Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Issue with Receiving SNMP Traps

https://support.nagios.com/forum/viewtopic.php?t=40930

Page 2 of 4

Re: Issue with Receiving SNMP Traps

Posted: Fri Nov 04, 2016 12:09 pm
by ssax
Please follow tgriep's recommendation above, make sure to restart the SNMPTT service after you've grabbed the data we need. We will also need your /etc/snmp/snmptt.conf so that we can adjust your traps to pull the hostname from the trap so that the traps end up on the proper hosts in the XI system.

Thank you

Re: Issue with Receiving SNMP Traps

Posted: Fri Nov 04, 2016 3:08 pm
by msmulpuri
Below is what I see in the /var/spool/snmptt directory on the Nagios XI server. These files are not readable so I am just giving the list of file names that queued up in this directory. These files have a hash sign in front of the file name which make them not readable I guess. I did attach the snmptt.conf file already and it should be there for your review. Hope this helps. I restarted snmptt at this point so the queue will be cleared up.

Code: Select all

#snmptt-trap-1478278815067187
#snmptt-trap-1478278864210114
#snmptt-trap-1478278865720313
#snmptt-trap-1478278866916162
#snmptt-trap-1478278868013241
#snmptt-trap-1478278880327981
#snmptt-trap-1478278901543000
#snmptt-trap-1478278904446079
#snmptt-trap-1478278906352360
#snmptt-trap-1478278908854614
#snmptt-trap-1478280663512101
#snmptt-trap-1478280665705195
#snmptt-trap-1478280666607004
#snmptt-trap-1478280667807060
#snmptt-trap-1478280680447063
#snmptt-trap-1478280701741415
#snmptt-trap-1478280705141830
#snmptt-trap-1478280705542365
#snmptt-trap-1478280708342342
#snmptt-trap-1478282415153160
#snmptt-trap-1478282463706511
#snmptt-trap-1478282466005547
#snmptt-trap-1478282466707035
#snmptt-trap-1478282467409665
#snmptt-trap-1478282479417987
#snmptt-trap-1478282502349907
#snmptt-trap-1478282505147206
#snmptt-trap-1478282505843433
#snmptt-trap-1478282508352648
#snmptt-trap-1478284263659725
#snmptt-trap-1478284266261772
#snmptt-trap-1478284266762791
#snmptt-trap-1478284267165674
#snmptt-trap-1478284279478870
#snmptt-trap-1478284318412166
#snmptt-trap-1478284318627171
#snmptt-trap-1478284318832118
#snmptt-trap-1478284319038128
#snmptt-trap-1478286015184389
#snmptt-trap-1478286064334809
#snmptt-trap-1478286066336766
#snmptt-trap-1478286066637160
#snmptt-trap-1478286067037485
#snmptt-trap-1478286079549392
#snmptt-trap-1478286102273742
#snmptt-trap-1478286105173298
#snmptt-trap-1478286105876528
#snmptt-trap-1478286108174394
#snmptt-trap-1478287864482866
#snmptt-trap-1478287865481065
#snmptt-trap-1478287866711800
#snmptt-trap-1478287867988813
#snmptt-trap-1478287879496667
#snmptt-trap-1478287901215801
#snmptt-trap-1478287905622773
#snmptt-trap-1478287906023400
#snmptt-trap-1478287909425222
#snmptt-trap-1478289615261501
#snmptt-trap-1478289664236411
#snmptt-trap-1478289665324923
#snmptt-trap-1478289666728028
#snmptt-trap-1478289667828281
#snmptt-trap-1478289680339159
#snmptt-trap-1478289701960424
#snmptt-trap-1478289705162197
#snmptt-trap-1478289705864321
#snmptt-trap-1478289708367272

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 1:08 pm
by tgriep
The # symbol in the names of the files in the /var/spool/snmptt folder is normal, that is the naming scheme that is used.

Lets get a backup of all of the snmptt log file.
Run the following as root and post the /tmp/snmptt.tgz file.

Code: Select all

tar cvfz /tmp/snmptt.tgz /var/log/snmptt/
Can you post this file as well?

Code: Select all

/usr/local/nagiosxi/var/corelog.newobjects
Also, what is the host name, IP address and the name of the trap your device is sending to the XI server?

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 2:21 pm
by msmulpuri
Please find attached the requested. The snmp trap sending host IP 192.168.1.10. The device sends all the traps that are monitored from the OID .1.3.6.1.4.1.6431 and subtree
Can we have Sean Sax work on this case as he is familiar with what our current setup is. Thanks!

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 6:02 pm
by ssax
Ok, so it looks like we will need to change the $r on the EXEC line of those traps to $A, as an example would be:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level. 
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC
To:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$A" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level. 
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC
Please try that for one of them, restart the SNMPTT service, force a trap to come in with the one you modified and see what is entered in /usr/local/nagios/var/nagios.log.

Please see here for more information as well:

http://snmptt.sourceforge.net/docs/snmp ... ONF-FORMAT
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 6:03 pm
by Box293
Can you please upload a copy of the snmpttunknown.log so we can compare what is not being matched with your configs.

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 8:09 pm
by msmulpuri
There is no current unknown snmptt log. The last one we see was a 0 byte file from 11/06. As far as changing the $r to $A per Sean Sax note we already have dns_enable is set to 0 in the snmptt.ini file. However I will try changing the values as per his request and update the case with the results.

Re: Issue with Receiving SNMP Traps

Posted: Mon Nov 07, 2016 8:50 pm
by msmulpuri
Please find uploaded the tar.tgz files of snmptt unknown log per your request. It should not be an issue as far as I can see since there is no more entries getting written to this file. So we should be OK there.So, we still need to figure out the traps not being seen for the hosts.

Re: Issue with Receiving SNMP Traps

Posted: Tue Nov 08, 2016 4:19 pm
by ssax
Also, please try this (using $4 from the trap) as well if the other doesn't work:

Code: Select all

EVENT bwOpenClientServerNbConnectionsLimitExceeded .1.3.6.1.4.1.6431.1.1.1.520 "Status Events" Normal
FORMAT The number of connections exceeded the threshold level.  $*
EXEC /usr/local/bin/snmptraphandling.py "$4" "SNMP Traps" "$s" "$@" "$-*" "The number of connections exceeded the threshold level.  $*"
SDESC
The number of connections exceeded the threshold level.
@severity:high
@subcomponent:openClientServer
-- @feature:144410
Variables:
  1: identifier
  2: timeStamp
  3: alarmName
  4: systemName
  5: severity
  6: alarmState
  7: component
  8: subcomponent
  9: problemText
  10: recommendedActionsText
EDESC
Thank you

Re: Issue with Receiving SNMP Traps

Posted: Thu Nov 17, 2016 4:14 pm
by msmulpuri
Currently below is what I am having issue with. I could see the SNMP Traps on the receiving Nagios XI server but No data received.

OK: No data received yet.

I have been following the tutorial as per this URL. https://support.nagios.com/kb/article.php?id=77

Am I still doing something wrong? Please advise.
All times are UTC-05:00
Page 2 of 4

Powered by phpBB® Forum Software © phpBB Limited