SNMPTrapSender Trap config to include additional OIDs

[robinagios]

Hi,

We have configured Nagios XI to send out SNMP traps for all passive check events. Currently, by default only 4 OID fields() are being sent in the trap as below:

RUNNING COMMAND: /usr/bin/snmptrap -v 2c -c public <trapRecieverHost>:<port> '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s "<hostname>" nSvcDesc s "RBSA SGA Data Buffer Hit Ratio" nSvcStateID i 0 nSvcOutput s "OK - SGA data buffer hit ratio 100.00%"


We can see that there are at least 10 fields in the MIB as below:

nSvcEvent NOTIFICATION-TYPE
OBJECTS { nHostname, nHostStateID, nSvcDesc, nSvcStateID, nSvcAttempt,
nSvcDurationSec, nSvcGroupName, nSvcLastCheck, nSvcLastChange,
nSvcOutput }
STATUS current
DESCRIPTION
"The SNMP trap that is generated as a result of an event with the service
in Nagios."
::= { nagiosNotify 7 }


How can we include a few of these in the trap sender command?
Could you please provide us the procedure to include more fields in the SNMP traps?

[tgriep]

The following are some instructions that shows how to add sending of the Hostgroup information in the SNMPTrapSender component.
You can use this as a template to add the fields you want.

What you have to to is edit the component and also add the hostgroupnames entries in the NAGIOS-NOTIFY-MIB.txt file you have to import in to the device that is receiving the traps.

First, edit this file on the Nagios server

Code: Select all

/usr/local/nagiosxi/html/includes/components/snmptrapsender/snmptrapsender.inc.php

Change this line from

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nHostEvent nHostname s \"%host%\" nHostStateID i %hoststateid% nHostOutput s \"%hostoutput%\"";

to

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nHostEvent nHostname s \"%host%\" nHostStateID i %hoststateid% nHostOutput s \"%hostoutput%\" nHostHostgroupnames s \"%hostgroupnames%\"";

Then change this line from

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\"";

to

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcHostgroupnames s \"%hostgroupnames%\"";

Save the file.

Next you need to add these entries to the NAGIOS-NOTIFY-MIB.txt that is uploaded to the device.
The one you edit is located in this folder

Code: Select all

/usr/local/nagiosxi/html/includes/components/snmptrapsender/mibs

And after the changes, copy the file to this folder

Code: Select all

/usr/share/snmp/mibs/

Edit the NAGIOS-NOTIFY-MIB.txt and change the following from

Code: Select all

HostEventEntry ::= SEQUENCE {
  nHostEventIndex    Integer32,
  nHostname          OCTET STRING,
  nHostAlias         OCTET STRING,
  nHostStateID       HostStateID,
  nHostStateType     HostStateType,
  nHostAttempt       Integer32,
  nHostDurationSec   Integer32,
  nHostGroupName     OCTET STRING,
  nHostLastCheck     Integer32,
  nHostLastChange    Integer32, 
  nHostLastUp        Integer32,
  nHostLastDown      Integer32,
  nHostLastUnreachable Integer32,
  nHostOutput        OCTET STRING,
  nHostPerfData      OCTET STRING
  }

to

Code: Select all

HostEventEntry ::= SEQUENCE {
  nHostEventIndex    Integer32,
  nHostname          OCTET STRING,
  nHostAlias         OCTET STRING,
  nHostStateID       HostStateID,
  nHostStateType     HostStateType,
  nHostAttempt       Integer32,
  nHostDurationSec   Integer32,
  nHostGroupName     OCTET STRING,
  nHostLastCheck     Integer32,
  nHostLastChange    Integer32, 
  nHostLastUp        Integer32,
  nHostLastDown      Integer32,
  nHostLastUnreachable Integer32,
  nHostOutput        OCTET STRING,
  nHostPerfData      OCTET STRING
  nHostHostgroupnames    OCTET STRING
  }

That added the "nHostHostgroupnames OCTET STRING" line.
Next you need to add the OID for that entry
Add the following

Code: Select all

nHostHostgroupnames OBJECT-TYPE  
  SYNTAX     OCTET STRING
  MAX-ACCESS read-only  
  STATUS     current  
  DESCRIPTION
    "This object contains The Hostgroups the Host is in."
  ::= { nagiosHostEventEntry 16 }

Under this line

Code: Select all

::= { nagiosHostEventEntry 15 }

Next change this from

Code: Select all

SvcEventEntry ::= SEQUENCE {
  nSvcEventIndex    Integer32,
  nSvcHostname      OCTET STRING,
  nSvcHostAlias     OCTET STRING,
  nSvcHostStateID   HostStateID,
  nSvcHostStateType HostStateType,
  nSvcDesc          OCTET STRING,
  nSvcStateID       ServiceStateID,
  nSvcAttempt       Integer32,
  nSvcDurationSec   Integer32,
  nSvcGroupName     OCTET STRING,
  nSvcLastCheck     Integer32,
  nSvcLastChange    Integer32,
  nSvcLastOK        Integer32,
  nSvcLastWarn      Integer32,
  nSvcLastCrit      Integer32,
  nSvcLastUnkn      Integer32,
  nSvcOutput        OCTET STRING,
  nSvcPerfData      OCTET STRING
  }

to

Code: Select all

SvcEventEntry ::= SEQUENCE {
  nSvcEventIndex    Integer32,
  nSvcHostname      OCTET STRING,
  nSvcHostAlias     OCTET STRING,
  nSvcHostStateID   HostStateID,
  nSvcHostStateType HostStateType,
  nSvcDesc          OCTET STRING,
  nSvcStateID       ServiceStateID,
  nSvcAttempt       Integer32,
  nSvcDurationSec   Integer32,
  nSvcGroupName     OCTET STRING,
  nSvcLastCheck     Integer32,
  nSvcLastChange    Integer32,
  nSvcLastOK        Integer32,
  nSvcLastWarn      Integer32,
  nSvcLastCrit      Integer32,
  nSvcLastUnkn      Integer32,
  nSvcOutput        OCTET STRING,
  nSvcPerfData      OCTET STRING
  nSvcHostgroupnames      OCTET STRING
  }

That added the "nSvcHostgroupnames OCTET STRING" line.
Next you need to add the OID for that entry
Add the following

Code: Select all

nSvcHostgroupnames      OBJECT-TYPE
  SYNTAX          OCTET STRING
  MAX-ACCESS      read-only  
  STATUS          current       
  DESCRIPTION
    "This object contains the Hostgroup the Host associated to this service."
  ::= { nagiosSvcEventEntry 19 }

under this line

Code: Select all

::= { nagiosSvcEventEntry 18 }

Save the file and over write the copy in the /usr/share/snmp/mibs/ folder.

Then, you will have to import that MIB file to your device that is receiving the Traps and you should start to see the Hostgroupnames in the trap.

Now, if the host is not in a hostgroup, this will be sent in the trap, %hostgroupnames%, an empty macro. You may want to add some code to not send it if the hostgroupnames macro is empty.

[robinagios]

Thanks for the detailed response....Will try it out!

[robinagios]

Thanks @tgriep. That worked.

But now we are facing one more issue here. We are getting below error:
nSvcLastCheck: Value out of range (%servicelastcheck%)

the "nSvcEvent" notification has the following def in the MIB:

nSvcEvent NOTIFICATION-TYPE
OBJECTS { nHostname, nHostStateID, nSvcDesc, nSvcStateID, nSvcAttempt,
nSvcDurationSec, nSvcGroupName, nSvcLastCheck, nSvcLastChange,
nSvcOutput }

from our logs we found this to be the event-meta:

Code: Select all

[event_meta] => Array
        (
            [handler-type] => service
            [host] => <ip address goes here>
            [service] => RBSA SGA Data Buffer Hit Ratio
            [hostaddress] => <ip address goes here>
            [hoststate] => UP
            [hoststateid] => 0
            [hosteventid] => 0
            [hostproblemid] => 0
            [servicestate] => OK
            [servicestateid] => 0
            [lastservicestate] => CRITICAL
            [lastservicestateid] => 2
            [servicestatetype] => HARD
            [currentattempt] => 1
            [maxattempts] => 5
            [serviceeventid] => 4992
            [serviceproblemid] => 0
            [serviceoutput] => OK - SGA data buffer hit ratio 100.00%
            [longserviceoutput] =>
            [servicedowntime] => 0
        )

nSvcLastCheck and nSvcLastChange are missing in the meta. What are we supposed to give as the value in the below command to send the trap:

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcHostStateID i %hoststateid% nSvcAttempt i %currentattempt% nSvcDurationSec i %servicedowntime% nSvcGroupName s \"%servicegroupname%\" nSvcLastCheck i %servicelastcheck% nSvcLastChange i %servicelastchange%";

Note: The code for SNMPTrap sender and the MIB used are all Default and out-of the box. No other changes have been made except for the $trap_command".

[tgriep]

The name of the macros should be

Code: Select all

%LASTSERVICECHECK%

This is a timestamp in time_t format (seconds since the UNIX epoch) indicating the time at which a check of the service was last performed.

and

Code: Select all

$LASTSERVICESTATECHANGE%

This is a timestamp in time_t format (seconds since the UNIX epoch) indicating the time the service last changed state.

in the $trap_command so replace the %servicelastcheck% and the %servicelastchange% with the above macros and the command should work for you.

[robinagios]

The command is still NOT WORKING!!

After changing the code as you suggested, we are getting below log with error:
RUNNING COMMAND: /usr/bin/snmptrap -v 2c -c public <IP_ADDRESS> '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s "" nSvcHostStateID i 0 nSvcDesc s "RBSB SGA Library Cache Hit Ratio" nSvcStateID i 2 nSvcAttempt i 1 nSvcDurationSec i 0 nSvcGroupName s "%servicegroupname%" nSvcLastCheck i %LASTSERVICECHECK% nSvcLastChange i %LASTSERVICESTATECHANGE% nSvcOutput s "CRITICAL - SGA library cache (get) hit ratio 59.90%"
No log handling enabled - turning on stderr logging
nSvcLastCheck: Value out of range (%LASTSERVICECHECK%)

The above error holds good for "LASTSERVICESTATECHANGE" macro also.


I even tried changing the type to timeticks from integer32 in the mib and code since it was mentioned time_t in the def , but then I got below error. I then reverted back to integer32 :
RUNNING COMMAND: /usr/bin/snmptrap -v 2c -c public <IP_ADDRESS> '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s "<IP_ADDRESS>" nSvcHostStateID i 0 nSvcDesc s "RBSB Roll Header Contention" nSvcStateID i 0 nSvcAttempt i 1 nSvcDurationSec i 0 nSvcGroupName s "%servicegroupname%" nSvcLastCheck time_t %LASTSERVICECHECK% nSvcLastChange time_t %LASTSERVICESTATECHANGE% nSvcOutput s "OK - Rollback segment header contention is 0.00%"
No log handling enabled - turning on stderr logging
nSvcLastCheck: Bad value notation (%LASTSERVICECHECK%)

what might be causing the error? Please help

[tgriep]

Since the time is formated in epoch time, the type should be set to UNSIGNED in the snmptrap command. That relates to the letter u.
Change the command to the following.

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcHostStateID i %hoststateid% nSvcAttempt i %currentattempt% nSvcDurationSec i %servicedowntime% nSvcGroupName s \"%servicegroupname%\" nSvcLastCheck u %LASTSERVICECHECK% nSvcLastChange u $LASTSERVICESTATECHANGE%";

For more details on the format of the types in the command, see this link
http://www.net-snmp.org/docs/man/snmptrap.html

[robinagios]

STILL NOT WORKING!!

I changed the command as you suggested and also changed the type to Unsigned32 in the MIB, but the issue still persists. Find the error received below.

nSvcLastCheck: Bad value notation (%LASTSERVICECHECK%)

I even tried changing the command to:

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcHostStateID i %hoststateid% nSvcAttempt i %currentattempt% nSvcDurationSec i %servicedowntime% nSvcGroupName s \"%servicegroupname%\" nSvcLastCheck t %LASTSERVICECHECK% nSvcLastChange t $LASTSERVICESTATECHANGE%";

but with no luck as I got the same error as mentioned above.

A doubt I have here (if you don't mind answering as I am a noob) is that, shouldn't the type be timeticks since the fields in question are both epoch date values?

Please help!! We are closing in on the deadline for fixing this now

[tgriep]

I tested the command from the command line an using i as the type (integer) worked, the command sent the data without any errors.
It also worked in the command defined in the snmptrapsender.inc.php file.
The problem was I had a typo in the command. I put a $ in where the % should of been in the LASTSERVICESTATECHANGE macro. Sorry about that.
Fix that and also to be consistent, type the macros in lower case.


One more thing, the Macros have to be added to the EventHandlers so they will available to the snmptrapsender.inc.php script.
The example is for the Service Event Handler. You would have to do the same for the Host Event Handler.

Go to the Core Config Manager > Commands menu.
Edit the xi_service_event_handler command

Change the Command Line from

Code: Select all

/usr/bin/php /usr/local/nagiosxi/scripts/handle_nagioscore_event.php --handler-type=service --host="$HOSTNAME$" --service="$SERVICEDESC$" --hostaddress="$HOSTADDRESS$" --hoststate=$HOSTSTATE$ --hoststateid=$HOSTSTATEID$ --hosteventid=$HOSTEVENTID$ --hostproblemid=$HOSTPROBLEMID$ --servicestate=$SERVICESTATE$ --servicestateid=$SERVICESTATEID$ --lastservicestate=$LASTSERVICESTATE$ --lastservicestateid=$LASTSERVICESTATEID$ --servicestatetype=$SERVICESTATETYPE$ --currentattempt=$SERVICEATTEMPT$ --maxattempts=$MAXSERVICEATTEMPTS$ --serviceeventid=$SERVICEEVENTID$ --serviceproblemid=$SERVICEPROBLEMID$ --serviceoutput="$SERVICEOUTPUT$" --longserviceoutput="$LONGSERVICEOUTPUT$"

to

Code: Select all

/usr/bin/php /usr/local/nagiosxi/scripts/handle_nagioscore_event.php --handler-type=service --host="$HOSTNAME$" --service="$SERVICEDESC$" --hostaddress="$HOSTADDRESS$" --hoststate=$HOSTSTATE$ --hoststateid=$HOSTSTATEID$ --hosteventid=$HOSTEVENTID$ --hostproblemid=$HOSTPROBLEMID$ --servicestate=$SERVICESTATE$ --servicestateid=$SERVICESTATEID$ --lastservicestate=$LASTSERVICESTATE$ --lastservicestateid=$LASTSERVICESTATEID$ --servicestatetype=$SERVICESTATETYPE$ --currentattempt=$SERVICEATTEMPT$ --maxattempts=$MAXSERVICEATTEMPTS$ --serviceeventid=$SERVICEEVENTID$ --serviceproblemid=$SERVICEPROBLEMID$ --serviceoutput="$SERVICEOUTPUT$" --longserviceoutput="$LONGSERVICEOUTPUT$" --lastservicecheck="$LASTSERVICECHECK$" --lastservicestatechange="$LASTSERVICESTATECHANGE$"

Save it and Apply the Config.

Let me know if it works or not.

[robinagios]

Thanks a ton @tgriep . It's working now!!!

After editing the command line in the event handlers it started working. Once again thanks for the help.

Further can u please let us know where we can find the different macros available