SNMP trap correlation

[dslaughter]

I'm receiving snmp traps for 2 trunks. If one is down its ok but if both are down I need to send a notification. Also I need to pull an ip address and do a dns lookup and put the name received back into the alarm text.

It would be great if there was a severity level that will not send a notification and show up in alarm list. Something like critical, warning, info, ok, unknown.

trunk1 down x.x.x.1 {dns lookup name}
trunk2 up x.x.x.2 {dns lookup name}
^^^^^^ ok

trunk1 down x.x.x.1 {dns lookup name}
trunk2 down x.x.x.2 {dns lookup name}
^^^^^^^^^^^ bad send notification

How can I do the correlation and dns lookup when these kind of snmp traps come in?

[dslaughter]

hello?

[pbroste]

Hello @dslaughter

Thanks for reaching out and would like to take a look at your Nagios XI System Profile so we can see what is going on.

To send us your system profile.

• Login to the Nagios XI GUI using a web browser.
• Click the "Admin" > "System Profile" Menu
• Click the "Download Profile" button
• Save the profile.zip file and share via Private Message

Thanks,
Perry

[dslaughter]

Did you get my pm?

[pbroste]

Hello @dslaughter

Thanks for following up and sending along the Profile, it was nice to get a good overview.

Did some checking and want to find out if this will help you out a bit. Found this previous post with the following:

We had one other person ask about this a few months ago, and while I don't know what their final resolution was, here is what I told them (which apparently answered the question at least partially, since I haven't heard from them since about it):

Okay, it looks like this should be possible with the SNMPTT
configuration. The "preferred" way would be to allow SNMPTT to resolve
the FQDNs through a DNS lookup. To do that, you would want to create an
entry for every host in /etc/hosts on the XI server, and set dns_enable
to 1 in /etc/snmp/snmptt.conf.

Alternatively, if all of your hosts have the same domain and you don't
want to create host records for them, you can enable strip_domain and
add your domain to strip_domain_list (just in case) in /etc/snmptt.ini,
then back in /etc/snmptt.conf on every single trap definition change
"$r" to "$r.yourdomain.tld".

Unfortunately neither way is particularly "clean" - there's built-in
functionality for stripping a domain off, but not adding one back on.
So, getting host lookups on the system to return the FQDN is really the
way to go.

for documentation on the subject:
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS
http://snmptt.cvs.sourceforge.net/viewv ... iew=markup

And then here is the response:

You pointed out which item was used to find hosts in Nagios.
I have looked into the manual of snmptt.conf http://www.snmptt.org/docs/snmptt.shtml if there is a way to put the IP number, instead of hostname.
I found the variable $ar to contain the IP number.
I changed all $r to $ar in the file /etc/snmp/snmptt.conf (:1,$ s/"$r"/"$ar"/g)
I caused the system to send a SNMP trap, e voila ! Nagios reported a PROBLEM to the correct host, based on IP number !
It worked !
Only if I add an new MIB, I have to change it again.
Something has to change in the addmib command config.

Please take a look over this and let us know if this will help out. Hopefully, this will provide a possible workaround.

Thanks,
Perry

[pbroste]

Hello @dslaughter

Want to check in with you to find out what your file /etc/snmp/snmptt.conf looks like? Made reference in the previous post on possible updates to variables; $r to $ar.

Also we're moving to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.

Thanks,
Perry

[dslaughter]

Thanks for your help. We have decided to take a different approach to this problem. You can close this.

[pbroste]

Thanks for following up @dslaughter, please let us know if you need any further.

locking,
Perry

We're moving to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.