Nagios Support Forum

Please read and follow this guide (including running the shell script), I know it's for XI but it should install and setup traps properly, the information is very relavent:

https://assets.nagios.com/downloads/nag ... ios_XI.pdf


Then blank out your /etc/snmp/snmptt.conf file and then run the addmib command against your MIBs:
Then restart snmptt (you need to do this after every snmptt.conf change):
Let us know the results after testing and include all logs from /var/log/snmptt after submitting multiple traps. Also, please include your /etc/snmp/snmptt.conf file after you've done all of the above.

--

I'll include this additional information here to help you out:

This is the general flow of how SNMP traps work:

Device -> Nagios Server -> snmptrapd -> snmptt -> Nagios Service

Here's how it works in greater detail:

1. The device sends a SNMP trap with say an OID of .1.3.6.1.6.3.1.1.5.1 to the Nagios XI server.

2. The snmptrapd service receives the trap and then runs the default handler for traps (in this case SNMPTT)
- Taken from /etc/snmp/snmptrapd.conf
3. SNMPTT reads the trap and does some processing on it based on it's configuration (translate IP of sender into DNS name, strip domain, all configurable in /etc/snmp/snmptt.ini).

4. SNMPTT doesn't know anything about the traps in your MIB files, the MIB files on the system are just used for translation from .1.3.6.1.6.3.1.1.5.1 into coldStart. You need to process the MIB file that contains your traps to get them into the /etc/snmp/snmptt.conf file which SNMPTT reads to match against to see if it should do anything with it (.1.3.6.1.6.3.1.1.5.1).

5. Since you've run addmib on the MIB file containing your traps (in this case /usr/share/snmp/mibs/SNMPv2-MIB.txt) it processes the trap and puts it into a format SNMPTT understands and changes the EXEC line (see below) to execute the snmptraphandling.py script (that's what puts it into Nagios).
So SNMPTT says "Hey, I received a trap with OID .1.3.6.1.6.3.1.1.5.1, do I know anything about it? Let me check my /etc/snmp/snmptt.conf file. Oh, I see it matches the coldStart event (from above), I will run this EXEC line now (which happens to put it into Nagios)."

You can read more about SNMPTT and what those lines mean (and how you can change them if you want) here:

http://snmptt.sourceforge.net/docs/snmptt.shtml

Please see here for advanced reading:

https://support.nagios.com/kb/article.php?id=232
https://support.nagios.com/kb/article.php?id=559
https://support.nagios.com/kb/article.php?id=77
https://support.nagios.com/kb/article.php?id=493
https://support.nagios.com/kb/article.php?id=558


Thank you

No errors at the procedure

No errors at the procedure

The reason that they are going into the snmpttunknown.log is because you are using an older Fortinet MIB that doesn't contain the OIDs that are being sent, please download and use the Fortinet MIBs from the attachment, you will need to remove the entries that were put in there before.

Let us know the results.


Thank you

My test are not from fortigate but from fujitsu servers

Ok, you still have traps coming in that require those updated MIBs though, it's up to you whether you want them to be understood by XI.

Please send me the output of these commands:
Run this tail command (and let it run):
Then force a few traps to be sent and let me know which ones are the proper ones and which SNMPTT logs they go into.


Thank you

When i run and send some test traps from the server (10.0.5.12), the traps are caught but as an unknown trap (see below)
This is happening because the system does not recognize the mib of the system that trap was sent from?

It looks like that OID is from FSC-SERVERCONTROL2-MIB or from SC2-MIB, do you have those Fujitsu MIBs? I was unable to find them, you will need to reach out to Fujitsu support if you do not have the proper MIB files.


Thank you

ok i found those mibs so i will import them to nagios server and test the traps tommorow. i will get back to you soon

Sounds good. Support starts 9am US Central time tomorrow (we've got a couple more hours today if you can get to it today).