Traps delivered to Nagios from device but not shown in GUI

[nms]

Hi,

I have installed successfully "NagiosXI-SNMPTrap-setup.sh" and started off by testing traps to the local host (thus excluding firewall rules).
At this stage, all's well with SNMP Traps wizard setup and trap successfully visible in the GUI.
My test were made of sending this test trap from the local host itself:

Code: Select all

snmptrap -v 2c -c <community> 10.192.4.20 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

I could then see it nice and clear:

2019-03-07_1306.png

After that, I tested on a remote Linux machine (the one I need the traps for). I made sure that access is granted by the firewall for UDP port 162.
This proved to be correct as when testing using the same snmptrap command from the remote host, I could see the trap coming into the nagios server from the tcpdump command.

2019-03-07_1309.png

The issue I have is that the trap is not visible in the snmpttunknown.log, nor visible in nagios.log, and thus I don't see it in the GUI, still "Waiting for Trap..."

How can I rectify the issue?

Nagios version is 5.4.13 running on CentOS 6.10.

[cdienger]

Also check the /var/log/snmptt/snmptt.log and /var/log/messages after sending the trap from the remote machine. Did you add the check for the remote host using unconfigured objects(Admin > Monitoring > Config > Unconfigured Objects)?

[nms]

Hi,

None of these log files contain the test trap, quite strange. Only the tcpdump is confirming that somehow the trap is reaching nagios.

As of for unconfigured objects, this was checked many times, but none listed.

Rgds,

[cdienger]

Can you provide a copy of /etc/snmp/snmptt.conf and the output of iptables -L?

[nms]

Hello,

Here they are:

The rule has been set up automatically by the script.

Code: Select all

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:snmptrap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

snmptt.conf attached. The test snmptrap definition is also setup (last one in the conf)

Thanks

[npolovenko]

@nms, Can you show us the output of:

ps -ef |grep snmp

Also, please upload snmptt.ini and snmptt.conf configs in this thread:

/etc/snmp/snmptt.conf
/etc/snmp/snmptt.ini

[nms]

Hi,

Please find below snmptt process. ini and conf file attached

Code: Select all

ps -ef |grep snmp
root      2236     1  0 Mar06 ?        00:02:47 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid
root     13825 23633  0 20:26 pts/0    00:00:00 grep snmp
root     27668     1  0 20:02 ?        00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon
snmptt   27669 27668  0 20:02 ?        00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon

Thank you

[npolovenko]

@nms, TCP dump can process packets before they get captured by the firewall. I suggest turning off the firewall completely and sending the trap to the Nagios server. Then check the logs one more time.

/var/log/snmptt/snmptt.log
/var/log/snmptt/snmpttunknown.log

[nms]

Hi,

apologies for a late reply.

The tcpdump is captured directly on the nagios XI server.
The scenario is semding traps from:

"remote server (am1-int-hlr01-p_p-nwops)" ---> "FW" ---> "NagiosXI (10.192.4.20)"

2019-03-25_1619.png

As you can see above the Nagios server is successfully receiving the trap but somehow it's not being translated, hence there is no firewall issue.

Again I have checked the snmpttunknown.log file but could not find any entry.

The test I'm using is sending this command from the remote server:

Code: Select all

snmptrap -v 2c -c <community-string> 10.192.4.20 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

Rgds,

[ssax]

Please run this command and PM one of us the resulting /tmp/SNMPFILES.zip file:

Code: Select all

zip -r /tmp/SNMPFILES.zip /etc/snmp /var/log/snmptt

Thank you