Issue with Receiving SNMP Traps

ssax · Post by **ssax** » Fri Nov 04, 2016 12:09 pm

Please follow tgriep's recommendation above, make sure to restart the SNMPTT service after you've grabbed the data we need. We will also need your /etc/snmp/snmptt.conf so that we can adjust your traps to pull the hostname from the trap so that the traps end up on the proper hosts in the XI system.

Thank you

msmulpuri · Post by **msmulpuri** » Fri Nov 04, 2016 3:08 pm

Below is what I see in the /var/spool/snmptt directory on the Nagios XI server. These files are not readable so I am just giving the list of file names that queued up in this directory. These files have a hash sign in front of the file name which make them not readable I guess. I did attach the snmptt.conf file already and it should be there for your review. Hope this helps. I restarted snmptt at this point so the queue will be cleared up.

Code: Select all

#snmptt-trap-1478278815067187
#snmptt-trap-1478278864210114
#snmptt-trap-1478278865720313
#snmptt-trap-1478278866916162
#snmptt-trap-1478278868013241
#snmptt-trap-1478278880327981
#snmptt-trap-1478278901543000
#snmptt-trap-1478278904446079
#snmptt-trap-1478278906352360
#snmptt-trap-1478278908854614
#snmptt-trap-1478280663512101
#snmptt-trap-1478280665705195
#snmptt-trap-1478280666607004
#snmptt-trap-1478280667807060
#snmptt-trap-1478280680447063
#snmptt-trap-1478280701741415
#snmptt-trap-1478280705141830
#snmptt-trap-1478280705542365
#snmptt-trap-1478280708342342
#snmptt-trap-1478282415153160
#snmptt-trap-1478282463706511
#snmptt-trap-1478282466005547
#snmptt-trap-1478282466707035
#snmptt-trap-1478282467409665
#snmptt-trap-1478282479417987
#snmptt-trap-1478282502349907
#snmptt-trap-1478282505147206
#snmptt-trap-1478282505843433
#snmptt-trap-1478282508352648
#snmptt-trap-1478284263659725
#snmptt-trap-1478284266261772
#snmptt-trap-1478284266762791
#snmptt-trap-1478284267165674
#snmptt-trap-1478284279478870
#snmptt-trap-1478284318412166
#snmptt-trap-1478284318627171
#snmptt-trap-1478284318832118
#snmptt-trap-1478284319038128
#snmptt-trap-1478286015184389
#snmptt-trap-1478286064334809
#snmptt-trap-1478286066336766
#snmptt-trap-1478286066637160
#snmptt-trap-1478286067037485
#snmptt-trap-1478286079549392
#snmptt-trap-1478286102273742
#snmptt-trap-1478286105173298
#snmptt-trap-1478286105876528
#snmptt-trap-1478286108174394
#snmptt-trap-1478287864482866
#snmptt-trap-1478287865481065
#snmptt-trap-1478287866711800
#snmptt-trap-1478287867988813
#snmptt-trap-1478287879496667
#snmptt-trap-1478287901215801
#snmptt-trap-1478287905622773
#snmptt-trap-1478287906023400
#snmptt-trap-1478287909425222
#snmptt-trap-1478289615261501
#snmptt-trap-1478289664236411
#snmptt-trap-1478289665324923
#snmptt-trap-1478289666728028
#snmptt-trap-1478289667828281
#snmptt-trap-1478289680339159
#snmptt-trap-1478289701960424
#snmptt-trap-1478289705162197
#snmptt-trap-1478289705864321
#snmptt-trap-1478289708367272

Post by **tgriep** » Mon Nov 07, 2016 1:08 pm

The # symbol in the names of the files in the /var/spool/snmptt folder is normal, that is the naming scheme that is used.

Lets get a backup of all of the snmptt log file.
Run the following as root and post the /tmp/snmptt.tgz file.

Code: Select all

tar cvfz /tmp/snmptt.tgz /var/log/snmptt/

Can you post this file as well?

Code: Select all

/usr/local/nagiosxi/var/corelog.newobjects

Also, what is the host name, IP address and the name of the trap your device is sending to the XI server?

msmulpuri · Post by **msmulpuri** » Mon Nov 07, 2016 2:21 pm

Please find attached the requested. The snmp trap sending host IP 192.168.1.10. The device sends all the traps that are monitored from the OID .1.3.6.1.4.1.6431 and subtree
Can we have Sean Sax work on this case as he is familiar with what our current setup is. Thanks!

ssax · Post by **ssax** » Mon Nov 07, 2016 6:02 pm

Ok, so it looks like we will need to change the $r on the EXEC line of those traps to $A, as an example would be:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level. 
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC

To:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$A" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level. 
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC

Please try that for one of them, restart the SNMPTT service, force a trap to come in with the one you modified and see what is entered in /usr/local/nagios/var/nagios.log.

Please see here for more information as well:

http://snmptt.sourceforge.net/docs/snmp ... ONF-FORMAT
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS

Post by **Box293** » Mon Nov 07, 2016 6:03 pm

Can you please upload a copy of the snmpttunknown.log so we can compare what is not being matched with your configs.

msmulpuri · Post by **msmulpuri** » Mon Nov 07, 2016 8:09 pm

There is no current unknown snmptt log. The last one we see was a 0 byte file from 11/06. As far as changing the $r to $A per Sean Sax note we already have dns_enable is set to 0 in the snmptt.ini file. However I will try changing the values as per his request and update the case with the results.

msmulpuri · Post by **msmulpuri** » Mon Nov 07, 2016 8:50 pm

Please find uploaded the tar.tgz files of snmptt unknown log per your request. It should not be an issue as far as I can see since there is no more entries getting written to this file. So we should be OK there.So, we still need to figure out the traps not being seen for the hosts.

ssax · Post by **ssax** » Tue Nov 08, 2016 4:19 pm

Also, please try this (using $4 from the trap) as well if the other doesn't work:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$4" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level.
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC

Thank you

msmulpuri · Post by **msmulpuri** » Thu Nov 17, 2016 4:14 pm

Currently below is what I am having issue with. I could see the SNMP Traps on the receiving Nagios XI server but No data received.

OK: No data received yet.

I have been following the tutorial as per this URL. https://support.nagios.com/kb/article.php?id=77

Am I still doing something wrong? Please advise.

Nagios Support Forum

Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps

Re: Issue with Receiving SNMP Traps