Hello
For some reason all the traps we are receiving are with normal serverity, do you have an idea what may cause this?
For example ( from /var/log/snmptt/snmptt.log):
Wed Dec 18 11:19:18 2019 .1.3.6.1.4.1.9148.3.8.6.3.0.1 Normal "Status Events" somehostname - The notification will be generated whenever a trap is received from devices managed by NNC or a trap is generated by NNC server its self. 2679 SessionAgent SessionAgent.oraclesdm;IPaddress;Hostname=somehostname 1 Wed Dec 18 11:19:18 EET 2019 4 1 SA HostName = somehostname. SA IP Address = IPAddress. SA Status = inservice. SA Status Reason = inservice. apNNCItuX733AdditionalInformationIdentifier = 1. apNNCItuX733AdditionalInformationIndicator = 2. apNNCItuX733AdditionalInformationInformation = sourceHostTargetName = somehostname.
The sending system classifies this as critical, but for Nagios is just normal, so no alarm is sent out.
We have several systems sending but always the severity for each event is normal.
Thank you.
snmp trap serverity
Re: snmp trap serverity
Have any of the systems' events ever registered as critical, or are these systems new in the monitoring environment?
The events need to be defined as critical in /etc/snmp/snmptt.conf. Have you modified this file? More information can be found here,
https://support.nagios.com/kb/article/n ... al-77.html
The events need to be defined as critical in /etc/snmp/snmptt.conf. Have you modified this file? More information can be found here,
https://support.nagios.com/kb/article/n ... al-77.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: snmp trap serverity
No, all the systems so far have only generated normal status events. My question is that the sending system classifies the alarms as critical, if i look at the /etc/snmp/snmptt.conf file the same alert with same oid is classified as NORMAL. How are the severity level generated to the /etc/snmp/snmptt.conf file, are they taken from the MIB file that corresponds to the oid?
Yes, currently i can go and change the /etc/snmp/snmptt.conf file and tell that the output should be CRITICAL but what happends to the rest of the traps i currently i have no knowledge of and they appear only when a problem occurs. Then i will not know about the event because it will processed as NORMAL and no alarm is sent out.
Yes, currently i can go and change the /etc/snmp/snmptt.conf file and tell that the output should be CRITICAL but what happends to the rest of the traps i currently i have no knowledge of and they appear only when a problem occurs. Then i will not know about the event because it will processed as NORMAL and no alarm is sent out.
Re: snmp trap serverity
No, the entries in snmptt.conf treat everything as normal until it is otherwise matched and defined. Unfortunately we can't auto associate the severity of the SNMP trap to a Nagios severity, because the SNMP trap severity isn't standardized. Sometimes it's a string like NORMAL/WARNING/CRITICAL, and sometimes it's a number 0-6, but even when it's a number, it's not 0=normal, 6=critical. It varies from manufacturer to manufacturer.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: snmp trap serverity
Ok, good to know. Is it possible in that case to send alarm out on each trap sent to specific host, even if they are with NORMAL status?
Re: snmp trap serverity
Are you using Admin > SNMP Trap Interface or manually managing them in the /etc/snmp/snmptt.conf or /etc/snmp/snmptt.conf.nxti? (please be specific)
If you are using Admin > SNMP Trap Interface, you should be able to click the Defined Traps tab, edit the trap, and change the Severity from Parse to what you want it set to.
Otherwise, you would need to adjust the trap definition like so:
- Actually, don't modify the /etc/snmp/snmptt.conf.nxti by hand, use the web interface as it will cause issues
For /etc/snmp/snmptt.conf.nxti (from):
EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Normal
To:
EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Critical
For /etc/snmp/snmptt.conf (from):
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal
To:
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical
See here for advanced manipulation features:
http://snmptt.sourceforge.net/docs/snmp ... ile-format
See here for all the related KB articles for this:
If you are using Admin > SNMP Trap Interface, you should be able to click the Defined Traps tab, edit the trap, and change the Severity from Parse to what you want it set to.
Otherwise, you would need to adjust the trap definition like so:
- Actually, don't modify the /etc/snmp/snmptt.conf.nxti by hand, use the web interface as it will cause issues
For /etc/snmp/snmptt.conf.nxti (from):
EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Normal
To:
EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Critical
For /etc/snmp/snmptt.conf (from):
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal
To:
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical
See here for advanced manipulation features:
http://snmptt.sourceforge.net/docs/snmp ... ile-format
See here for all the related KB articles for this:
Code: Select all
https://support.nagios.com/kb/article/nagios-xi-how-to-integrate-snmp-traps-with-nagios-xi-232.html
https://support.nagios.com/kb/article/nagios-xi-snmp-trap-tutorial-77.html
https://support.nagios.com/kb/article/snmp-traps-understanding-trap-variables-558.html
https://support.nagios.com/kb/article/nagios-xi-snmp-traps-with-nxti-824.html
https://support.nagios.com/kb/article/nagios-xi-how-snmp-works-a-quick-guide-841.html
https://support.nagios.com/kb/article/snmp-trap-how-to-send-a-test-trap-493.html
https://support.nagios.com/kb/article/nagios-xi-sending-snmp-traps-270.html
https://support.nagios.com/kb/article/nagios-xi-manage-mibs-architecture-73.htmlRe: snmp trap serverity
Im not using Admin > SNMP Trap Interface at all. Im using configuration wizard and snmp traps service wizard. I see the traps coming in after service is created but all with NORMAL status.
Under Admin > SNMP Trap Interface has no traps defined or any traps received.
Not clear to me:
1) How should i change the events status? Change manually the status under /etc/snmp/snmptt.conf?
2) When i receive traps at the moment with NORMAL status for nagios, but sender classifies as CRITICAL, can i send email out on a trap even if it is with NORMAL status? Else i will have no knowledge of traps coming in that i need to changes from NORMAL -> CRITICAL in nagios side.
Under Admin > SNMP Trap Interface has no traps defined or any traps received.
Not clear to me:
1) How should i change the events status? Change manually the status under /etc/snmp/snmptt.conf?
2) When i receive traps at the moment with NORMAL status for nagios, but sender classifies as CRITICAL, can i send email out on a trap even if it is with NORMAL status? Else i will have no knowledge of traps coming in that i need to changes from NORMAL -> CRITICAL in nagios side.
Re: snmp trap serverity
If you are seeing the traps in your XI web interface that means someone already set it up for you and now you need to adjust them to what you want.
First, check here for defined traps:
Admin > SNMP Trap Interface
If you don't see any there, run this command (as root) and send me the resulting /tmp/SNMPFILES.zip file:
More than likely, if you do not see any defined in Admin > SNMP Trap Interface you will need to do this:
As an example, edit your /etc/snmp/snmptt.conf (from):
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal
To:
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical
See here for advanced manipulation features:
http://snmptt.sourceforge.net/docs/snmp ... ile-format
If you are finally absolutely sure you're manually managing things through /etc/snmp/snmptt.conf then you can use this as well for a web based utility:
Which can be uploaded from Admin > Manage Components.
First, check here for defined traps:
Admin > SNMP Trap Interface
If you don't see any there, run this command (as root) and send me the resulting /tmp/SNMPFILES.zip file:
Code: Select all
zip -r /tmp/SNMPFILES.zip /etc/snmp /usr/share/snmp/mibsAs an example, edit your /etc/snmp/snmptt.conf (from):
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal
To:
EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical
See here for advanced manipulation features:
http://snmptt.sourceforge.net/docs/snmp ... ile-format
If you are finally absolutely sure you're manually managing things through /etc/snmp/snmptt.conf then you can use this as well for a web based utility:
Code: Select all
https://exchange.nagios.org/directory/Addons/Components/SNMP-Trap-Translation-Adjustment-Web-Page/details