SNMP trap config

[gormank]

The syslog has >75k traps in it but I don't see any errors. There are about 65 hosts sending traps. From the snmpttunknown.log it seems some MIBs are missing. snmpttsystem.log is 0 bytes, and snmptt.log contains traps.

I have HP SIM forwarding traps from the same hosts, but all those traps wind up on the SIM server. I was given a fix for that but I'm working on getting the traps directly from the hosts.

It seems that snmptt needs to be restarted often to keep processing traps.

[lgroschen]

As ssax commented,
If you tail -f /var/log/messages will more than likely tell you why snmptt failed to start. It could also be useful to increase the dubug level inside snmptt.ini and make sure its using syslog in general

Code: Select all

syslog_system_enable = 1
syslog_level = debug

Then check your logs again.

[gormank]

snmptt didn't fail to start. After running a while, it fails to stop, is forced and then restarted.
When it fails to stop seems to be related to when its running but not processing traps.

# service snmptt restart
Stopping snmptt: [ FAILED ]
Starting snmptt: [ OK ]

[ssax]

Mine is actually doing this as well, I'm not sure why.

It's running fine but then when I do a restart it fails but then starts ok, if I then restart it again it works just fine.

Does it work that way for you?

[gormank]

Yes.
SNMP seems to be working fine now that my mistaken change of the description was fixed, and snmptt restarted.
Its just that snmptt seems to stop working and need periodic restarts.

[ssax]

Did you enable debugging? You should do that so we can hopefully see why it's failing.

[gormank]

I did but see nothing different in syslog. Just the steady flow of traps.
I'll let it run this way and see if snmptt stops logging traps in syslog, which seems to be the symptom.

[ssax]

Ok, check syslog, bug also check the /var/log/snmptt/* logs to see if anything is put in them when it happens.

Thanks

[gormank]

The names need to be identical, it's based on the host_name, not the address. Are they identical (case sensitive, with or without domain name, or IP instead of dns name)?

I'd like to return to this. Do you mean the hostnames (FQDN if used) in the trap need to be identical to the hosts defined in Nagios?
If so, it isn't entirely true. My ILOs send traps as the server hostnames, but the names in Nagios are <hostname>.ilo. Almost all (~90) of the ILOs have info traps on them since they seem to send a lot of traps.

An example:
Sep 18 19:30:22 txslm2mlnag001 snmptrapd[17222]: 2015-09-18 19:30:22 10.133.133.60(via UDP: [10.133.133.60]:60926->[10.133.133.74]) TRAP, SNMP v1, community sp1der#012#011.1.3.6.1.4.1.232 Enterprise Specific Trap (11020) Uptime: 416 days, 21:29:29.00#012#011.1.3.6.1.2.1.1.5.0 = STRING: txslm2mvesx001#011.1.3.6.1.4.1.232.11.2.11.1.0 = INTEGER: 4#011.1.3.6.1.4.1.232.11.2.10.7.0 = Hex-STRING: 02 02 02 02 02 02 01 02 02 02 00 02 00 00 01 02 #01202 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00

10.133.133.60 is txslm2mvesx001.ilo.
Maybe its because the hostname isn't in the trap, even though the ILO is set to send traps with the server's hostname.

[ssax]

SNMPTT actually resolves the IP addresses and strips domains if you have that set (it is by default) in the /etc/snmp/snmptt.ini

If you do an nslookup on the server does it return txslm2mvesx001.ilo or even txslm2mvesx001.ilo.yourdomain.com

Code: Select all

nslookup 10.133.133.60

The hostname does need to be exact.