Custom Macro's Creation

[vignesha]

Hello Team,

We are sending nagios alerts to ServiceNow through SNMP Trap Sender. We need server type information in the alert i.e (Windows, Linux or Network Device) ServiceNow can filter the server type and send the alert to respective teams.

To do this we require Macro to configure in Nagios and snmptrapsender. But as per Nagios Standard Macro's list there are no Macro for server type information.

i have tried adding the below comments in xi_service_event_handler

/usr/bin/php /usr/local/nagiosxi/scripts/handle_nagioscore_event.php --handler-type=service --host="$HOSTNAME$" --service="$SERVICEDESC$" --hostaddress="$HOSTADDRESS$" --hoststate=$HOSTSTATE$ --hoststateid=$HOSTSTATEID$ --hosteventid=$HOSTEVENTID$ --hostproblemid=$HOSTPROBLEMID$ --servicestate=$SERVICESTATE$ --servicestateid=$SERVICESTATEID$ --lastservicestate=$LASTSERVICESTATE$ --lastservicestateid=$LASTSERVICESTATEID$ --servicestatetype=$SERVICESTATETYPE$ --currentattempt=$SERVICEATTEMPT$ --maxattempts=$MAXSERVICEATTEMPTS$ --serviceeventid=$SERVICEEVENTID$ --serviceproblemid=$SERVICEPROBLEMID$ --serviceoutput="$SERVICEOUTPUT$" --longserviceoutput="$LONGSERVICEOUTPUT$" --servicedowntime="$SERVICEDOWNTIME$" --flavour="$windowsserver$"

Also, i have edited /usr/local/nagiosxi/html/includes/components/snmptrapsender/snmptrapsender.inc.php to send snmp trap to servicenow.

line 533:
$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nHostEvent nHostname s \"%host%\" nHostStateID i %hoststateid% nHostOutput s \"%hostoutput%\" nHostAlias s \"%hostalias%\" s '%flavour%' windowsserver";

line 602:
$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nHostAlias s \"%hostalias%\" s '%flavour%' windowsserver";

output:
......PROCESS EVENT: ID=18107799, SOURCE=2, TYPE=1, TIME=2019-12-12 14:50:34
*** GLOBAL HANDLER...
Array
(
[event_id] => 18107799
[event_source] => 2
[event_type] => 1
[event_time] => 2019-12-12 14:50:34
[event_meta] => Array
(
[handler-type] => service
[host] => test_server
[service] => Inter-connect to WAN - ETHC00120295 - xxxx - xxxxxxxxxx Po Bandwidth
[hostaddress] => xx.xxx.xx.xxxx
[hoststate] => UP
[hoststateid] => 0
[hosteventid] => 6111744
[hostproblemid] => 0
[servicestate] => WARNING
[servicestateid] => 1
[lastservicestate] => OK
[lastservicestateid] => 0
[servicestatetype] => HARD
[currentattempt] => 5
[maxattempts] => 5
[serviceeventid] => 6230091
[serviceproblemid] => 2806840
[serviceoutput] => WARNING - Current BW in: 16.77Mbps Out: 1.26Mbps
[longserviceoutput] =>
[servicedowntime] => 0
[flavour] => $%windowsserver%$
)

[logging_enabled] => 1
)

as per above am getting windows server for all type of server, so I need your help to make correction to define the variable or macro to get all server type like (Windows, Linux, switch, etc..,)

[cdienger]

https://assets.nagios.com/downloads/nag ... iables.pdf has good information on how to set a free(custom) variable and how you can include it in notifications(or in this case the xi_service_event_handler command). Please review and let us know if you have any further questions.

[vignesha]

Hi,

Thanks for your response,

i have tried but it is not working as expected.

I like to call already available variable as xiwizard and its providing the information as (windows, linux, etc..,), could you help me out to define the same variable in "xi_service_notification_handler" command and SNMPTRAP command as well. PFB SS am looking to defin a variable.

[vignesha]

PFB attachement.

[cdienger]

The command should look like:

Code: Select all

/usr/bin/php /usr/local/nagiosxi/scripts/handle_nagioscore_event.php --handler-type=service --host="$HOSTNAME$" --service="$SERVICEDESC$" --hostaddress="$HOSTADDRESS$" --hoststate=$HOSTSTATE$ --hoststateid=$HOSTSTATEID$ --hosteventid=$HOSTEVENTID$ --hostproblemid=$HOSTPROBLEMID$ --servicestate=$SERVICESTATE$ --servicestateid=$SERVICESTATEID$ --lastservicestate=$LASTSERVICESTATE$ --lastservicestateid=$LASTSERVICESTATEID$ --servicestatetype=$SERVICESTATETYPE$ --currentattempt=$SERVICEATTEMPT$ --maxattempts=$MAXSERVICEATTEMPTS$ --serviceeventid=$SERVICEEVENTID$ --serviceproblemid=$SERVICEPROBLEMID$ --serviceoutput="$SERVICEOUTPUT$" --longserviceoutput="$LONGSERVICEOUTPUT$" --servicedowntime="$SERVICEDOWNTIME$" --flavour="$_SERVICExiwizard$"

The trap command would then look like:

Code: Select all

$service_trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcFlavour s \"%flavour%\"";

and the nSvcEvent in NAGIOS-NOTIFY-MIB.txt would need to be updated to look like:

Code: Select all

nSvcEvent  NOTIFICATION-TYPE
  OBJECTS { nHostname, nHostStateID, nSvcDesc, nSvcStateID, nSvcAttempt,
            nSvcDurationSec, nSvcGroupName, nSvcLastCheck, nSvcLastChange,
            nSvcOutput, nSvcFlavour }
  STATUS  current
  DESCRIPTION
    "The SNMP trap that is generated as a result of an event with the service
    in Nagios."
  ::= { nagiosNotify 7 }

[vignesha]

Hi,

Thanks for your reply,

i have made the changes and checked but still issues remais same, data not reflecting as(windows, linux, etc..,)

PFB output and SS for the same.

[root@XXXXXXXXX snmptrapsender]# cat snmptrapsender.inc.php | grep -i '$service_trap_command'
$service_trap_command = "/usr/bin/snmptrap -v 2c -c public 192.168.5.4 '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nSvcXiWizard s \"%service_xiwizard%\" nSvcFlavour s \"%flavour%\"";
=========================================
*** GLOBAL HANDLER...
Array
(
[event_id] => 18132169
[event_source] => 2
[event_type] => 1
[event_time] => 2019-12-16 13:24:06
[event_meta] => Array
(
[handler-type] => service
[host] => xxxxxxxxxxx
[service] => Inter-connect to WAN - xxxx - xxxx - xxx-xxx-xx Po Bandwidth
[hostaddress] => xx.xxx.xx.xxx
[hoststate] => UP
[hoststateid] => 0
[hosteventid] => 6111744
[hostproblemid] => 0
[servicestate] => OK
[servicestateid] => 0
[lastservicestate] => CRITICAL
[lastservicestateid] => 2
[servicestatetype] => SOFT
[currentattempt] => 3
[maxattempts] => 5
[serviceeventid] => 6247580
[serviceproblemid] => 2815439
[serviceoutput] => OK - Current BW in: 10.26Mbps Out: 1.30Mbps
[longserviceoutput] =>
[servicedowntime] => 0
[flavour] => $
)

[logging_enabled] => 1
)
*** GLOBAL HANDLER (snmptrapsender)...
Array
(
[event_id] => 18132251
[event_source] => 2
[event_type] => 1
[event_time] => 2019-12-16 13:53:13
[event_meta] => Array
(
[handler-type] => service
[host] => xxxxxxxxxx
[service] => IIB Broker Status
[hostaddress] => xx.xxx.xxx.xx
[hoststate] => UP
[hoststateid] => 0
[hosteventid] => 5965715
[hostproblemid] => 0
[servicestate] => OK
[servicestateid] => 0
[lastservicestate] => CRITICAL
[lastservicestateid] => 2
[servicestatetype] => SOFT
[currentattempt] => 3
[maxattempts] => 5
[serviceeventid] => 6247641
[serviceproblemid] => 2815484
[serviceoutput] => OK - no errors or warnings
[longserviceoutput] =>
[servicedowntime] => 0
[flavour] => $
)

[logging_enabled] => 1
)

[cdienger]

Typo on my end. The command should use uppercase and look like:

Code: Select all

/usr/bin/php /usr/local/nagiosxi/scripts/handle_nagioscore_event.php --handler-type=service --host="$HOSTNAME$" --service="$SERVICEDESC$" --hostaddress="$HOSTADDRESS$" --hoststate=$HOSTSTATE$ --hoststateid=$HOSTSTATEID$ --hosteventid=$HOSTEVENTID$ --hostproblemid=$HOSTPROBLEMID$ --servicestate=$SERVICESTATE$ --servicestateid=$SERVICESTATEID$ --lastservicestate=$LASTSERVICESTATE$ --lastservicestateid=$LASTSERVICESTATEID$ --servicestatetype=$SERVICESTATETYPE$ --currentattempt=$SERVICEATTEMPT$ --maxattempts=$MAXSERVICEATTEMPTS$ --serviceeventid=$SERVICEEVENTID$ --serviceproblemid=$SERVICEPROBLEMID$ --serviceoutput="$SERVICEOUTPUT$" --longserviceoutput="$LONGSERVICEOUTPUT$" --servicedowntime=$SERVICEDOWNTIME$ --flavour="$_SERVICEXIWIZARD$"

I've also attached a copy of my modify NAGIOS-NOTIFY-MIB.

And here are my trap commands for the service events:

Code: Select all

$trap_command = "/usr/bin/snmptrap -v 3 $engineid_string -u $username -a $authproto -A $authpassword -x $privproto -X $privacypassword $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nHostAlias s \"%hostalias%\" nSvcFlavour s \"%flavour%\"";
                    } elseif ($snmpversion == "2c") {
$trap_command = "/usr/bin/snmptrap -v 2c -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nHostAlias s \"%hostalias%\" nSvcFlavour s \"%flavour%\"";
                    } elseif ($snmpversion == "1") {
$trap_command = "/usr/bin/snmptrap -v 1 -c $community $tcp$address$port '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s \"%host%\" nSvcDesc s \"%service%\" nSvcStateID i %servicestateid% nSvcOutput s \"%serviceoutput%\" nHostAlias s \"%hostalias%\" nSvcFlavour s \%flavour%\"";
                    }

[vignesha]

Hi Cdienger,

I have made the changes as you mentioned below,

Also i have monitored closely and found that am able to see the SNMPTRAP alerts in nagios server but the same not reflecting in Servicenow end, so i have just removed nSvcFlavour s \"%flavour%\" variable and tried SNMPTRAP are sending to Servicenow end.

From the below output i able to see few errors after i have made the changes, PFB SNMPTRAP output

After:

*** GLOBAL HANDLER (snmptrapsender)...
Array
(
[event_id] => 18152738
[event_source] => 2
[event_type] => 1
[event_time] => 2019-12-20 12:53:48
[event_meta] => Array
(
[handler-type] => service
[host] => xxxxxxxxx
[service] => CPU Usage
[hostaddress] => xx.xxx.xxx.xx
[hoststate] => UP
[hoststateid] => 0
[hosteventid] => 6209621
[hostproblemid] => 0
[servicestate] => OK
[servicestateid] => 0
[lastservicestate] => WARNING
[lastservicestateid] => 1
[servicestatetype] => HARD
[currentattempt] => 5
[maxattempts] => 5
[serviceeventid] => 6262135
[serviceproblemid] => 2822617
[serviceoutput] => CPU Load 56% (5 min average)
[longserviceoutput] =>
[servicedowntime] => 0
[flavour] => windowsserver
)

[logging_enabled] => 1
)
PROCESSING:
Array
(
[address] => xx.xxx.xxx.xx
[port] => 9030
[hoststateid] => 0
[servicestateid] => 0
[statetype] => HARD
[downtime] => 1
[snmpversion] => 2c
[community] => xxxxx
)
PHP Notice: Undefined index: contact in /usr/local/nagiosxi/html/includes/utils-notifications.inc.php on line 0
PHP Notice: Undefined variable: _SESSION in /usr/local/nagiosxi/html/includes/utils-users.inc.php on line 1944
RUNNING COMMAND: /usr/bin/snmptrap -v 2c -c xxxxx xx.xxx.xxx.xx:9030 '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s "xxxxxxx" nSvcDesc s "CPU Usage" nSvcStateID i 0 nSvcOutput s "CPU Load 56% (5 min average)" nHostAlias s "xxxxxxx" nSvcFlavour s "windowsserver"
No log handling enabled - turning on stderr logging
nSvcFlavour: Unknown Object Identifier (Sub-id not found: (top) -> nSvcFlavour)
.....
##################################

Before:

*** GLOBAL HANDLER (snmptrapsender)...
Array
(
[event_id] => 18152771
[event_source] => 2
[event_type] => 1
[event_time] => 2019-12-20 13:02:43
[event_meta] => Array
(
[handler-type] => service
[host] => xxxxxxxxxxx
[service] => CPU Usage
[hostaddress] => xx.xxx.xxx.xx
[hoststate] => UP
[hoststateid] => 0
[hosteventid] => 6209621
[hostproblemid] => 0
[servicestate] => WARNING
[servicestateid] => 1
[lastservicestate] => WARNING
[lastservicestateid] => 1
[servicestatetype] => HARD
[currentattempt] => 5
[maxattempts] => 5
[serviceeventid] => 6262141
[serviceproblemid] => 2822626
[serviceoutput] => CPU Load 92% (5 min average)
[longserviceoutput] =>
[servicedowntime] => 0
)

[logging_enabled] => 1
)
PROCESSING:
Array
(
[address] => xx.xxx.xxx.xx
[port] => 9030
[hoststateid] => 0
[servicestateid] => 0
[statetype] => HARD
[downtime] => 1
[snmpversion] => 2c
[community] => xxxxx
)
PHP Notice: Undefined index: contact in /usr/local/nagiosxi/html/includes/utils-notifications.inc.php on line 0
PHP Notice: Undefined variable: _SESSION in /usr/local/nagiosxi/html/includes/utils-users.inc.php on line 1944
RUNNING COMMAND: /usr/bin/snmptrap -v 2c -c xxxxx xx.xxx.xxx.xx:9030 '' NAGIOS-NOTIFY-MIB::nSvcEvent nSvcHostname s "xxxxxxx" nSvcDesc s "CPU Usage" nSvcStateID i 1 nSvcOutput s "CPU Load 92% (5 min average)" nHostAlias s "xxxxxxx"

[ssax]

Please revert the MIB to what you had before.

First, update your commands to use:

Code: Select all

--flavour="$_SERVICEXIWIZARD$"

Here's what I do:

Don't use nNewName and use a free OID from the MIB:

Code: Select all

[root@xid snmptrapsender]# snmptranslate -Tz -m /usr/share/snmp/mibs/NAGIOS-NOTIFY-MIB.txt
"org"                   "1.3"
"dod"                   "1.3.6"
"internet"                      "1.3.6.1"
"directory"                     "1.3.6.1.1"
"mgmt"                  "1.3.6.1.2"
"mib-2"                 "1.3.6.1.2.1"
"transmission"                  "1.3.6.1.2.1.10"
"experimental"                  "1.3.6.1.3"
"private"                       "1.3.6.1.4"
"enterprises"                   "1.3.6.1.4.1"
"nagios"                        "1.3.6.1.4.1.20006"
"nagiosNotify"                  "1.3.6.1.4.1.20006.1"
"nagiosHostEventTable"                  "1.3.6.1.4.1.20006.1.1"
"nagiosHostEventEntry"                  "1.3.6.1.4.1.20006.1.1.1"
"nHostEventIndex"                       "1.3.6.1.4.1.20006.1.1.1.1"
"nHostname"                     "1.3.6.1.4.1.20006.1.1.1.2"
"nHostAlias"                    "1.3.6.1.4.1.20006.1.1.1.3"
"nHostStateID"                  "1.3.6.1.4.1.20006.1.1.1.4"
"nHostStateType"                        "1.3.6.1.4.1.20006.1.1.1.5"
"nHostAttempt"                  "1.3.6.1.4.1.20006.1.1.1.6"
"nHostDurationSec"                      "1.3.6.1.4.1.20006.1.1.1.7"
"nHostGroupName"                        "1.3.6.1.4.1.20006.1.1.1.8"
"nHostLastCheck"                        "1.3.6.1.4.1.20006.1.1.1.9"
"nHostLastChange"                       "1.3.6.1.4.1.20006.1.1.1.10"
"nHostLastUp"                   "1.3.6.1.4.1.20006.1.1.1.11"
"nHostLastDown"                 "1.3.6.1.4.1.20006.1.1.1.12"
"nHostLastUnreachable"                  "1.3.6.1.4.1.20006.1.1.1.13"
"nHostOutput"                   "1.3.6.1.4.1.20006.1.1.1.14"
"nHostPerfData"                 "1.3.6.1.4.1.20006.1.1.1.15"
"nagiosHostNotifyTable"                 "1.3.6.1.4.1.20006.1.2"
"nagiosHostNotifyEntry"                 "1.3.6.1.4.1.20006.1.2.1"
"nHostNotifyType"                       "1.3.6.1.4.1.20006.1.2.1.1"
"nHostNotifyNum"                        "1.3.6.1.4.1.20006.1.2.1.2"
"nHostAckAuthor"                        "1.3.6.1.4.1.20006.1.2.1.3"
"nHostAckComment"                       "1.3.6.1.4.1.20006.1.2.1.4"
"nagiosSvcEventTable"                   "1.3.6.1.4.1.20006.1.3"
"nagiosSvcEventEntry"                   "1.3.6.1.4.1.20006.1.3.1"
"nSvcEventIndex"                        "1.3.6.1.4.1.20006.1.3.1.1"
"nSvcHostname"                  "1.3.6.1.4.1.20006.1.3.1.2"
"nSvcHostAlias"                 "1.3.6.1.4.1.20006.1.3.1.3"
"nSvcHostStateID"                       "1.3.6.1.4.1.20006.1.3.1.4"
"nSvcHostStateType"                     "1.3.6.1.4.1.20006.1.3.1.5"
"nSvcDesc"                      "1.3.6.1.4.1.20006.1.3.1.6"
"nSvcStateID"                   "1.3.6.1.4.1.20006.1.3.1.7"
"nSvcAttempt"                   "1.3.6.1.4.1.20006.1.3.1.8"
"nSvcDurationSec"                       "1.3.6.1.4.1.20006.1.3.1.9"
"nSvcGroupName"                 "1.3.6.1.4.1.20006.1.3.1.10"
"nSvcLastCheck"                 "1.3.6.1.4.1.20006.1.3.1.11"
"nSvcLastChange"                        "1.3.6.1.4.1.20006.1.3.1.12"
"nSvcLastOK"                    "1.3.6.1.4.1.20006.1.3.1.13"
"nSvcLastWarn"                  "1.3.6.1.4.1.20006.1.3.1.14"
"nSvcLastCrit"                  "1.3.6.1.4.1.20006.1.3.1.15"
"nSvcLastUnkn"                  "1.3.6.1.4.1.20006.1.3.1.16"
"nSvcOutput"                    "1.3.6.1.4.1.20006.1.3.1.17"
"nSvcPerfData"                  "1.3.6.1.4.1.20006.1.3.1.18"
"nagiosSvcNotifyTable"                  "1.3.6.1.4.1.20006.1.4"
"nagiosSvcNotifyEntry"                  "1.3.6.1.4.1.20006.1.4.1"
"nSvcNotifyType"                        "1.3.6.1.4.1.20006.1.4.1.1"
"nSvcNotifyNum"                 "1.3.6.1.4.1.20006.1.4.1.2"
"nSvcAckAuthor"                 "1.3.6.1.4.1.20006.1.4.1.3"
"nSvcAckComment"                        "1.3.6.1.4.1.20006.1.4.1.4"
"nHostEvent"                    "1.3.6.1.4.1.20006.1.5"
"nHostNotify"                   "1.3.6.1.4.1.20006.1.6"
"nSvcEvent"                     "1.3.6.1.4.1.20006.1.7"
"nSvcNotify"                    "1.3.6.1.4.1.20006.1.8"
"security"                      "1.3.6.1.5"
"snmpV2"                        "1.3.6.1.6"
"snmpDomains"                   "1.3.6.1.6.1"
"snmpProxys"                    "1.3.6.1.6.2"
"snmpModules"                   "1.3.6.1.6.3"
"zeroDotZero"                   "0.0"

For example, just modify the host one like this:

"nHostPerfData" "1.3.6.1.4.1.20006.1.1.1.15"
"nSvcPerfData" "1.3.6.1.4.1.20006.1.3.1.18"

So add this to the Host Trap Command in the snmptrapsender.inc.php

Code: Select all

... 1.3.6.1.4.1.20006.1.1.1.9999 s \"%flavour%\"";

For the Service:

Code: Select all

... 1.3.6.1.4.1.20006.1.3.1.9999 s \"%flavour%\"";

The MIB won't be able to translate but it's included.

What I'm trying to do is prevent you from modifying the MIB file to something we won't have a copy of. Leave MIBs alone unless you wrote them is my take on it otherwise you now have a custom system that may not survive an updated to the MIB file (if we do at some point).