Nagios Support Forum

I think we're getting closer, but still not there. I should note that Nagious is resolving the StruxureWare server IP arddress to the FQDN, so I thought the snmptt.ini question might be relevant. I found that the snmptt.ini file was set to do domain stripping by default (i.e. strip_domain = 1). I changed that to strip_domain = 0 and restarted Nagios and NagiosXI daemons/services. I tried sending a test SNMP alert again from StruxureWare and I still don't see it in Nagious. I also checked /var/spool/snmptt and there are no traps stored there. Not sure where to go next. Any help appreciated.

Did you check /var/log/snmp/snmptt.log ? if it is in there, take a look at the name of the host that sent the alert. Verify that is the exact same as the host configured in NagiosXI.

snmptt.log is 0 bytes??

What about snmpttunknown.log in the same folder?

@ scottwilkerson no not yet. I'm receiving roughly 5 traps per second from a faulty device and sometimes I see the snmptt getting hung on that. I'm trying to find out why.

snmpttunknown.log is 0 bytes also? Could snmptt be broken at this point? Nagios seems to be running fine as does snmptt.

citpaj wrote:snmpttunknown.log is 0 bytes also? Could snmptt be broken at this point? Nagios seems to be running fine as does snmptt.

One last question before I am past my knowledge.

Is there a firewall running, iptables or whatever? Make sure port 162 is open!

Still working on a solution. Will update when I have something to add. Thanks.

Sounds great thanks!

I think the whole snmptt is not yet mature .. I have too load of issues around it with a current client. .. so lets get dirty and see what we can get .. free the disk were going to log everything.
at present .. you should see all traps going to the /var/log/messages. this might be messy. so move them to a separate log.

vi /etc/sysconfig/snmptrapd

# OPTIONS="-Lsd -On -p /var/run/snmptrapd.pid"
replace with
OPTIONS="-On -Lf /var/log/snmptrapdlog -p /var/run/snmptrapd.pid"

then
for i in snmpd snmptrapd snmptt ;do service $i stop;done # to restart the snmpt stuff ..

now you get all the incoming traps in /var/log/snmptrapdlog

if this in empty then you dont get traps.

disable the firewall.

service iptables stop

chmod -R 777 /var/spool/snmptt
chmod -R 777 /var/log/snmptt

to get all log for sure.

now if you dont have mibs then all unknown traps are going into the /var/log/snmptt/snmpttunknownlog.

You must have a translation in the /etc/snmp/snmptt.conf else it will not be sent to Nagios. so for each entry in the unknownlog you have to create in the snmptt.conf and entry like this.

EVENT Error .1.3.6.1.4.1.637.3.1.6.1.2200* "Error" Critical
FORMAT The Trap indicates that there is a problem with the Rewrapper $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The Trap indicates that there is a problem with the Rewrapper $*"

Then it will show up in the Nagios Trap service.

However.. and Nagios XI lacks in this. If you receive one trap with an error and one trap short after clearing or giving another error just the lat trap will be shown. SO passive trap are not a strong part of Nagios. You can install http://labs.nagios.com/2012/01/10/nagio ... available/ which I did and it helped to store all traps in a sql DB to log and show there.