Watchguard Trap Trouble

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
davide.bonicelli
Posts: 134
Joined: Thu Feb 13, 2014 5:12 am

Watchguard Trap Trouble

Post by davide.bonicelli »

Hi, i've a problem with checking the state of WatchGuard MultiWan, because the only way to do is with the traps, not with SNMP query.
I simulated a problem and checked the nagiosxi logs and i find the 2 trap from the device as aspected: the first for the Down message and the second for the Up message.
But the problem is that the OID it's the same!
The only difference is in the Ent Value 3 but, correct me if i wrong, it's not possibile to configure a check on this..
Any idea?

Code: Select all

Thu Jul 11 16:30:57 2019: Unknown trap (.1.3.6.1.4.1.3097.2.3.0.1) received from 172.30.1.1 at:
Value 0: 172.30.1.1
Value 1: 172.30.1.1
Value 2: 6:15:58:00.75
Value 3: .1.3.6.1.4.1.3097.2.3.0.1
Value 4: 172.30.1.1
Value 5:
Value 6: .1.3.6.1.4.1.3097.2.3
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.3097.2.4.2.0=multi-wan event
Ent Value 1: .1.3.6.1.4.1.3097.2.4.3.0=Thu Jul 11 16:30:57 2019 (CEST)
Ent Value 2: .1.3.6.1.4.1.3097.2.4.5.0=FWL01X002
Ent Value 3: .1.3.6.1.4.1.3097.2.4.6.0=External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0

Code: Select all

Thu Jul 11 16:36:13 2019: Unknown trap (.1.3.6.1.4.1.3097.2.3.0.1) received from 172.30.1.1 at:
Value 0: 172.30.1.1
Value 1: 172.30.1.1
Value 2: 6:16:03:15.29
Value 3: .1.3.6.1.4.1.3097.2.3.0.1
Value 4: 172.30.1.1
Value 5:
Value 6: .1.3.6.1.4.1.3097.2.3
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.3097.2.4.2.0=multi-wan event
Ent Value 1: .1.3.6.1.4.1.3097.2.4.3.0=Thu Jul 11 16:36:12 2019 (CEST)
Ent Value 2: .1.3.6.1.4.1.3097.2.4.5.0=FWL01X002
Ent Value 3: .1.3.6.1.4.1.3097.2.4.6.0=External interface[WAN] is now UP, link 1, ip=192.168.1.2 mask=255.255.255.0
Top
User avatar
tgriep
Madmin
Posts: 9190
Joined: Thu Oct 30, 2014 9:02 am

Re: Watchguard Trap Trouble

Post by tgriep »

To get separate Alerts with the Traps, you would have to create 2 separate trap entries and add a Match state to them. Plus some minor changes.
The Match statement will look at the 3rd value and generate an alert accordingly.

Take a look at the Nagios XI - SNMP Trap Tutorial at this link.
https://support.nagios.com/kb/article/n ... al-77.html

Go to the section "Create Custom Events In SNMPTT" for details on how to setup the separate traps.

Or, if you are using a newer version of XI, you can use this document for the SNMP Trap Interface and the Match statement will go in to the Additional Raw Data field. See page 10.
https://assets.nagios.com/downloads/nag ... h-NXTI.pdf

Before doing the above, you will have to upload the MIB file for the device.
Go to the Admin > Manage MIBs menu, browse for the MIB and check the upload it there.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
davide.bonicelli
Posts: 134
Joined: Thu Feb 13, 2014 5:12 am

Re: Watchguard Trap Trouble

Post by davide.bonicelli »

Thanks Tom, usefull as usual!
I uploaded the mib with trap processing, but in /etc/snmp/snmptt.conf only this line is added

Code: Select all

MIB: WATCHGUARD-SYSTEM-CONFIG-MIB (file:/usr/share/snmp/mibs/WATCHGUARD-SYSTEM-CONFIG-MIB.mib) converted on Mon Jul 15 15:34:41 2019 using snmpttconvertmib v1.4beta2
The file with the OID .1.3.6.1.4.1.3097.2.3.0.1 is this
http://www.circitor.fr/Mibs/Mib/W/WATCH ... IG-MIB.mib

Anyway is it necessary?
also if i define the event in snmptt.conf with the OID?

and for the Match part can i put a line like this

Code: Select all

Match $4: External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0
or is better with the ""

Code: Select all

Match $4: "External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0"
or can i use the* like this:

Code: Select all

Match $4: External interface[WAN] is now DOWN*
Sorry but i haven't found this informations in the web
Top
User avatar
tgriep
Madmin
Posts: 9190
Joined: Thu Oct 30, 2014 9:02 am

Re: Watchguard Trap Trouble

Post by tgriep »

The reason the reason there is only that line in the snmptt.conf file is that the WATCHGUARD-SYSTEM-CONFIG-MIB file requires another MIB file to be loaded first.
If you haven't done so, upload this mib tile first.

Code: Select all

WATCHGUARD-MIB
Remove this line from the snmptt.conf file

Code: Select all

MIB: WATCHGUARD-SYSTEM-CONFIG-MIB (file:/usr/share/snmp/mibs/WATCHGUARD-SYSTEM-CONFIG-MIB.mib) converted on Mon Jul 15 15:34:41 2019 using snmpttconvertmib v1.4beta2
And re-upload the WATCHGUARD-SYSTEM-CONFIG-MIB.mib file so it will add the entries.

Most MIB files load settings from other MIB files.
Open one up and under the IMPORTS section, they usually have the names of the MIBs that have to be loaded first.


For the Match statement, you can use the whole string in the Match statement like the following example.

Code: Select all

Match $4: (External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0)
Or for a partical string, you can use this.

Code: Select all

Match $4: (DOWN)
When using strings, they have to be between the () to be used as a regex to find the data.

See this link.
http://snmptt.sourceforge.net/docs/snmptt.shtml
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”