snmp trap configuration for specific OIDs on remote device

[rhassing]

Are you sure it also sends the traps on a different port?
You do an snmpget on a different port, but that does not mean it sends the traps on this port as well.

Sounds strange to have 1 device sending traps on a different port. All other devices would send it on UDP port 162

[joulsn]

I found the setting to change the listening port for the snmptrapd daemon.
Edit the /etc/snmp/snmptrapd.conf file and add the following line.
TCP:10020

Save the file and restart the snmptrapd daemon by running
service snmptrapd restart
Then check the logs in this folder to see if the server starts to receive the traps in the snmptt.log file
/var/log/snmptt/
If they show up in the snmpttunknown.log file, then the snmptt.conf file needs to be updated with the traps you want to receive.

Could you post your submit_check_result script so we can review it?

Thanks a lot!!!
I changed added port 10020 and restarted the daemon.
I still can't receive the traps. In the snmpttsystem.log it shows that no traps are received.

Code: Select all

//////////////////////SNMPTTSYSTEM.LOG
Wed Feb 24 08:56:59 2016 SNMPTT v1.4 shutdown
Wed Feb 24 08:56:59 2016 Total traps received=0,Total traps translated=0,Total traps ignored=0,Total unknown traps=0
Wed Feb 24 08:58:12 2016 SNMPTT v1.4 started
Wed Feb 24 08:58:12 2016 Loading /etc/snmp/snmptt.conf
Wed Feb 24 08:58:12 2016 Finished loading 104 lines from /etc/snmp/snmptt.conf
Wed Feb 24 08:58:12 2016 Could not convert user id 'snmptt' to a numeric UID

Code: Select all

////////////////////////SUMBIT_CHECK_RESULT
#!/bin/sh

# SUBMIT_CHECK_RESULT
# Written by Ethan Galstad ([email protected])
# Last Modified: 02-18-2002
#
# This script will write a command to the Nagios command
# file to cause Nagios to process a passive service check
# result.  Note: This script is intended to be run on the
# same host that is running Nagios.  If you want to
# submit passive check results from a remote machine, look
# at using the nsca addon.
#
# Arguments:
#  $1 = host_name (Short name of host that the service is
#       associated with)
#  $2 = svc_description (Description of the service)
#  $3 = return_code (An integer that determines the state
#       of the service check, 0=OK, 1=WARNING, 2=CRITICAL,
#       3=UNKNOWN).
#  $4 = plugin_output (A text string that should be used
#       as the plugin output for the service check)
#

echocmd="/bin/echo"

CommandFile="/usr/local/nagios/var/rw/nagios.cmd"

# get the current date/time in seconds since UNIX epoch
datetime=`date +%s`

# create the command line to add to the command file
cmdline="[$datetime] PROCESS_SERVICE_CHECK_RESULT;$1;$2;$3;$4"

# append the command to the end of the command file
`$echocmd $cmdline >> $CommandFile`

Code: Select all

/////////////////// service definition ///////////

define service {
name                            SNMP_TRAP
service_description             SNMP Traps
active_checks_enabled           0       ; Active service checks are enabled
passive_checks_enabled          1       ; Passive service checks are enabled/accepted
parallelize_check               1       ; Active service checks should be parallelized
process_perf_data               0
obsess_over_service             0       ; We should obsess over this service (if necessary)
check_freshness                 0       ; Default is to NOT check service 'freshness'
notifications_enabled           1       ; Service notifications are enabled
event_handler_enabled           1       ; Service event handler is enabled
flap_detection_enabled          1       ; Flap detection is enabled
process_perf_data               1       ; Process performance data
retain_status_information       1       ; Retain status information across program restarts
retain_nonstatus_information    1       ; Retain non-status information across program restarts
check_command                   check-host-alive ; "Event which is generated by O2. The number $*" ; This will be used to reset the service to "OK"
is_volatile                     1
check_period                    24x7
max_check_attempts              1
normal_check_interval           1
retry_check_interval            1
notification_interval           1
notification_period             24x7
notification_options            w,u,c,r
contact_groups                  admins       ; Modify this to match your Nagios contact group definitions
register                        0
}

define service {
use                 SNMP_TRAP
host_name           obelix
service_description SNMP Traps
check_interval      1 ; Don't clear for 2 hours
}

Code: Select all

//////////////////// snmptrapd.conf
disableAuthorization yes
traphandle default /usr/sbin/snmptthandler
TCP:10020

//////////////////////////////////snmptt.conf
#
#
#
#
MIB: NETAVIS-MIB (file:/usr/share/snmp/mibs/NETAVIS-MIB.txt) converted on Wed Feb 24 08:52:15 2016 using snmpttconvertmib v1.3
#
#
#
EVENT o2Event .1.3.6.1.4.1.33687.1.2.0.1 "Status Events" Normal
FORMAT Event which is generated by O2. The number $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result obelix TRAP 0 "Event which is generated by O2. The number $*"
SDESC
Event which is generated by O2. The number
tells the event type and the descriptor its
human-readable content.
-- 1.3.6.1.4.1.33687.1.2.0.1
Variables:
  1: o2EventName
  2: o2EventNumber
  3: o2EventStamp
  4: o2EventCameraID
  5: o2EventCameraName
  6: o2EventUserID
  7: o2EventUserName
  8: o2EventDescription
EDESC
#
#
#
#
MIB: NETAVIS-MIB (file:/usr/share/snmp/mibs/NETAVIS-MIB.txt) converted on Wed Feb 24 08:52:24 2016 using snmpttconvertmib v1.3
#
#
#
EVENT o2Event .1.3.6.1.4.1.33687.1.2.0.1 "Status Events" Normal
FORMAT Event which is generated by O2. The number $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result obelix TRAP 1 "Event which is generated by O2. The number $*"
SDESC
Event which is generated by O2. The number
tells the event type and the descriptor its
human-readable content.
-- 1.3.6.1.4.1.33687.1.2.0.1
Variables:
  1: o2EventName
  2: o2EventNumber
  3: o2EventStamp
  4: o2EventCameraID
  5: o2EventCameraName
  6: o2EventUserID
  7: o2EventUserName
  8: o2EventDescription
EDESC
#
#
#
#
MIB: NETAVIS-MIB (file:/usr/share/snmp/mibs/NETAVIS-MIB.txt) converted on Wed Feb 24 08:52:29 2016 using snmpttconvertmib v1.3
#
#
#
EVENT o2Event .1.3.6.1.4.1.33687.1.2.0.1 "Status Events" Normal
FORMAT Event which is generated by O2. The number $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result obelix TRAP 2 "Event which is generated by O2. The number $*"
SDESC
Event which is generated by O2. The number
tells the event type and the descriptor its
human-readable content.
-- 1.3.6.1.4.1.33687.1.2.0.1
Variables:
  1: o2EventName
  2: o2EventNumber
  3: o2EventStamp
  4: o2EventCameraID
  5: o2EventCameraName
  6: o2EventUserID
  7: o2EventUserName
  8: o2EventDescription
EDESC
#
#
#
#
MIB: NETAVIS-MIB (file:/usr/share/snmp/mibs/NETAVIS-MIB.txt) converted on Wed Feb 24 08:52:33 2016 using snmpttconvertmib v1.3
#
#
#
EVENT o2Event .1.3.6.1.4.1.33687.1.2.0.1 "Status Events" Normal
FORMAT Event which is generated by O2. The number $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result obelix TRAP 3 "Event which is generated by O2. The number $*"
SDESC
Event which is generated by O2. The number
tells the event type and the descriptor its
human-readable content.
-- 1.3.6.1.4.1.33687.1.2.0.1
Variables:
  1: o2EventName
  2: o2EventNumber
  3: o2EventStamp
  4: o2EventCameraID
  5: o2EventCameraName
  6: o2EventUserID
  7: o2EventUserName
  8: o2EventDescription
EDESC

Code: Select all

////////SNMPGET works
[root@NagiosServer snmp]# snmpget -v 1 -c public -O e 10.10.10.74:10020 .1.3.6.1.4.1.33687.1.1.3.1.0
SNMPv2-SMI::enterprises.33687.1.1.3.1.0 = STRING: "MotionDetection"
[root@NagiosServer snmp]#

[ssax]

Let's see what port it's using, run this from the XI server and post the results (once a trap is sent):
- Change X.X.X.X to the device that is sending the traps.

Code: Select all

yum install tcpdump
tcpdump -nni eth0 src X.X.X.X

[joulsn]

Let's see what port it's using, run this from the XI server and post the results (once a trap is sent):
- Change X.X.X.X to the device that is sending the traps.

Code: Select all

yum install tcpdump
tcpdump -nni eth0 src X.X.X.X

it seems that the server receives the traps. somehow nagios doesn't.

# nano /var/log/snmptt/snmpttsystem.log
Thu Feb 25 13:19:14 2016 SNMPTT v1.4 shutdown
Thu Feb 25 13:19:14 2016 Total traps received=0,Total traps translated=0,Total traps ignored=0,Total unknown traps=0
Thu Feb 25 13:19:17 2016 SNMPTT v1.4 started
Thu Feb 25 13:19:17 2016 Loading /etc/snmp/snmptt.conf
Thu Feb 25 13:19:17 2016 Finished loading 104 lines from /etc/snmp/snmptt.conf
Thu Feb 25 13:19:17 2016 Could not convert user id 'snmptt' to a numeric UID


output: everytime i trigger a trap i receive the following message. seems ok.
10.10.10.74 is the remote device
10.10.10.50 is the nagios server

[root@NagiosServer ~]# tcpdump -nni eth0 src 10.10.10.74
12:51:08.112299 IP 10.10.10.74.10020 > 10.10.10.50.162: F=ap U=name [!scoped PDU]6d_26_4d_ae_2b_26_16_4e_1f_56_8e_ec_82_38_8b_a8_62_5a_48_38_26_54_15_ed_24_49_84_b2_cc_80_65_5a_9e_ad_c2_c8_3f_9b_55_4f_a0_22_03_20_ca_e0_bd_61_9d_7e_b0_8a_d7_38_d1_3e_e1_56_7c_ab_70_e3_10_10_47_37_a1_0a_fc_cf_f1_4d_d7_37_17_0d_58_5a_2b_dc_e2_e2_65_0d_d7_74_12_38_b6_26_c8_9f_4e_e1_43_70_10_44_ec_ce_64_51_fe_c4_f9_e5_b9_14_3e_c3_89_3a_00_02_6d_cd_4e_0c_af_3f_26_f0_ed_74_ed_98_b4_8a_20_83_8a_5e_ef_1b_17_d7_bf_d7_54_63_98_4a_5c_b2_8f_c2_36_86_9b_51_3e_43_bf_9e_08_f0_ae_5d_9c_09_1d_6b_a1_d8_3f_a5_78_15_87_e7_5f_f6_fd_bd_2e_0b_59_78_c7_9f_d8_55_ff_e7_61_d8_dc_3d_36_cd_a0_50_7d_50_b9_2b_18_22_de_c9_cf_54_3a_04_9d_71_91_4b_a7_6d_69_e2_a7_73_ac_fd_f5_e0_b1_f3_e6_e3_c0_85_b1_7e_46_d9_0e_46_b2_4a_80_56_07_6c_b1_8b_f1_98_b7_a7_1a_d0_04_76_eb_8c_7f

in the snmptrapd.conf i added the line: TCP:10020.
but this has no effect. the above output (also port of nagios server 162) stays the same.
i always reboot or start services after changes. no effect.

best regards

[rhassing]

12:51:08.112299 IP 10.10.10.74.10020 > 10.10.10.50.162

Says it is sending the snmptrap to port 162, not 10020, so I would change the configuration of the snmptrapd.conf back to original.

Could you please post your new snmptrapd.conf?

[hsmith]

Thanks Rob.

[joulsn]

12:51:08.112299 IP 10.10.10.74.10020 > 10.10.10.50.162

Says it is sending the snmptrap to port 162, not 10020, so I would change the configuration of the snmptrapd.conf back to original.

Could you please post your new snmptrapd.conf?

Hey thank you,
i already tried that but it doesnt make any difference. Here is my snmptrapd.conf file.
I even added the TCP:162 but no changes. Of course i restarted the services and server.

disableAuthorization yes
traphandle default /usr/sbin/snmptthandler


All the best

[tgriep]

Can you login to your Nagios system, run the following and post the output here.

Code: Select all

ps -ef |grep snmp
ls -l /var/log/snmptt/
tail -50 /var/log/snmptt/snmpttunknown.log

[rhassing]

Normally I would do this:

Edit snmptt.ini and change the debug options:

Code: Select all

[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
# 2 - out all messages
DEBUGGING = 1

# Debugging file - SNMPTT
# Location of debugging output file.  Leave blank to default to STDOUT (good for
# standalone mode, or daemon mode without forking)
# DEBUGGING_FILE = 
DEBUGGING_FILE = /var/log/snmptt/snmptt.debug

edit /etc/snmp/snmptrapd.conf to look like this:

Code: Select all

disableAuthorization yes
traphandle default /usr/sbin/snmptt

Edit /etc/init.d/snmptrapd and change

Code: Select all

OPTIONS="-Lsd -p /var/run/snmptrapd.pid"

to:

Code: Select all

OPTIONS="-On -Lsd -p /var/run/snmptrapd.pid"

Than do "tail -f /var/log/messages" and send the trap again. And check the log files in /var/log/snmptt/

[rkennedy]

Thanks @rhassing!

OP let us know if this works.