Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

classifying Traps

https://support.nagios.com/forum/viewtopic.php?t=31287

Page 2 of 2

Re: classifying Traps

Posted: Mon Apr 13, 2015 5:22 am
by hanya.radwan
sorry for delay , but this case after fixed , it appears again. although I manually reclassify the trap in snmptt.conf .
also there isn't find the mibs in these paths /etc/snmp/snmptt.ini.
and these paths not found
/usr/share/snmp/mibs/processed_mibs/smscagent.mib.txt
/usr/share/snmp/mibs/processed_mibs/smscagentb.mib.txt


how can I fix that.

Re: classifying Traps

Posted: Mon Apr 13, 2015 1:32 pm
by ssax
Please attach your /etc/snmp/snmptt.conf and your /etc/snmp/snmptt.ini, it'll give us a better idea of any changes.

Re: classifying Traps

Posted: Tue Apr 14, 2015 3:06 am
by hanya.radwan
the files attached

Re: classifying Traps

Posted: Tue Apr 14, 2015 9:56 am
by ssax
Ok, here's an example:

Using your latest one, if I use grep on your snmptt conf files (all of them are listed at the bottom of /etc/snmp/snmptt.ini), this line will search through all your conf files:

Code: Select all

grep -n 'smscSiwplmnWarningTrap' /etc/snmp/*.conf
You will see that you have duplicate entries in there, you should be able to remove the duplicates or change them all but make sure that they are the exact same ones (Name, OID, Match, etc).

Re: classifying Traps

Posted: Sun Apr 19, 2015 6:21 am
by hanya.radwan
I deleted all repeated traps, and when apply the below for each trap , the result just one .
[root@nms snmp]# grep -n 'smscSiwplmnWarningTrap' /etc/snmp/*.conf
/etc/snmp/snmptt.conf:10860:EVENT smscSiwplmnWarningTrap .1.3.6.1.4.1.3830.1.1.2.2.1.0.2024 "Status Events" Warning

also I modified snmptt.ini and delete any conf file related to these mibs , and restart snmptt, but the problem still.

also most of traps went to snmpttunknown.log, and stop appear on nagiosxi notificatiins after me changing the traps classifications manually.

Re: classifying Traps

Posted: Mon Apr 20, 2015 2:47 pm
by ssax
I'm seeing this in the original snmptt.conf you posted:

Code: Select all

EVENT smscInternalMajorTrap .1.3.6.1.4.1.3830.1.1.2.2.1.0.52 "Status Events" Normal
FORMAT Internal status information of the agent $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "Internal status information of the agent $*"
SDESC
Internal status information of the agent
NOTIFICATIONID-VARIABLE: trapNotificationId
SEVERITY-VARIABLE: trapSeverity
ADDITIONAL-TEXT-VARIABLES: {trapData}
MANAGEDOBJECT-DEFAULT: smscAgent
Variables:
  1: trapNotificationId
  2: trapSeverity
  3: trapData
  4: trapTimeStamp
EDESC
And I'm seeing this in the new one:

Code: Select all

EVENT smscInternalMajorTrap .1.3.6.1.4.1.3830.1.1.2.2.1.0.52 "Status Events" Critical
FORMAT Internal status information of the agent $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$1" "Internal status information of the agent $*"
MATCH $1: 1 
MATCH $1: 2 
MATCH $1: 5
I think you removed too much.

Re: classifying Traps

Posted: Mon Apr 20, 2015 6:14 pm
by Box293
Looking at the first couple of in your unknown log, they are all similar, here is one:

Code: Select all

Sun Apr 19 03:28:27 2015: Unknown trap (.1.3.6.1.4.1.3830.1.1.2.2.1.0.52) received from 192.168.10.71 at: 
Value 0: 192.168.10.71
Value 1: 192.168.10.71
Value 2: 24:9:21:28.95
Value 3: .1.3.6.1.4.1.3830.1.1.2.2.1.0.52
Value 4: 192.168.10.204
Value 5: Jawwal-snmp
Value 6: .1.3.6.1.4.1.3830.1.1.2.2.1
Value 7: 
Value 8: 
Value 9: 
Value 10: 
Ent Value 0: .1.3.6.1.4.1.3830.1.1.2.1.1.1=3
Ent Value 1: .1.3.6.1.4.1.3830.1.1.2.1.1.2=2
Ent Value 2: .1.3.6.1.4.1.3830.1.1.2.1.1.3=%SMSA-E-POLLERR, Polling the SMSC was not successful.
Ent Value 3: .1.3.6.1.4.1.3830.1.1.2.1.1.4=OPCOM
Ent Value 4: .1.3.6.1.4.1.3830.1.1.2.1.1.5=19-APR-2015 03:27:10.70
Ent Value 5: .1.3.6.1.4.1.3830.1.1.2.1.1.6=SMJL51
Now to refer to this:

Code: Select all

EVENT smscInternalMajorTrap .1.3.6.1.4.1.3830.1.1.2.2.1.0.52 "Status Events" Critical
FORMAT Internal status information of the agent $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$1" "Internal status information of the agent $*"
MATCH $1: 1
MATCH $1: 2
MATCH $1: 5

So $1 that is trying to be matched against is this:

Code: Select all

Ent Value 0: .1.3.6.1.4.1.3830.1.1.2.1.1.1=3
$1 = Ent Value 0

So your MATCH is not matching anything as the value of Ent Value 0 ($1) is 3 and your MATCHES are:

Code: Select all

MATCH $1: 1
MATCH $1: 2
MATCH $1: 5
You could add 3 as well:

Code: Select all

MATCH $1: 1
MATCH $1: 2
MATCH $1: 3
MATCH $1: 5
Does that make sense?
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited