SNMP Traps Nagios XI

[chrisbooth]

I'm running the following command from a client to the nagios server:
snmptrap -v 2c -c public 10.252.32.68 '' linkDown ifDescr s eth0 ifAdminStatus i 2 ifOperStatus i 2

which is received by the nagios server as i see it in the logs:
/var/log/snmptt/snmptt
Thu Dec 8 11:21:07 2016 linkDown Normal "Status Events" 10.105.0.65 - Link down on interface eth0. Admin state: down. Operational state: down

but my nagios service check shows:
OK: TRAP RESET

so i'm not sure if i'm missing a step

..also, nothing is showing in the Unconfigured Objects

[bwallace]

What is logged in...
/usr/local/nagios/var/nagios.log

Is your set up like this?

Client <---- Nagios XI (1) SNMP Sender Server ---> Nagios XI (2) Receiver Server

As outlined here https://support.nagios.com/kb/article.php?id=77

If so, on which XI server do you see "OK: TRAP RESET" ?

[chrisbooth]

no i just have one NagiosXI server which i want the traps to be sent directly to and the processed and displayed in Nagios.

i hope that's what you're asking?

[ssax]

The problem is usually because of the entries added to /etc/snmp/snmptt.conf by default, please edit your /etc/snmp/snmptt.conf file and remove these entries from the top:

Code: Select all

#
#
#
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT Device reinitialized (coldStart)
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (coldStart)"
SDESC
A coldStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself and that its
configuration may have been altered.
EDESC
#
#
#
EVENT warmStart .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT Device reinitialized (warmStart)
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (warmStart)"
SDESC
A warmStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself such that its
configuration is unaltered.
EDESC
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
FORMAT Link down on interface $1.  Admin state: $2.  Operational state: $3
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1.  Admin state: $2.  Operational state: $3"
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state).  This other state is indicated by the included value
of ifOperStatus.
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT Link up on interface $1.  Admin state: $2.  Operational state: $3
#EXEC qpage -f TRAP notifygroup1 "Link up on interface $1.  Admin state: $2.  Operational state: $3"
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state).  This other state is indicated by the
included value of ifOperStatus.
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Status Events" Normal
FORMAT SNMP athentication failure
#EXEC qpage -f TRAP notifygroup1 "SNMP authentication failure"
SDESC
An authenticationFailure trap signifies that the SNMPv2
entity, acting in an agent role, has received a protocol
message that is not properly authenticated.  While all
implementations of the SNMPv2 must be capable of generating
this trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.
EDESC

Then run these commands:

Code: Select all

addmib /usr/share/snmp/mibs/SNMPv2-MIB.txt
addmib /usr/share/snmp/mibs/IF-MIB.txt
service snmptt restart

Then try it again and see which log file it goes into in /var/log/snmptt/.


Thank you

[chrisbooth]

I ran this on the nagios vm itself

Code: Select all

snmptrap -v 2c -c public 10.252.32.68 '' linkDown ifDescr s eth0 ifAdminStatus i 2 ifOperStatus i 2

Code: Select all

root@localhost(~):cat /var/log/snmptt/snmptt.log
Tue Dec 13 14:42:42 2016 linkDown Normal "Status Events" 10.252.32.68 - A linkDown trap signifies that the SNMP entity, acting in eth0 down down

they now show up in the Unconfigured Objects and i can then configure them

what i'm not sure about is why they come back as OK even when i'd like it to be critical

i assume my snmptrap command is correct.

can someone give me some examples of snmptraps that would be either warning or critical?

[gormank]

Try going to admin, SNMP Trap Translation and look for linkDown and the string "A linkDown trap signifies that the SNMP entity."
See if the trap is translated to an ok.

OK: TRAP RESET is the output of check_dummy, which is what gets executed if you run the trap check manually. All it does is clear any active trap. The trap check is passive and should never be scheduled to run. It just waits for traps.

[chrisbooth]

Code: Select all

snmptrap -v 2c -c public 10.252.32.68 '' linkDown ifDescr s eth0 ifAdminStatus i 2 ifOperStatus i 2

here's the updated config

Screen Shot 2016-12-13 at 20.55.31.png

here's the received trap

Screen Shot 2016-12-13 at 20.55.18.png

[tmcdonald]

Did you make sure to run service snmptt restart after making the changes on the web page? It's not specified in the page but on the Exchange link below it states this is needed:

https://exchange.nagios.org/directory/A ... ge/details