SNMP Trap Overload

[maglaubig]

I had a post earlier that was incredibly helpful for me in understanding SNMP Traps and their handling, and my question here relates to it. Here is the link: https://support.nagios.com/forum/viewto ... 16&t=54639

For background, I'm working with an APC PDU to send out traps based on the settings on the device. The idea is to send notifications where a phase of power draws more than X amps, or the PDU draws more than Y kilowatts. It's also capable of banks of outlets as well as individual outlets that could also be in an overload condition.

I had originally thought that there would be separate traps for several different types of alarms, but they're all being sent with more generic trap definitions. From the Powernet428 MIB these are the trap names:

rpduInformationalCondition
rpduInformationalConditionCleared
rpduWarningCondition
rpduWarningConditionCleared
rpduCriticalCondition
rpduCriticalConditionCleared

Here is one of the definitions, they are all effectively the same except for the SEVERITY passed and the OID of the trap:

Code: Select all

rpduInformationalCondition TRAP-TYPE
   ENTERPRISE apc
   VARIABLES { mtrapargsString02, mtrapargsString03, mtrapargsInteger, mtrapargsInteger02, mtrapargsInteger03, mtrapargsString }
   DESCRIPTION
      "INFORMATIONAL: A RPDU informational condition has been detected.
       The first variable is the serial number.
       The second variable is the device name.
       The third variable is the error number.
       The fourth variable is the device number.
       The fifth variable is the instance number.
       The sixth variable is the trap text message."
   --#TYPE "RPDU: Informational condition detected."
   --#SUMMARY "An informational condition has been detected."
   --#SEVERITY INFORMATIONAL
   --#TIMEINDEX 1
   --#HELP ""
   --#HELPTAG 0
   --#STATE OPERATIONAL
   ::= 754

The value in the sixth variable passed back is what differentiates the particular event as a phase number and Amp draw or a phase number and Volts draw or an overall PDU power consumption. Here is an example of what is logged in snmptt.log. I sanitized the IP address and hostname info returned:

Code: Select all

Fri Aug 16 10:11:04 2019 .1.3.6.1.4.1.318.0.752 WARNING "Status Events" IP_ADDRESS - Received trap "rpduWarningCondition" with variables "enterprises.318.2.3.10.0:SERIAL_NUMBER enterprises.318.2.3.11.0:PDU_NAME enterprises.318.2.3.1.0:873595137 enterprises.318.2.3.6.0:1 enterprises.318.2.3.7.0:1 enterprises.318.2.3.3.0:Rack PDU 1: Device near overload."
Fri Aug 16 10:11:19 2019 .1.3.6.1.4.1.318.0.752 WARNING "Status Events" IP_ADDRESS - Received trap "rpduWarningCondition" with variables "enterprises.318.2.3.10.0:SERIAL_NUMBER enterprises.318.2.3.11.0:PDU_NAME enterprises.318.2.3.1.0:874381569 enterprises.318.2.3.6.0:1 enterprises.318.2.3.7.0:1 enterprises.318.2.3.3.0:Rack PDU 1: Bank near overload on bank #1."
Fri Aug 16 10:11:36 2019 .1.3.6.1.4.1.318.0.752 WARNING "Status Events" IP_ADDRESS - Received trap "rpduWarningCondition" with variables "enterprises.318.2.3.10.0:SERIAL_NUMBER enterprises.318.2.3.11.0:PDU_NAME enterprises.318.2.3.1.0:873988353 enterprises.318.2.3.6.0:1 enterprises.318.2.3.7.0:1 enterprises.318.2.3.3.0:Rack PDU 1: Phase near overload on phase #1."
Fri Aug 16 10:11:38 2019 .1.3.6.1.4.1.318.0.752 WARNING "Status Events" IP_ADDRESS - Received trap "rpduWarningCondition" with variables "enterprises.318.2.3.10.0:SERIAL_NUMBER enterprises.318.2.3.11.0:PDU_NAME enterprises.318.2.3.1.0:873988354 enterprises.318.2.3.6.0:1 enterprises.318.2.3.7.0:2 enterprises.318.2.3.3.0:Rack PDU 1: Phase near overload on phase #2."

Is it possible for me to parse the trap and have it apply to different passive checks using the NagiosXI interface? I understand how to manage the different OIDs for the different severity states. I am using the Enterprise edition. I have a feeling that I'm going to be out of luck or will have to create a lot of custom code and am prepared to restrict this alert to only the most important one.

[ssax]

Did you read through these? Please do as they will answer a TON of questions.

https://support.nagios.com/kb/article/n ... al-77.html
https://support.nagios.com/kb/article/n ... i-824.html
https://support.nagios.com/kb/article/s ... s-558.html

Really you would duplicate the trap definition and use a MATCH statement to differentiate them (depending on how you manage them), use this page for all the answers in your journey:

Code: Select all

http://snmptt.sourceforge.net/docs/snmptt.shtml#SNMPTT.CONF-MATCH

[maglaubig]

I've read through all those links, the variables and all that made sense and my plan was to use NXTI for all the config, and I'm not sure I can use NXTI because I did find another forum post and I think this person is doing exactly what I want to do. It appears that NXTI is not usable for this type of config or at least wasn't at the time of the post:

https://support.nagios.com/forum/viewto ... =6&t=51567

Is that still the case?

[cdienger]

You can use NXTI to setup MATCH clauses and don't have to do by editing files. As @ssax pointed out, you would create multiple trap definitions with many of the same settings except the for MATCH configuration to control which trap gets triggered. You'd also want to give the trap definitions different service descriptions to match with XI service definitions. There should be one XI service per unique OID & service description set up in NXTI.

Of the four traps you provided:

Code: Select all

Rack PDU 1: Device near overload
Rack PDU 1: Bank near overload on bank #1
Rack PDU 1: Phase near overload on phase #1
Rack PDU 1: Phase near overload on phase #2

You could create four trap definitions in NXTI, each with a unique service description and MATCH config to look the sixth variable. You would then want to create 4 passive services in XI for each one making sure the service definition matches the one given to the corresponding NXTI trap definition.

[maglaubig]

Geez, talk about not seeing the forest through the trees! When I imported the PowerNet MIB I added all the traps and had only been editing those traps which that import defined. I thought I had to do all of that in a single definition via NXTI since the traps were already defined when I imported the PowerNet MIB, which meant some serious thinking about REGEX and MATCH. It didn't dawn on me I could make the new ones off the same OID since I already had the traps defined in NXTI.

I just have to use a different event name, use the same OID and then use the MATCH parameter as everyone here, other than me, were specifying. Then map them through to the passive service of my choice.

This feels like I was looking for my car keys, had other keys in my hand and said to myself, yeah, these will work because they're keys.

I hope this post helps someone else from a few days worth of needless frustration.

[cdienger]

Glad to help clarify things! SNMP and trap configuration usually takes a bit of time to figure out and you're definitely not the first(or last) to need direction.