recieving SNMP traps

[benhank]

i am only adding this just in case it is relevant.
I did manually remove the nsti directory after stopping the daemon,
the error log changed to:

Code: Select all

[Tue Aug 20 14:57:08 2013] [error] [client 172.22.3.18] File does not exist: /usr/local/nagiosti
[Tue Aug 20 14:57:50 2013] [error] [client 127.0.0.1] File does not exist: /usr/local/nagiosti

and here yah go:
the chmod command didn't work so I deleted the files myself, and restarted the services.
and then:

Code: Select all

[root@LkennagiosT01 ~]# chmod -R root.snmptt /var/spool/snmptt/
chmod: invalid mode: `root.snmptt'
Try `chmod --help' for more information.

[root@LkennagiosT01 ~]# tail -f /var/log/snmp/snmptt.log
tail: cannot open `/var/log/snmp/snmptt.log' for reading: No such file or directory

[root@LkennagiosT01 ~]# tail -f /var/log/snmp/snmpttunknown.log
tail: cannot open `/var/log/snmp/snmpttunknown.log' for reading: No such file or directory

[root@LkennagiosT01 ~]# ll /var/log/snmptt/
total 308
-rw-r--r--  1 root root   1406 Aug 20 14:41 snmptt-debug.log
-rw-r--r--  1 root root      0 Aug 14 03:18 snmptt.log
-rw-r--r--. 1 root root  34649 Aug  3 22:50 snmptt.log-20130804
-rw-r--r--. 1 root root 138303 Aug 13 15:29 snmptt.log-20130814
-rw-r--r--  1 root root   2090 Aug 20 14:41 snmpttsystem.log
-rw-r--r--. 1 root root  11244 Jul 25 14:20 snmpttsystem.log-20130728
-rw-r--r--. 1 root root  16678 Jul 31 16:52 snmpttsystem.log-20130804
-rw-r--r--. 1 root root   5444 Aug 13 16:35 snmpttsystem.log-20130814
-rw-r--r--  1 root root   1668 Aug 16 12:38 snmpttsystem.log-20130818
-rw-r--r--  1 root root      0 Aug 18 03:26 snmpttunknown.log
-rw-r--r--. 1 root root   2829 Aug  2 19:28 snmpttunknown.log-20130803
-rw-r--r--. 1 root root   3079 Aug  3 16:39 snmpttunknown.log-20130804
-rw-r--r--. 1 root root  52366 Aug 13 23:27 snmpttunknown.log-20130814
-rw-r--r--  1 root root   6275 Aug 14 13:26 snmpttunknown.log-20130818
[root@LkennagiosT01 ~]#

[sreinhardt]

some days.... I wonder about myself. Those should have been chown not chmod. As for the errors, that is simply apache things. You also should also remove the vhost\conf files for apache and restart. Also /var/log/snmptt not /var/log/snmp. Thanks for dealing with my early week brain farts.

[benhank]

screw this, I am just gonna tell my boss that YOU GUYS SAID snmp wont work until the next version of snmp.
Ill retry with chown and delete the file =p

[sreinhardt]

Oh snmp works, but you are correct, the new version of nsti is much much better! I however take no responsibility for your workplace actions, including but not limited to banging your head on desks\walls in frustration.

[benhank]

so I reran the comands with the same error.

but the files were there, so I deleted and recreated em with vi. and restarted the services in order
I dont get that file does not exist error anymore, I ran

Code: Select all

 snmptrap -v 1 -c snmpsux 172.22.3.17 UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "Here"

on the sending server and tailed the logs again they still are empty

[sreinhardt]

OK, lets check the spool files. If they are not showing in there, we will try a tcpdump while you send a trap. Also I should ask, is that actually the snmp string you have setup in snmpd.conf?

Code: Select all

grep -Ri 'demo' /var/spool/snmptt/*

If you have no files or no responses there, lets do that tcpdump.

Code: Select all

tcpdump -vvv -i eth0 dst port 162

While thats running on your nagios server, send a test trap or two from the remote system and post the resulting log.

[benhank]

and here we go:
wow snmp >censored<

Code: Select all

Last login: Tue Aug 20 15:48:27 2013 from 172.26.68.146
[root@LkennagiosT01 ~]# grep -Ri 'demo' /var/spool/snmptt/*
[root@LkennagiosT01 ~]# tcpdump -vvv -i eth0 dst port 162
-bash: tcpdump: command not found
[root@LkennagiosT01 ~]#

I think I must have missed something.

this was working untill I uninstalled and reinstalled net-snmp.

is there a step by step doc that details how to set up snmp, that, when done nagios will be configured properly?

man...where is a script when you need one =D

[sreinhardt]

Note to self, consider scripting snmptraps install.... ugh maybe. Officially we only have the integrating traps with XI doc. There are a few more guides online though. Do you have the packages net-snmp, net-snmp-libs, net-snmp-utils? You can also just "yum install tcpdump"

[benhank]

hah!

Code: Select all

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:55:27.887468 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 93)
    lkennagiosp03.healthone.org.60411 > lkennagiost01.healthone.org.snmptrap: [udp sum ok]  { SNMPv1 { Trap(50)  E:2021.13.990 172.22.3.15 enterpriseSpecific s=17 1200793855 system.sysLocation.0="Here" } }

1 packets captured
1 packets received by filter
0 packets dropped by kernel

whoooo closer

[sreinhardt]

In the sense, that its not being blocked, yes! OK, so next thing. Lets (re)move, your choice on if the data is important, the current files in /var/spool/snmptt/. Restart the services, send a trap, then cat the file that should get created in there.