SNMP Trap questions

[BanditBBS]

So I am moving forward now with trap configuration and I have a few questions.

I setup my PC as a test host in XI and here are my questions:
My hostname is 101l-c2tdv1. If I create that host in XI it receives the traps fine.
1.) Is there a way to add my host in XI with a 'user friendly' hostname and have the traps still work?
2.) I'd also like to add the host to Xi with the FQDN, btu then traps don't work, is there a way to remove the FQDN when receiving the trap to have it work as well?
3.) If I unplug a network connection on my PC it sends a trap to XI. I'm trying to use snmptrap.exe to send test traps and nothing shows up in the snmptt.log or snmpttunknown.log.

[BanditBBS]

#3 is solved, so just 1 and 2 need answers.

Thanks

[nscott]

BanditBBS,

1) No, unfortunately, the hostname must be like that, however see below.
2) There is the ability to add regular expressions and that might do the trick, however that would entail that you must do that for the entirety of the OIDs, which is far from ideal, again see below.

Another option which isn't ideal either, but its not a bad idea, is to edit the snmptraphandling.py script that snmptt hands every single snmp trap off to. This is the script where you could have your giant host lookup and translation function. So you are getting traps from host 101l-c2tdv1 and want that translated to something more readable, you could create some Nagios host "Readable Host" and have that funky hostname from before translated to to this host.

Also, I am putting this exact functionality in NSTI v2.0, perhaps you'd like to give that a go, its not posted publicly but its close to being released.

[BanditBBS]

Wow, my head hurts!

I'm not using it in production, just getting it setup now, so if you want me to test it, that works for me since I won't be breaking anything currently in use.

I'm now having another fun issue. This one crappy application sends snmp messages that look like this:

Code: Select all

Thu Dec 13 14:45:16 2012: Unknown trap (.1.3.6.1.4.1.7061.0.0) received from wdcae-pssw01v at:
Value 0: wdcae-pssw01v
Value 1: 10.97.227.147
Value 2: 0:0:00:00.00
Value 3: .1.3.6.1.4.1.7061.0.0
Value 4: 10.97.227.147
Value 5: Public
Value 6: .1.3.6.1.4.1.7061
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.7061.1=Dec 13, 2012 2:44:34 PM,OFF NORMAL,Universal,High Head Pressure 1 is in alarm.


Thu Dec 13 14:46:30 2012: Unknown trap (.1.3.6.1.4.1.7061.0.0) received from wdcae-pssw01v at:
Value 0: wdcae-pssw01v
Value 1: 10.97.227.147
Value 2: 0:0:00:00.00
Value 3: .1.3.6.1.4.1.7061.0.0
Value 4: 10.97.227.147
Value 5: Public
Value 6: .1.3.6.1.4.1.7061
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.7061.1=Dec 13, 2012 2:45:48 PM,NORMAL,Universal,High Head Pressure 1 has returned to normal.

Every alert it sends is .1.3.6.1.4.1.7061.1. I'm tryign to decide hot to best handle this. If I can somehow just grab the Ent value 0 and forward everything past the = then I'd be set. Well, no I wouldn't, I would need the "Normal" or "Off Normal" read in to determine if it is warning or OK. Bah, I hate traps!

Anyway, any hints on this latest dilemma? Hook me up with the new NSTI if you want it tested.

[arnab.roy]

Hi BBS,

Yes you can do without having a matching hostname, you can use trap resolution by ip address. You will need to change it in snmptt.ini .We are doing it that way ....and works absolutely fine.

[BanditBBS]

Hi BBS,

Yes you can do without having a matching hostname, you can use trap resolution by ip address. You will need to change it in snmptt.ini .We are doing it that way ....and works absolutely fine.

All I have to change is the dns_enable variable? If so, i just tried it and it didn't work Still investigating.....

[BanditBBS]

Looks like somewhere it is still being converted to hostname, or it is actually sending the hostname and not the IP as this is what appears in the snmptt.log file:

Code: Select all

Thu Dec 13 16:15:52 2012 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" 101l-c2twdv1 - A linkUp trap signifies that the SNMP entity, acting in an 41
Thu Dec 13 16:16:21 2012 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" 101l-c2twdv1 - A linkDown trap signifies that the SNMP entity, acting in 16

[arnab.roy]

You might also want to look at this resolve_value_ip_addresses , in our setup this is setup as 0 and dns_enable =1

[BanditBBS]

You might also want to look at this resolve_value_ip_addresses , in our setup this is setup as 0 and dns_enable =1

Hmm, that is how mine was all this time. I changed the DNS variable as stated and made no change. My google powers are failing me today, but I'll continue the search!

[BanditBBS]

nscott,

You just going to tease me about NSTI 2 or you going to send it to me?