modifying domain name of received SNMP traps

[mvndnburg]

Hi,

We're running:

Nagios XI Version : 5.4.0
Red Hat Enterprise Linux Server release 6.8 (Santiago)


I have set up passive checks and SNMP trap handling and this works fine with 'tweaked' test messages. However, in the 'real' SNMP traps the FQHN of the sending host differs from the host name as it is defined in Nagios. This is caused by different network interfaces (to different VLANs) having different host names.

In other words: Nagios knows the host as aaa.mgt.domain.biz but the traps are sent from aaa.domain.biz. I know that I can strip the domain name, in snmptt.ini but that is not what I am looking for here.

Is there a way to tweak the domain name and add '.mgt' to the hostname, in the received trap?

[SteveBeauchemin]

I use a bit of snmptt...

The Doc here http://snmptt.sourceforge.net/docs/snmp ... CONF-REGEX
will get you some good examples of using Regular Expressions.

You just need to match and play back the new data.

Something like this maybe?

Code: Select all

REGEX (Hostname: (\w+).domain.biz)(Hostname: $1.mgt.domain.biz)

The \w+ should match more than one letter I think? Kinda doing this off the cuff.
Below is the same thing with lines split to help clarify. So you have REGEX, then Input to Regex, and Output from Regex
You have something in one Parenthesis to evaluate, the Second Parenthesis is the result.

Code: Select all

REGEX 
(Hostname: (\w+).domain.biz)
(Hostname: $1.mgt.domain.biz)

Basically, whatever is in the () becomes $1. If you have 3 () then you get $1 $2 $3

Without seeing your actual snmptt definition. Just add a REGEX after the FORMAT or EXEC before SDESC

Steve B

[dwhitfield]

Thanks again Steve!

If you need more information on SNMP, there's a ton of it at https://support.nagios.com/kb/category.php?id=14 , but please do let us know if you need additional help.

[mvndnburg]

I use a bit of snmptt...

The Doc here http://snmptt.sourceforge.net/docs/snmp ... CONF-REGEX
will get you some good examples of using Regular Expressions.

[snip]

Thanks for the tip, Steve!
Perl for the win. As always.

[dwhitfield]

@mvndnburg, it sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!

[mvndnburg]

The issue has been resolved and the proposed solution works like a charm.
You can go ahead and close the thread.

For posterity, this is what I did in the imported /processed MIB:

Code: Select all

EVENT hawkAgentDeadTrap .1.3.6.1.4.1.2000.1.0.2 "Status Events" Major
FORMAT Hawk agent on $1 is dead
EXEC /usr/local/bin/snmptraphandling.py "$1" "SNMP Traps" "Major" "$@" "" "Hawk agent dead"
# include the 'mgt' in the TIBCO host name, if it's not there yet.
REGEX ((\w+\d+).domain.biz)($1.mgt.domain.biz)
SDESC
This trap is sent to announce the loss of a Hawk agent.
Variables:
  1: hawkAgentHostName
  2: hawkAgentHostDNSName
  3: hawkAgentHostIP
  4: hawkAgentAlertState
  5: hawkAlertEventType
EDESC