Traps display only at "Unknown Traps Log Contents"

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
agpol07
Posts: 21
Joined: Fri Oct 05, 2018 6:27 am

Traps display only at "Unknown Traps Log Contents"

Post by agpol07 »

Hi,

I'm triggerring some traps from a Cisco switch to Nagios XI, but it displayed only at Unknown Traps Log Contents.
Can somebody help me?
When i try to manually add the oid it says that
SQL Error [nagiosxi] : Duplicate entry 'SyslogMSG' for key 'xi_cmp_trapdata.trapdata_event_name'


Version 5.8.7 (Linux RH)
Top
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by pbroste »

Hello @agpol07

Thanks for reaching out, want to dig into this a bit more by executing the following snmptrap with the oid:

Code: Select all

snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
Want to take a look at the snmptt logs:

Code: Select all

tar -czvf /tmp/smptrapdlogs.tar.gz /var/log/snmptt/*.log
Would like to take a look at your Nagios XI System Profile so we can see what is going on.

To send us your system profile.
  • Login to the Nagios XI GUI using a web browser.
  • Click the "Admin" > "System Profile" Menu
  • Click the "Download Profile" button
  • Save the profile.zip file and send via Private Message
Thanks,
Perry
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by ssax »

In addition to what @pbroste posted (please do that as well), run this command as root or sudo and send me the resulting /tmp/SNMPFILES.tar.gz file:

Code: Select all

GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?

Code: Select all

mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Top
agpol07
Posts: 21
Joined: Fri Oct 05, 2018 6:27 am

Re: Traps display only at "Unknown Traps Log Contents"

Post by agpol07 »

pbroste wrote:Hello @agpol07

Thanks for reaching out, want to dig into this a bit more by executing the following snmptrap with the oid:

Code: Select all

snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
Want to take a look at the snmptt logs:

Code: Select all

tar -czvf /tmp/smptrapdlogs.tar.gz /var/log/snmptt/*.log
Would like to take a look at your Nagios XI System Profile so we can see what is going on.

To send us your system profile.
  • Login to the Nagios XI GUI using a web browser.
  • Click the "Admin" > "System Profile" Menu
  • Click the "Download Profile" button
  • Save the profile.zip file and send via Private Message
Thanks,
Perry
The profile.zip that is downloaded is empty.
I sent you the system info from the same page with PM.

i didn't manage to run this command:
snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
can you write it again, if i have as community:test123 and the oid is this:.1.3.6.1.4.1.9.9.41.2.0.1


In this command i have these results.
nagios-xi:/ # tar -czvf ./tmp/smptrapdlogs.tar.gz ./var/log/snmptt/*.log
./var/log/snmptt/snmptt.log
./var/log/snmptt/snmpttsystem.log
./var/log/snmptt/snmpttunknown.log
You have mail in /var/spool/mail/root
nagios-xi:/ #


ssax wrote:In addition to what @pbroste posted (please do that as well), run this command as root or sudo and send me the resulting /tmp/SNMPFILES.tar.gz file:

Code: Select all

GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?

Code: Select all

mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
I've sent it to you through a PM
Top
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by pbroste »

Hello @agpol07

Thanks for sending over the info, want to have you get the System Profile by using the command line script that we provide:

Code: Select all

rm -rf /usr/local/nagiosxi/var/components/profile.zip
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT

Then send the resulting /usr/local/nagiosxi/var/components/profile.zip​ file via Private Message.

Also, send the results on the following; please verify that you are running as 'root' super-user account as well.

/tmp/SNMPFILES.tar.gz file:

Code: Select all

GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?

Code: Select all

mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Thanks,
Perry
Top
agpol07
Posts: 21
Joined: Fri Oct 05, 2018 6:27 am

Re: Traps display only at "Unknown Traps Log Contents"

Post by agpol07 »

pbroste wrote:Hello @agpol07

Thanks for sending over the info, want to have you get the System Profile by using the command line script that we provide:

Code: Select all

rm -rf /usr/local/nagiosxi/var/components/profile.zip
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT

Then send the resulting /usr/local/nagiosxi/var/components/profile.zip​ file via Private Message.

Also, send the results on the following; please verify that you are running as 'root' super-user account as well.

/tmp/SNMPFILES.tar.gz file:

Code: Select all

GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?

Code: Select all

mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Thanks,
Perry

Code: Select all

nagios-xi:~ # GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
tar: Removing leading `/' from member names
/etc/snmp/
/etc/snmp/snmpd.conf
tar: Removing leading `/' from hard link targets
/etc/snmp/snmptt_nxti.bak
/etc/snmp/snmptt.ini
gzip: warning: GZIP environment variable is deprecated; use an alias or script
/etc/snmp/nagios-check-storage
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
/etc/snmp/snmptrapd.conf
/etc/snmp/snmptt.ini.bak
/usr/share/snmp/mibs/
/usr/share/snmp/mibs/HCNUM-TC.txt
/usr/share/snmp/mibs/CISCO-CLASS-BASED-QOS-MIB.my
/usr/share/snmp/mibs/IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-VACM-MIB.txt
/usr/share/snmp/mibs/CISCO-CEF-MIB.my
/usr/share/snmp/mibs/UCD-SNMP-MIB.txt
/usr/share/snmp/mibs/NAGIOS-NOTIFY-MIB.txt
/usr/share/snmp/mibs/SNMPv2-TM.txt
/usr/share/snmp/mibs/SNMP-TLS-TM-MIB.txt
/usr/share/snmp/mibs/MTA-MIB.txt
/usr/share/snmp/mibs/DISMAN-SCRIPT-MIB.txt
/usr/share/snmp/mibs/CISCO-CIRCUIT-INTERFACE-MIB.my
/usr/share/snmp/mibs/SMUX-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt
/usr/share/snmp/mibs/LM-SENSORS-MIB.txt
/usr/share/snmp/mibs/IPV6-TC.txt
/usr/share/snmp/mibs/NET-SNMP-MIB.txt
/usr/share/snmp/mibs/CISCO-AUTH-FRAMEWORK-MIB-V1SMI.my
/usr/share/snmp/mibs/IPV6-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
/usr/share/snmp/mibs/SNMP-PROXY-MIB.txt
/usr/share/snmp/mibs/CISCO-ERR-DISABLE-MIB-V1SMI.my
/usr/share/snmp/mibs/IF-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-STORM-CONTROL-MIB-V1SMI.my
/usr/share/snmp/mibs/SCTP-MIB.txt
/usr/share/snmp/mibs/SNMP-COMMUNITY-MIB.txt
/usr/share/snmp/mibs/SNMPv2-MIB.txt
/usr/share/snmp/mibs/CISCO-MAC-NOTIFICATION-MIB.my
/usr/share/snmp/mibs/IPV6-FLOW-LABEL-MIB.txt
/usr/share/snmp/mibs/CISCO-ACCESS-ENVMON-MIB.my
/usr/share/snmp/mibs/TCP-MIB.txt
/usr/share/snmp/mibs/SNMP-NOTIFICATION-MIB.txt
/usr/share/snmp/mibs/UDP-MIB.txt
/usr/share/snmp/mibs/UCD-DEMO-MIB.txt
/usr/share/snmp/mibs/CISCO-AUTH-FRAMEWORK-MIB.my
/usr/share/snmp/mibs/CISCO-CONFIG-COPY-MIB.my
/usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt
/usr/share/snmp/mibs/CISCO-ENTITY-SENSOR-MIB-V1SMI.my
/usr/share/snmp/mibs/IANAifType-MIB.txt
/usr/share/snmp/mibs/CISCO-BRIDGE-EXT-MIB.my
/usr/share/snmp/mibs/BRIDGE-MIB.my
/usr/share/snmp/mibs/CISCO-ENTITY-FRU-CONTROL-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-ENVMON-MIB-V1SMI.my
/usr/share/snmp/mibs/RFC-1215.txt
/usr/share/snmp/mibs/CISCO-EMBEDDED-EVENT-MGR-MIB.my
/usr/share/snmp/mibs/BRIDGE-MIB.txt
/usr/share/snmp/mibs/TUNNEL-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMP-USER-BASED-SM-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-COPY-MIB-V1SMI.txt
/usr/share/snmp/mibs/RMON-MIB.txt
/usr/share/snmp/mibs/UCD-DISKIO-MIB.txt
/usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt
/usr/share/snmp/mibs/TRANSPORT-ADDRESS-MIB.txt
/usr/share/snmp/mibs/CISCO-BRIDGE-EXT-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMPv2-CONF.txt
/usr/share/snmp/mibs/CISCO-CLUSTER-MIB.my
/usr/share/snmp/mibs/IPV6-TCP-MIB.txt
/usr/share/snmp/mibs/RFC1155-SMI.txt
/usr/share/snmp/mibs/SNMP-MPD-MIB.txt
/usr/share/snmp/mibs/DISMAN-EVENT-MIB.txt
/usr/share/snmp/mibs/SNMP-TSM-MIB.txt
/usr/share/snmp/mibs/CISCO-CLUSTER-MIB-V1SMI.my
/usr/share/snmp/mibs/IF-INVERTED-STACK-MIB.txt
/usr/share/snmp/mibs/CISCO-BULK-FILE-MIB.my
/usr/share/snmp/mibs/IPV6-ICMP-MIB.txt
/usr/share/snmp/mibs/SNMP-TARGET-MIB.txt
/usr/share/snmp/mibs/IANA-LANGUAGE-MIB.txt
/usr/share/snmp/mibs/CISCO-STP-EXTENSIONS-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-MAC-AUTH-BYPASS-MIB.my
/usr/share/snmp/mibs/IP-FORWARD-MIB.txt
/usr/share/snmp/mibs/nagios-root.mib
/usr/share/snmp/mibs/RFC1213-MIB.txt
/usr/share/snmp/mibs/nagios-notify.mib
/usr/share/snmp/mibs/CISCO-FLASH-MIB-V1SMI.my
/usr/share/snmp/mibs/DISMAN-SCHEDULE-MIB.txt
/usr/share/snmp/mibs/UCD-DLMOD-MIB.txt
/usr/share/snmp/mibs/IP-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-DH-OBJECTS-MIB.txt
/usr/share/snmp/mibs/NETWORK-SERVICES-MIB.txt
/usr/share/snmp/mibs/CISCO-FLASH-MIB.my
/usr/share/snmp/mibs/AGENTX-MIB.txt
/usr/share/snmp/mibs/CISCO-CDP-MIB.my
/usr/share/snmp/mibs/IANA-RTPROTO-MIB.txt
/usr/share/snmp/mibs/NOTIFICATION-LOG-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-AES-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-SECURITY-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-ENTITY-FRU-CONTROL-MIB.my
/usr/share/snmp/mibs/NET-SNMP-TC.txt
/usr/share/snmp/mibs/CISCO-PRIVATE-VLAN-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMP-USM-HMAC-SHA2-MIB.txt
/usr/share/snmp/mibs/CISCO-EIGRP-MIB.mib
/usr/share/snmp/mibs/INET-ADDRESS-MIB.txt
/usr/share/snmp/mibs/CISCO-MAC-NOTIFICATION-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-MAC-AUTH-BYPASS-MIB-V1SMI.my
/usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXAMPLES-MIB.txt
/usr/share/snmp/mibs/CISCO-DATA-COLLECTION-MIB.my
/usr/share/snmp/mibs/SNMPv2-TC.txt
/usr/share/snmp/mibs/CISCO-DHCP-SNOOPING-MIB.my
/usr/share/snmp/mibs/SNMP-FRAMEWORK-MIB.txt
/usr/share/snmp/mibs/IPV6-UDP-MIB.txt
/usr/share/snmp/mibs/NAGIOS-ROOT-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-QOS-MIB-V1SMI.my
/usr/share/snmp/mibs/NET-SNMP-PASS-MIB.txt
/usr/share/snmp/mibs/CISCO-IF-EXTENSION-MIB.my
/usr/share/snmp/mibs/CISCO-ENTITY-VENDORTYPE-OID-MIB-V1SMI.my
/usr/share/snmp/mibs/EtherLike-MIB.txt
/usr/share/snmp/mibs/CISCO-CAR-MIB.my
/usr/share/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
/usr/share/snmp/mibs/SNMPv2-SMI.txt
/usr/share/snmp/mibs/CISCO-ACCESS-ENVMON-MIB-V1SMI.my
/usr/share/snmp/mibs/BRIDGE-MIB-V1SMI.my
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ # mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
mysql: [Warning] Using a password on the command line interface can be insecure.
*************************** 1. row ***************************
                        trapdata_id: 46
                   trapdata_updated: 2022-02-01 11:16:31
                   trapdata_enabled: 1
                trapdata_event_name: SyslogMSG
                 trapdata_event_oid: .1.3.6.1.4.1.9.9.41.2.0.1
                  trapdata_category: Network_devices
                  trapdata_severity: Warning
                      trapdata_exec: YTowOnt9
                      trapdata_desc: Link-Up-Down
             trapdata_custom_format:
                  trapdata_raw_data:
trapdata_wizard_integration_enabled: 1
   trapdata_wizard_integration_data: YTo0OntzOjQ6Imhvc3QiO3M6MzoiJGFSIjtzOjc6InNlcnZpY2UiO3M6MTA6IlNOTVAgVHJhcHMiO3M6ODoic2V2ZXJpdHkiO3M6NzoiV0FSTklORyI7czo2OiJvdXRwdXQiO3M6NDM6IlNOTVAgVHJhcCBSZWNlaXZlZCBhdCAkQCB3aXRoIHZhcmlhYmxlcyAkKyoiO30=
           trapdata_parent_mib_name:

Code: Select all

Tue Feb 1 14:11:29 2022: Unknown trap (.1.3.6.1.4.1.9.9.41.2.0.1) received from 10.XXX.XXX.XXX at:
Value 0: 10.XXX.XXX.XXX
Value 1: 10.XXX.XXX.XXX
Value 2: 242:18:55:43.07
Value 3: .1.3.6.1.4.1.9.9.41.2.0.1
Value 4: 10.XXX.XXX.XXX
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.9.9.41.1.2.3.1.2.9098=LINK
Ent Value 1: .1.3.6.1.4.1.9.9.41.1.2.3.1.3.9098=4
Ent Value 2: .1.3.6.1.4.1.9.9.41.1.2.3.1.4.9098=UPDOWN
Ent Value 3: .1.3.6.1.4.1.9.9.41.1.2.3.1.5.9098=Interface GigabitEthernet1/0/46, changed state to down
Ent Value 4: .1.3.6.1.4.1.9.9.41.1.2.3.1.6.9098=242:18:55:43.06
Top
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by pbroste »

Hello @agpol07

Thanks for send over the info, the <oid> --> 1.3.6.1.4.1.9.9.41.2.0.1 references:
CISCO-SYSLOG-MIB:
clogMessageGenerated 1.3.6.1.4.1.9.9.41.2.0.1
Which states this in the mib notes: "When a syslog message is generated by the device a clogMessageGenerated notification is sent. The sending of these notifications can be enabled/disabled via the clogNotificationsEnabled object".
We don't see the associated mib listed, please download, unzip the attachment and place into the '/usr/share/snmp/mibs/' directory.

Let us know how things look,
Perry
You do not have the required permissions to view the files attached to this post.
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by ssax »

Please edit this file:

Code: Select all

/etc/snmp/snmptt.ini
Change this (at the bottom):

Code: Select all

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
END
To this:

Code: Select all

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
END
Then restart snmptt:

Code: Select all

systemctl restart snmptt
Now it should show up.
Top
agpol07
Posts: 21
Joined: Fri Oct 05, 2018 6:27 am

Re: Traps display only at "Unknown Traps Log Contents"

Post by agpol07 »

ssax wrote:Please edit this file:

Code: Select all

/etc/snmp/snmptt.ini
Change this (at the bottom):

Code: Select all

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
END
To this:

Code: Select all

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
END
Then restart snmptt:

Code: Select all

systemctl restart snmptt
Now it should show up.
Thanks a lot, it worked..
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Traps display only at "Unknown Traps Log Contents"

Post by ssax »

That's great to hear! Let us know when we're okay to lock this up and mark it as resolved.

Thank you!
Top
Locked

Return to “Nagios XI”