SNMP traps with Normal severity not found in eventman.log

[nfv_nagios]

Hi Support,

Hope you can help.
I have configured SNMP Trap Sender to forward the SNMP traps received by Nagios to another NMS.
However when i check eventman.log, I noticed only traps with severity Critical and Warning are forwarded.
For example, when Nagios recieve SNMP trap with severity Normal and does nothing else.
Can you advise how can make Nagios forward the Normal severity as well?

I'm running Nagios XI 5.4.0.

[ssax]

By default it will send the OKs, I just tested in the latest version.

Are your OK traps even getting into Nagios? Depending on your /etc/snmp/snmptt.conf setup they may not, please attach it.

If you go to Admin > Manage Components what version is listed next to the SNMP Trap Sender component?

[nfv_nagios]

Thank you for the response.

My SNMP Trap Sender component is on 1.5.3

Below is one of the configurations from snmptt.conf. The severity is configured as Normal.

*************************************************************************
EVENT mafRaisePrimaryLdapUnavailable .1.3.6.1.4.1.3830.1.1.30.1.3.1.3 "Status Events" Normal
FORMAT Primary LDAP directory service access failure alarm has been cleared $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "Host:$r; SvcDesc: Primary LDAP directory service access failure alarm has been cleared $*"
SDESC
Primary LDAP directory service access failure alarm has been cleared
Variables:
1: mafCondition
2: mafEntity
3: mafSeverity
4: mafParameters
EDESC
**************************************************************************

As you see from the debug log below, the Ok trap got processed and EXEC (highlighted in red) ran successfully.
Although this event was captured in Nagios, it never forward to the other NMS.
As mentioned, i only see events forwarded if the severity was Critical or Warning.

**************************************************************************
Reading trap. Current time: Fri Jun 5 00:04:26 2020

Raw trap passed from snmptrapd:
1591286664
10.252.32.167
10.252.32.167
.1.3.6.1.2.1.1.3.0 (0) 0:00:00.00
.1.3.6.1.6.3.1.1.4.1.0 .1.3.6.1.4.1.3830.1.1.30.1.3.1.3
.1.3.6.1.6.3.18.1.4.0 public
.1.3.6.1.6.3.10.2.1.1.0 "0x57e6b6e6f677e6"
.1.3.6.1.6.3.18.1.1.1.3 "unknown"
.1.3.6.1.6.3.18.1.1.1.4 "0x57e6b6e6f677e6"
.1.3.6.1.6.3.18.1.1.1.5 "unknown"

Items passed from snmptrapd:
value 0: 10.252.32.167
value 1: 10.252.32.167
value 2: .1.3.6.1.2.1.1.3.0
value 3: (0) 0:00:00.00
value 4: .1.3.6.1.6.3.1.1.4.1.0
value 5: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3
value 6: .1.3.6.1.6.3.18.1.4.0
value 7: public
value 8: .1.3.6.1.6.3.10.2.1.1.0
value 9: 0x57e6b6e6f677e6
value 10: .1.3.6.1.6.3.18.1.1.1.3
value 11: unknown
value 12: .1.3.6.1.6.3.18.1.1.1.4
value 13: 0x57e6b6e6f677e6
value 14: .1.3.6.1.6.3.18.1.1.1.5
value 15: unknown

Agent IP address was blank, so setting to the same as the host IP address of 10.252.32.167

Agent IP address (10.252.32.167) is the same as the host IP, so copying the host name: 10.252.32.167

Trap received from 10.252.32.167: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3
0: hostname
1: ip address
2: uptime
3: trapname / OID
4: ip address from trap agent
5: trap community string
6: enterprise
7: securityEngineID (snmptthandler-embedded required)
8: securityName (snmptthandler-embedded required)
9: contextEngineID (snmptthandler-embedded required)
10: contextName (snmptthandler-embedded required)
0+: passed variables

Value 0: 10.252.32.167
Value 1: 10.252.32.167
Value 2: (0) 0:00:00.00
Value 3: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3
Value 4: 10.252.32.167
Value 5: public
Value 6:
Value 7: 0x57e6b6e6f677e6
Value 8: unknown
Value 9: 0x57e6b6e6f677e6
Value 10: unknown

Agent dns name: 10.252.32.167

Exact match of trap found in EVENT hash table

Working with EVENT entry: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3 => mafRaisePrimaryLdapUnavailable,Status Events,Normal,
No nodes defined for this entry so all nodes will match
No MATCH entries defined for this entry

Trap defined, processing...

PREEXEC line(s):

FORMAT line:

OID of received trap: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3. Will attempt to translate to text
Translated to mafRaisePrimaryLdapUnavailable
Primary LDAP directory service access failure alarm has been cleared

.1.3.6.1.4.1.3830.1.1.30.1.3.1.3 Normal "Status Events" 10.252.32.167 - Primary LDAP directory service access failure alarm has been cleared

EXEC line(s):

OID of received trap: .1.3.6.1.4.1.3830.1.1.30.1.3.1.3. Will attempt to translate to text
Translated to mafRaisePrimaryLdapUnavailable
EXEC command:/usr/local/bin/snmptraphandling.py "10.252.32.167" "SNMP Traps" "Normal" "1591286664" "" "Host:10.252.32.167; SvcDesc: Primary LDAP directory service access failure alarm has been cleared "

**************************************************************************

[ssax]

Please try updating your SNMP Trap Sender component with the one attached. (v1.6.2) You can do this in Admin > Manage Components, click the Browse button, select the zip file, and click the Upload & Install button.

Then go to Admin > Manage Components > SNMP Trap Sender > Settings and enable Debug Logging.

Then run this command as root (and leave it running):

Code: Select all

tail -Fn0 /usr/local/nagiosxi/var/components/snmptrapsender.log

Then force an OK trap to come in, wait a few minutes, and send me the entire output from the still running tail command.

[nfv_nagios]

Hi, just to update...

I have updated the SNMP Trap Sender component to v1.6.2 and now able to see Normal severity being forwarded to another NMS.

Thanks for the support.

[scottwilkerson]

Hi, just to update...

I have updated the SNMP Trap Sender component to v1.6.2 and now able to see Normal severity being forwarded to another NMS.

Thanks for the support.

Great!

Locking thread