SNMP Trap
Posted: Mon Jan 06, 2014 10:33 pm
Happy new year !
I would like to shear with all Nagios fans the implementation of SNMPTT ( SNMP Traps ). Im using CentOS with Nagios 4.0.2.
The whole concept of this is rely simple once you got it
. SNMP Trap message comes from some device to the Nagios Server --- "snmptrapd" proces/program/script get this message --- delegate to SNMPTT process/program/script ---- from there snmptraphandler make something with it. In this case it tells Nagios to do something.
This is step by step what iv done.
Stepn1:
Install the Requirements and SNMPTT.
-Download the SNMPTT_*.tgz file from Sourceforge
-tar –zxvf snmptt_*.tgz
Copy the files from the file to the system:
I go with standard handler:
Step 2:
Install some Perl modules:
Step 3:
In the “snmptrapd” file (vi /etc/rc.d/init.d/snmptrapd) go to “OPTIONS” part and put “–On” in it.
In the snmptrad.conf file ( vi /etc/snmp/snmptrad.conf ) add the following lines:
Now it is the interesting part.
You have to have the mibs files for the device and convert them, so you don’t have to deal with numbers of the mibs ( the OID ), you can deal with names of the status you would like.
We use the “snmpttconvertmib” to translate the mib file and tell him what to execute when it see it. Also with this we create the “snmptt.conf” file. You can specify or translate many different snmptt.conf.<name_device> files so you can be more controlled over the mibs of the devices. If you do this you have to specifie the files that you will create, this is done with adding the name file in at the end of “snmptt.ini” file (vi /etc/snmp/snmptt.ini). At the bottom you will find “[TRAPFILES]” part and here you can specify the file name:
snmptt.conf file contains a list of all the defined traps
For now i will explain how i did this with Cisco router. I download the mib files that are/ or gave information about status of the interface ( if its up or down ). I downloaded from Cisco site the IF-MIB and SNMPv2-MIB... or what ever you need just go the this site
Download the mib file and put it in the mib directory ( for me CentOS the default mib path is /usr/share/snmp/mibs/ ). From thee as i say previous .. we are using the snmpttconvertmib to convert the mib files and put it in the snmptt.conf files and also to add the executable command.
So for now we have SNMPTT installed with Perl modules, downloaded the necessary mib files, convert them with the executed command and... and how we do that
Before that let see what should we execute when we receive the trap.
If we make some Test service for our Cisco Test Router that are we monitoring with nagios it will be much more easy to understand this. So we will do
Step 5:
Define some Services like this for example:
Put that or this service in use to the Devices that you should send the TRAP
Now in Nagios we have some Service for Device named RouterTest, and the services should be in Pending or OK status.
And how can we make this service to be CRITICAL. If we can see the "submit_check_result" script ( open with vi/vim/nano and you will see ) that is in "/usr/local/nagios/libexec/eventhandlers" in my situation, we can us it this to manipulate with the status of the service. We can use this command to make the status go from OK to CRITICAL ( we are talking directly to hard state, we are skipping the soft state of the service, we are working with traps ). If we execute the script like this we can do that
Test it:
/usr/local/nagios/libexec/eventhandlers/submit_check_result RouterTest TRAP 2 “TESTING”
You can see in the Nagios log part to see if there is a change or in the host part or services, depend.
Thats it.
So this command we can use it when we convert the mib files and writing down the snmptt.conf files so SNMPTT part to know what to do when the TRAP is receive, not just to make a log file and sit there quietly.
How to do that is STEP56:
Step 6:
use this command to make the snmptt.conf file:
snmpttconvertmib --in=/usr/share/snmp/mibs/<cisco mib file.my> --out=/etc/snmp/snmptt.conf --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2'
After this command in the snmptt.conf file you will see something similar like
EVENT Cisco_Link_Up BLA BLA
FORMAT Link Up on interface BLA BLA
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "xxxxxx" ---- THIS HAVE TO BE CHANGE
what we have to point here that in the EXEC command we can see the number 2 after TRAP. This number/argument ( if you read or open the submit_check_result script or file ) indicate what will be the status.
We have to have something like
For Up link IV GOT MAIL 
And that is all ... try and test it and see what you will have !
I hope i was clear and i dont miss anything, if so, simply reply and we can try to fix it / sorry for the poor language but its 04:30 AM ... and this is my source where i found solutions about it:
BIG THANKS TO THEM AND ALSO FROM Sourceforge forum the support for SNMPTT
Source 1: GOOGLE
Source 2: SNMPTT PAGE
Source 3: PAGE 1
Source 4: PAGE 2
I would like to shear with all Nagios fans the implementation of SNMPTT ( SNMP Traps ). Im using CentOS with Nagios 4.0.2.
The whole concept of this is rely simple once you got it
. SNMP Trap message comes from some device to the Nagios Server --- "snmptrapd" proces/program/script get this message --- delegate to SNMPTT process/program/script ---- from there snmptraphandler make something with it. In this case it tells Nagios to do something. This is step by step what iv done.
Stepn1:
Install the Requirements and SNMPTT.
-Download the SNMPTT_*.tgz file from Sourceforge
-tar –zxvf snmptt_*.tgz
Copy the files from the file to the system:
I go with standard handler:
Code: Select all
-copy snmptt to /usr/sbin/
-Copy snmptthandler to /usr/sbin/
-Copy snmptt.ini to /etc/snmp/ or /etc/ and edit the options inside the file.
-Copy snmpttconvertmib and snmpttconvert to /usr/sbin.
-Either copy examples/snmptt.conf.generic to /etc/snmp/snmptt.conf (renaming the file during the copy) or use the touch command to create the file (touch /etc/snmp/snmptt.conf).
-Create the log folder /var/log/snmptt/.Install some Perl modules:
Code: Select all
-yum install net-snmp-perl, perl-CPAN
-perl -MCPAN -e 'install List::MoreUtils'
-perl -MCPAN -e 'install Config::IniFiles'
-yum install perl-Module-BuildIn the “snmptrapd” file (vi /etc/rc.d/init.d/snmptrapd) go to “OPTIONS” part and put “–On” in it.
In the snmptrad.conf file ( vi /etc/snmp/snmptrad.conf ) add the following lines:
Step 4:-disableAuthorization yes
-traphandle default /usr/sbin/snmptthandler
Now it is the interesting part.
You have to have the mibs files for the device and convert them, so you don’t have to deal with numbers of the mibs ( the OID ), you can deal with names of the status you would like.
We use the “snmpttconvertmib” to translate the mib file and tell him what to execute when it see it. Also with this we create the “snmptt.conf” file. You can specify or translate many different snmptt.conf.<name_device> files so you can be more controlled over the mibs of the devices. If you do this you have to specifie the files that you will create, this is done with adding the name file in at the end of “snmptt.ini” file (vi /etc/snmp/snmptt.ini). At the bottom you will find “[TRAPFILES]” part and here you can specify the file name:
Code: Select all
[TRAPFILES]
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf.cisco
/etc/snmp/snmptt.conf.<other_name_device>
ENDFor now i will explain how i did this with Cisco router. I download the mib files that are/ or gave information about status of the interface ( if its up or down ). I downloaded from Cisco site the IF-MIB and SNMPv2-MIB... or what ever you need just go the this site
Download the mib file and put it in the mib directory ( for me CentOS the default mib path is /usr/share/snmp/mibs/ ). From thee as i say previous .. we are using the snmpttconvertmib to convert the mib files and put it in the snmptt.conf files and also to add the executable command.
So for now we have SNMPTT installed with Perl modules, downloaded the necessary mib files, convert them with the executed command and... and how we do that
Before that let see what should we execute when we receive the trap.
If we make some Test service for our Cisco Test Router that are we monitoring with nagios it will be much more easy to understand this. So we will do
Step 5:
Define some Services like this for example:
Code: Select all
define service {
name SNMP_TRAP
service_description SNMP_TRAP
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
process_perf_data 0
obsess_over_service 0 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
check_command check-host-alive ; This will be used to reset the service to "OK"
is_volatile 1
check_period 24x7
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
contact_groups netops-24x7 ; Modify this to match your Nagios contact group definitions
register 0
}Code: Select all
define service {
use SNMP_TRAP
host_name RouterTest
service_description TRAP
check_interval 120 ; Don't clear for 2 hours
}And how can we make this service to be CRITICAL. If we can see the "submit_check_result" script ( open with vi/vim/nano and you will see ) that is in "/usr/local/nagios/libexec/eventhandlers" in my situation, we can us it this to manipulate with the status of the service. We can use this command to make the status go from OK to CRITICAL ( we are talking directly to hard state, we are skipping the soft state of the service, we are working with traps ). If we execute the script like this we can do that
Test it:
/usr/local/nagios/libexec/eventhandlers/submit_check_result RouterTest TRAP 2 “TESTING”
You can see in the Nagios log part to see if there is a change or in the host part or services, depend.
Thats it.
So this command we can use it when we convert the mib files and writing down the snmptt.conf files so SNMPTT part to know what to do when the TRAP is receive, not just to make a log file and sit there quietly.
How to do that is STEP56:
Step 6:
use this command to make the snmptt.conf file:
snmpttconvertmib --in=/usr/share/snmp/mibs/<cisco mib file.my> --out=/etc/snmp/snmptt.conf --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2'
After this command in the snmptt.conf file you will see something similar like
EVENT Cisco_Link_Up BLA BLA
FORMAT Link Up on interface BLA BLA
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "xxxxxx" ---- THIS HAVE TO BE CHANGE
what we have to point here that in the EXEC command we can see the number 2 after TRAP. This number/argument ( if you read or open the submit_check_result script or file ) indicate what will be the status.
What we have to do now, in the snmptt.conf file where we have Up state, in the EXEC part where we have 2 we have to change this to 0 for UP and where we have Down we have to leave it like that 2 for CRITICAL.# Arguments:
# $1 = host_name (Short name of host that the service is
# associated with)
# $2 = svc_description (Description of the service)
# $3 = return_code (An integer that determines the state
# of the service check, 0=OK, 1=WARNING, 2=CRITICAL,
# 3=UNKNOWN).
# $4 = plugin_output (A text string that should be used
# as the plugin output for the service check)
#
We have to have something like
For Up link
For down linkEVENT Cisco_Link_Up BLA BLA
FORMAT Link Up on interface BLA BLA
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 0 "xxxxxx"
What will happen now is, when the trap is receive from "snmptrad" it will send to SNMPTT part where it will look for the snmptt.conf file to match the trap information / the mib or OID that it carry with it. And if it mib or OID match one of the events for example Link is down, it will execute the command ( this one "EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "xxxxxx" ) with the argument 2, or 0 if its UP. After the command is execute the Nagios will change the status and the other part you should know it.EVENT Cisco_Link_Downd BLA BLA
FORMAT Link Down on interface BLA BLA
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 2 "xxxxxx"
IV GOT MAIL And that is all ... try and test it and see what you will have !
I hope i was clear and i dont miss anything, if so, simply reply and we can try to fix it
/ sorry for the poor language but its 04:30 AM ... and this is my source where i found solutions about it:BIG THANKS TO THEM AND ALSO FROM Sourceforge forum the support for SNMPTT
Source 1: GOOGLE
Source 2: SNMPTT PAGE
Source 3: PAGE 1
Source 4: PAGE 2