) (null)


# snmptt -v
SNMPTT v1.4beta2
(c) 2002-2007 Alex Burger
http://snmptt.sourceforge.net


Attached snmptt.ini and /etc/snmp/snmptt.conf with this.
Please assist.

[gormank]

Do you have traps from the host in /var/log/messages and /var/log/snmptt/snmptt.log?
Check Admin, Monitoring Config, Unconfigured Objects to see if they are showing up there.

Snmptrapd gets the traps 1st, and hands them off to snmptt. Both log in messages.
Traps are logged in /var/log/messages by snmptrapd
Traps processed are in /var/log/snmptt/snmptt.log
Traps with no MIB are in /var/log/snmptt/snmpttunknown.log

grep authenticationFailure /var/log/messages /var/log/snmptt/snmptt.log

[rkennedy]

Thanks @gormank!

@inas.labib can you let us know what the results are from @gormank's post?

[gormank]

That was pretty much me repeating what I was told in another post by support folks. It was truth

[inas.labib]

Hi ,

Thanks for the response.

1) I have traps in both /var/log/messages and /var/log/snmptt/snmptt.log.

2) As suggested i checked "Unconfigured Objects ", the traps were showing there and I added it. Now its showing the traps in the GUI .
When I manually add the switch and traps via "Core config Wizard" , its not showing any result. Please assist.
Attahced the screenshot for reference.

3) No results for below

[root@Nagiosserver ~]# grep authenticationFailure /var/log/messages
[root@Nagiosserver ~]# grep authenticationFailure /var/log/snmptt/snmptt.log
[root@Nagiosserver ~]#


Thanks,
Prasanna

[ssax]

The hostname in XI and the hostname in the trap need to be identical, are you're not seeing anything in Unconfigured Objects for that one?

Are you seeing anything in your /var/log/snmp/snmpttunknown.log?

Are we still dealing with the same trap you posted or another one?

[inas.labib]

Hi ,
Thanks for the response. I modified the host name without fqdn and am able to receive the traps.

[tmcdonald]

Great to hear! Are we all set to close this up?

[inas.labib]

Hi ,

What is the use of "community string " in snmp traps ?
While enabling traps from network devices , it was asking the community string, does it necessary in nagios passive check ?
Where I can mention/modify my own community string in nagios xi?

Kindly assist.

Thanks,

[rkennedy]

The community string is similar to a password, and is sent with every request. Sometimes, the default SNMP community is 'public', but you should be able to change it somewhere on your device.

Depending on the device, it may or may not require a community string. Do you have one set?

To modify the community value that you send for a check, use the -C parameter with check_snmp.