No files found under /var/spool/snmptt
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
No files found under /var/spool/snmptt
Hi Guys,
I am new to the forum and this is my first post. I am trying to configure SNMP Traps for Fortigate ( mainly VPN up/Down) using a Centos Nagios Core server. I am able to see the trap being received by the Nagios server using tcpdump. However, nothing happens after that. I do not see any spool files created under /var/spool/snmptt ( after stoppong the snmptt service ).
Folder permissions -
drwxrwxr-x 2 snmptt snmptt 6 Jan 30 17:25 /var/spool/snmptt
drwxrwxr-x 2 snmptt snmptt 102 Jan 31 10:43 /var/log/snmptt
drwxr-xr-x. 2 root nagios 108 Jan 31 10:46 /etc/snmp/
-rw------- 1 root root 18861 Oct 30 19:52 /etc/snmp/snmpd.conf
-rw------- 1 root nagios 288 Jan 31 10:13 /etc/snmp/snmptrapd.conf
-rw-r--r-- 1 root nagios 30703 Jan 30 17:54 /etc/snmp/snmptt.conf
-rw-r--r-- 1 root nagios 26294 Jan 30 17:38 /etc/snmp/snmptt.ini
Have attached my snmptrapd.conf and snmptt.ini files as well.
Would really appreciate some help. Thank you ..
I am new to the forum and this is my first post. I am trying to configure SNMP Traps for Fortigate ( mainly VPN up/Down) using a Centos Nagios Core server. I am able to see the trap being received by the Nagios server using tcpdump. However, nothing happens after that. I do not see any spool files created under /var/spool/snmptt ( after stoppong the snmptt service ).
Folder permissions -
drwxrwxr-x 2 snmptt snmptt 6 Jan 30 17:25 /var/spool/snmptt
drwxrwxr-x 2 snmptt snmptt 102 Jan 31 10:43 /var/log/snmptt
drwxr-xr-x. 2 root nagios 108 Jan 31 10:46 /etc/snmp/
-rw------- 1 root root 18861 Oct 30 19:52 /etc/snmp/snmpd.conf
-rw------- 1 root nagios 288 Jan 31 10:13 /etc/snmp/snmptrapd.conf
-rw-r--r-- 1 root nagios 30703 Jan 30 17:54 /etc/snmp/snmptt.conf
-rw-r--r-- 1 root nagios 26294 Jan 30 17:38 /etc/snmp/snmptt.ini
Have attached my snmptrapd.conf and snmptt.ini files as well.
Would really appreciate some help. Thank you ..
- Attachments
-
- snmptt_ini.txt
- (26.24 KiB) Downloaded 170 times
-
- snmptrapd.conf.txt
- (296 Bytes) Downloaded 177 times
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: No files found under /var/spool/snmptt
Have you looked for errors in the /var/log/snmptt/ logs?
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
Re: No files found under /var/spool/snmptt
Thank you scott for the reply.
I just got it to work about 5 min back. Port 162 was not explicitly allowed in the iptables. Once I edited the firewall, snmptt spool files were being created and translated
snmptt.log snippet
Thu Jan 31 12:31:46 2019 enterprises.12356.101.2.0.301 Normal "Status Events"
However, now that I can see that the traps are being translated , I am not sure why I am not receiving the notifications. Would you have any ideas regarding this. Sorry if its unrelated to the original post.
I just got it to work about 5 min back. Port 162 was not explicitly allowed in the iptables. Once I edited the firewall, snmptt spool files were being created and translated
snmptt.log snippet
Thu Jan 31 12:31:46 2019 enterprises.12356.101.2.0.301 Normal "Status Events"
However, now that I can see that the traps are being translated , I am not sure why I am not receiving the notifications. Would you have any ideas regarding this. Sorry if its unrelated to the original post.
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
Re: No files found under /var/spool/snmptt
I tried executing the submit_check_result commad from the snmptt.conf file on the command line. I got the below error:
/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result: line 36: /usr/local/nagios/var/rw/nagios.cmd: No such file or directory
The issue is that the nagios.cmd on my server is at a different location > /var/nagios/rw/nagios.cmd
Can I just copy the nagios.cmd file to the location referenced in the script?
/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
/usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result: line 36: /usr/local/nagios/var/rw/nagios.cmd: No such file or directory
The issue is that the nagios.cmd on my server is at a different location > /var/nagios/rw/nagios.cmd
Can I just copy the nagios.cmd file to the location referenced in the script?
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: No files found under /var/spool/snmptt
No, this is a command pipe created by nagios.shineyroman wrote:Can I just copy the nagios.cmd file to the location referenced in the script?
You need to change the location in the file that is calling it, in your /etc/snmp/snmptt.conf you would would have an EXEC line such as
Code: Select all
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A topologyChange trap is sent by a bridge when any of $*"
In your case it is likely /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result that would be edited
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
Re: No files found under /var/spool/snmptt
Thank you Scott
I have edited the submit_check_result to point to the location of the nagios.cmd file
echocmd="/bin/echo"
CommandFile="/var/nagios/rw/nagios.cmd"
The command now runs from the CLI without any error. However, the notifications are still not being generated when the traps are received.
Is there any way to check that the exec command within the snmptt.conf is executed correctly.
Or any other checks that I have to do to ensure that notifications are send. Would it be a problem if the host name of the Fortigate on the nagios server and the name received via the SNMP trap is not identical i.e name defined on nagios server under hosts vs the FGT name send in SNMP Trap
I have also attached the service definitions.
I have edited the submit_check_result to point to the location of the nagios.cmd file
echocmd="/bin/echo"
CommandFile="/var/nagios/rw/nagios.cmd"
The command now runs from the CLI without any error. However, the notifications are still not being generated when the traps are received.
Is there any way to check that the exec command within the snmptt.conf is executed correctly.
Or any other checks that I have to do to ensure that notifications are send. Would it be a problem if the host name of the Fortigate on the nagios server and the name received via the SNMP trap is not identical i.e name defined on nagios server under hosts vs the FGT name send in SNMP Trap
I have also attached the service definitions.
- Attachments
-
- services definition.txt
- (3.77 KiB) Downloaded 155 times
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: No files found under /var/spool/snmptt
Can you share your EXEC line?
Can you also attach your submit_check_result script?
Can you finally, look in the nagios.log and see if there is any errors about the host/service not being found?
Can you also attach your submit_check_result script?
Can you finally, look in the nagios.log and see if there is any errors about the host/service not being found?
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
Re: No files found under /var/spool/snmptt
Hi Scott,
I have attached the sumit_check_result command.
Please find the EXEC commands below:
EVENT fgTrapVpnTunUp .1.3.6.1.4.1.12356.101.2.0.301 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
EVENT fgTrapVpnTunDown .1.3.6.1.4.1.12356.101.2.0.302 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
SDESC
The nagios.log seems to be empty:
locate nagios.log
/usr/src/nagios-4.3.2/t/var/nagios.log
cat ls -lrt /usr/src/nagios-4.3.2/t/var/nagios.log
-rw-r--r--. 1 root root 0 Jul 6 2017 /usr/src/nagios-4.3.2/t/var/nagios.log
Thank you for all your help. Really appreciate it.
I have attached the sumit_check_result command.
Please find the EXEC commands below:
EVENT fgTrapVpnTunUp .1.3.6.1.4.1.12356.101.2.0.301 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
EVENT fgTrapVpnTunDown .1.3.6.1.4.1.12356.101.2.0.302 "Status Events" Normal
FORMAT $*
EXEC /usr/src/nagios-4.3.2/contrib/eventhandlers/submit_check_result $r TRAP 2 "$*"
SDESC
The nagios.log seems to be empty:
locate nagios.log
/usr/src/nagios-4.3.2/t/var/nagios.log
cat ls -lrt /usr/src/nagios-4.3.2/t/var/nagios.log
-rw-r--r--. 1 root root 0 Jul 6 2017 /usr/src/nagios-4.3.2/t/var/nagios.log
Thank you for all your help. Really appreciate it.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: No files found under /var/spool/snmptt
the attachment was missingshineyroman wrote:I have attached the sumit_check_result command.
That doesn't seem correct at all, if nagios is running ok, there is a log.shineyroman wrote:The nagios.log seems to be empty:
look for the log location in your nagios.cfg
-
- Posts: 16
- Joined: Wed Mar 28, 2018 11:26 am
Re: No files found under /var/spool/snmptt
Apologies, attaching the file.
Meanwhile will check nagios.cfg
Meanwhile will check nagios.cfg
- Attachments
-
- submit_check_result.txt
- (1.18 KiB) Downloaded 173 times