SNMPTT don't make log

[Ravil]

Hello. I have a problem with snmptt. I have a system CentOS 6.5 and i need receive snmp trap on nagios core 3.5.1. I installed snmp, snmptrap and snmptt services. And then i use next command:

Code: Select all

snmptrap -c public -v 2c 127.0.0.1 "" 1.3.3.3.3.3.3.3 1.2.2.2.2.2.2 s "TEST"

This trap is catched by snmptrapd.log, but file snmptt.log even not created.

Config snmptt.ini:

Code: Select all

mode=daemon
net_snmp_perl_enable=1
spool_directory=/var/spool/snmptt/
use_trap_time=1
keep_unlogged_traps=1
stdout_enable=1
log_enable=1
log_file=/var/log/snmptt/snmptt.log
log_system_enable=1
log_system_file=/var/log/snmptt/snmpttsystem.log
unknown_trap_log_enable=1
unknown_trap_log_file=/var/log/snmptt/snmpttunknown.log

Config snmptrapd.conf:

Code: Select all

traphandler default /usr/sbin/snmptthandler
logoption f /var/log/snmptrap.log
disableAuthorization yes

Direcroty /var/spool/snmptt/ is empty

Help me, please. Why snmptt is not logging?

P.S. Sorry for dirty english =)

[sreinhardt]

Well, have you actually received any traps? Also if you could respond with the output from the following commands.

Code: Select all

ls -lva /usr/local/bin | grep -i 'snmp\|addmib'
ls -lva /usr/local/sbin | grep -i 'snmp\|addmib'
ls -lva /usr/sbin | grep -i 'snmp\|addmib'

grep -i 'daemon_uid\|mode =' /etc/snmp/snmptt.ini
grep -i -m 5 'exec' /etc/snmp/snmptt.conf
grep -i 'nag' /etc/group
grep -i 'snmp' /etc/group

ll /var/log/snmptt/
ll -d /var/log/snmptt/
ll /var/spool/snmptt
ll -d /var/spool/snmptt

yum list installed | grep -i snmp

[Ravil]

Well, have you actually received any traps? Also if you could respond with the output from the following commands.

Code: Select all

ls -lva /usr/local/bin | grep -i 'snmp\|addmib'
ls -lva /usr/local/sbin | grep -i 'snmp\|addmib'
ls -lva /usr/sbin | grep -i 'snmp\|addmib'

grep -i 'daemon_uid\|mode =' /etc/snmp/snmptt.ini
grep -i -m 5 'exec' /etc/snmp/snmptt.conf
grep -i 'nag' /etc/group
grep -i 'snmp' /etc/group

ll /var/log/snmptt/
ll -d /var/log/snmptt/
ll /var/spool/snmptt
ll -d /var/spool/snmptt

yum list installed | grep -i snmp

Code: Select all

ls -lva /usr/sbin | grep -i 'snmp\|addmib'
-rwxr-xr-x.  1 root root      25972 Nov 22 22:56 snmpd
-rwxr-xr-x.  1 root root      25992 Nov 22 22:56 snmptrapd
-rwxr-xr-x   1 root root     177455 Feb  7 19:55 snmptt
-rwxr-xr-x   1 root root       3291 Feb  8 12:12 snmpttconvert
-rwxr-xr-x   1 root root      30765 Feb  7 20:05 snmpttconvertmib
-rwxr-xr-x   1 root root       6488 Feb  7 19:55 snmptthandler

grep -i 'daemon_uid\|mode =' /etc/snmp/snmptt.ini
#mode = standalone
description_mode = 0
# A second (child) process will be started as the daemon_uid user so
daemon_uid = snmptt

grep -i -m 5 'exec' /etc/snmp/snmptt.conf
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (coldStart)"
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (warmStart)"
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "Link up on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "SNMP authentication failure"

grep -i 'nag' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt

grep -i 'snmp' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt
snmptt:x:502:

ll /var/log/snmptt/
total 4
-rw-r--r-- 1 root root 426 Feb  8 14:39 snmpttsystem.log

ll -d /var/log/snmptt/
drwxr-xr-x 2 root root 4096 Feb  8 11:48 /var/log/snmptt/

ll /var/spool/snmptt
total 0

ll -d /var/spool/snmptt
drwxr-xr-x 2 root root 4096 Feb  7 20:04 /var/spool/snmptt

cat /var/log/snmptrapd.log
NET-SNMP version 5.5
2014-02-08 16:36:00 <UNKNOWN> [UDP: [192.168.0.5]:43412->[192.168.0.17]]:
.1.3.6.1.2.1.1.3.0 = Timeticks: (1459705) 4:03:17.05    .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.3.3.3.3.3.3  .1.2.2.2.2.2.2 = STRING: "test message"
2014-02-08 16:36:22 <UNKNOWN> [UDP: [192.168.0.5]:49385->[192.168.0.17]]:
.1.3.6.1.2.1.1.3.0 = Timeticks: (1461925) 4:03:39.25    .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.3.3.3.3.3.3  .1.2.2.2.2.2.2 = STRING: "test message 2222"

[Ravil]

I received next information:

Code: Select all

[root@localhost ~]# ls -lva /usr/local/bin | grep -i 'snmp\|addmib'
-r-xr-xr-x.  1 root root  4817 Feb 20 14:42 snmpkey
[root@localhost ~]# ls -lva /usr/local/sbin | grep -i 'snmp\|addmib'
[root@localhost ~]# ls -lva /usr/local/sbin | grep -i 'snmp\|addmib'
[root@localhost ~]# grep -i 'daemon_uid\|mode =' /etc/snmp/snmptt.ini
#mode = standalone
mode = daemon
description_mode = 0
# A second (child) process will be started as the daemon_uid user so
daemon_uid = snmptt
[root@localhost ~]# grep -i -m 5 'exec' /etc/snmp/snmptt.conf
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (coldStart)"
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (warmStart)"
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "Link up on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "SNMP authentication failure"
[root@localhost ~]# grep -i 'nag' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt
[root@localhost ~]# grep -i 'snmp' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt
snmptt:x:502:
[root@localhost ~]# ll /var/log/snmptt/
total 2492
-rw-r--r--. 1 snmptt root  100310 Feb 24 14:34 snmpttdebug.log
-rw-r--r--. 1 snmptt root 2430783 Feb 24 08:56 snmpttdebug.log-20140223
-rw-r--r--. 1 root   root     426 Feb 24 08:59 snmpttsystem.log
-rw-r--r--. 1 root   root    2776 Feb 20 12:18 snmpttsystem.log-20140223
[root@localhost ~]# ll -d /var/log/snmptt/
drwxr-xr-x. 2 root root 4096 Feb 23 03:06 /var/log/snmptt/
[root@localhost ~]# ll /var/spool/snmptt
total 0
[root@localhost ~]# ll -d /var/spool/snmptt
drwxr-xr-x. 2 root root 4096 Feb 18 09:59 /var/spool/snmptt
[root@localhost ~]# yum list installed | grep -i snmp
net-snmp.x86_64       1:5.5-49.el6      @base
net-snmp-devel.x86_64 1:5.5-49.el6      @base
net-snmp-libs.x86_64  1:5.5-49.el6      @base
net-snmp-perl.x86_64  1:5.5-49.el6      @base
net-snmp-utils.x86_64 1:5.5-49.el6      @base

[sreinhardt]

Looks like we have a few permissions issues. If you could run the following commands, then also rerun the commands I originally requested above, just to be sure it came out properly.

Code: Select all

chown root:nagios /etc/snmp/snmptt.ini /etc/snmp/snmptt.conf /etc/snmp /usr/local/bin/addmib
chmod g+w /etc/snmp/snmptt.ini /etc/snmp
chmod g+x /usr/local/bin/addmib

chown -R snmptt:snmptt /var/spool/snmptt /var/log/snmptt
chmod -R ug+wx /var/spool/snmptt /var/log/snmptt

[Ravil]

Looks like we have a few permissions issues. If you could run the following commands, then also rerun the commands I originally requested above, just to be sure it came out properly.

Code: Select all

chown root:nagios /etc/snmp/snmptt.ini /etc/snmp/snmptt.conf /etc/snmp /usr/local/bin/addmib
chmod g+w /etc/snmp/snmptt.ini /etc/snmp
chmod g+x /usr/local/bin/addmib

chown -R snmptt:snmptt /var/spool/snmptt /var/log/snmptt
chmod -R ug+wx /var/spool/snmptt /var/log/snmptt

I received some error:

Code: Select all

[root@localhost snmptt]# chown root:nagios /etc/snmp/snmptt.ini /etc/snmp/snmptt.conf /etc/snmp /usr/local/bin/addmib
chown: cannot access `/usr/local/bin/addmib': No such file or directory
[root@localhost snmptt]# chmod g+x /etc/snmp/snmptt.ini /etc/snmp
[root@localhost snmptt]# chmod g+x /usr/local/bin/addmib
chmod: cannot access `/usr/local/bin/addmib': No such file or directory

[root@localhost snmptt]# chown -R snmptt:snmptt /var/spool/snmptt /var/log/snmptt
[root@localhost snmptt]# chmod -R ug+wx /var/spool/snmptt /var/log/snmptt

Should I create this folder? (/usr/local/bin/addmib).

I rerun your commands:

Code: Select all

[root@localhost snmptt]# ls -lva /usr/local/bin | grep -i 'snmp\|addmib'
-r-xr-xr-x.  1 root root  4817 Feb 20 14:42 snmpkey
[root@localhost bin]# ls -lva /usr/local/sbin | grep -i 'snmp\|addmib'
[root@localhost bin]# ls -lva /usr/sbin | grep -i 'snmp\|addmib'
-rwxr-xr-x.  1 root root       30744 Nov 22 23:01 snmpd
-rwxr-xr-x.  1 root root       30776 Nov 22 23:01 snmptrapd
-rwxr-xr-x.  1 root root      177455 Feb 18 10:09 snmptt
-rwxr-xr-x.  1 root root        3291 Feb 18 13:40 snmpttconvert
-rwxr-xr-x.  1 root root       30765 Feb 18 09:57 snmpttconvertmib
-rwxr-xr-x.  1 root root        6488 Feb 18 10:09 snmptthandler
[root@localhost bin]# grep -i 'daemon_uid\|mode =' /etc/snmp/snmptt.ini
#mode = standalone
mode = daemon
description_mode = 0
# A second (child) process will be started as the daemon_uid user so
daemon_uid = snmptt
[root@localhost bin]# grep -i -m 5 'exec' /etc/snmp/snmptt.conf
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (coldStart)"
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (warmStart)"
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "Link up on interface $1.  Admin state: $2.  Operational state: $3"
#EXEC qpage -f TRAP notifygroup1 "SNMP authentication failure"
[root@localhost bin]# grep -i 'nag' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt
[root@localhost bin]# grep -i 'snmp' /etc/group
nagios:x:500:snmptt
nagcmd:x:501:nagios,apache,snmptt
snmptt:x:502:
[root@localhost bin]# ll /var/log/snmptt/
total 432
-rwxrwxr--. 1 snmptt snmptt 431079 Feb 25 09:22 snmpttdebug.log
-rwxrwxr--. 1 snmptt snmptt   2366 Feb 25 09:22 snmpttsystem.log
[root@localhost bin]# ll -d /var/log/snmptt/
drwxrwxr-x. 2 snmptt snmptt 4096 Feb 25 09:21 /var/log/snmptt/
[root@localhost bin]# ll /var/spool/snmptt
total 0
[root@localhost bin]# ll -d /var/spool/snmptt
drwxrwxr-x. 2 snmptt snmptt 4096 Feb 18 09:59 /var/spool/snmptt
[root@localhost bin]# yum list installed | grep -i snmp
net-snmp.x86_64       1:5.5-49.el6      @base
net-snmp-devel.x86_64 1:5.5-49.el6      @base
net-snmp-libs.x86_64  1:5.5-49.el6      @base
net-snmp-perl.x86_64  1:5.5-49.el6      @base
net-snmp-utils.x86_64 1:5.5-49.el6      @base

[Ravil]

Do I understand correctly that if I don't have MIBs, SNMPTT should write trap in snmpttunknown.log?

[Ravil]

I use snmptt 1.4

[sreinhardt]

You are correct, if you do not have mibs\oids added to snmptt.conf, they should show in snmpttunknown.log. Are you seeing anything in there?

Also please do not double or triple post, instead modify your last post. Otherwise it puts you to the end of the line, as we do not answer based on bumps and highest in thread, but last post time.

[Ravil]

You are correct, if you do not have mibs\oids added to snmptt.conf, they should show in snmpttunknown.log. Are you seeing anything in there?

Also please do not double or triple post, instead modify your last post. Otherwise it puts you to the end of the line, as we do not answer based on bumps and highest in thread, but last post time.

No, i see nothing, except /var/log/snmptt/snmpttsystem.log and /var/log/snmptt/snmpttdebug.log

I use next snmtrap commands:

Code: Select all

snmptrap -v 1 -c public 192.168.0.124 '.1.3.6.1.2.1.1.3.0' '192.168.0.124' 6 99 '55' 1.3.6.1.2.1.1.3.0 s "test message 1"
snmptrap -v 2c -c public 192.168.0.124 "" 1.3.3.3.3.3.3.3 1.2.2.2.2.2.2 s "TEST MESSAGE"

I see these traps in /var/log/snmptrap.log, but i don't see them in /var/log/snmptt/
Nagios server has IP-address 192.168.0.124. It's mean that I send trap on localhost.

This is my snmptt.ini file:

Code: Select all

[General]
snmptt_system_name =
#mode = standalone
mode = daemon
multiple_event = 1
dns_enable = 0
strip_domain = 0
strip_domain_list = <<END
domain.com
END
resolve_value_ip_addresses = 0
net_snmp_perl_enable = 1
net_snmp_perl_cache_enable = 1
net_snmp_perl_best_guess = 0
translate_log_trap_oid = 0
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
translate_integers = 1
mibs_environment = ALL
wildcard_expansion_separator = " "
allow_unsafe_regex = 0
remove_backslash_from_quotes = 0
dynamic_nodes = 0
description_mode = 0
description_clean = 1
threads_enable = 0
threads_max = 10
date_time_format = %H-%M-%S %Y:%m:%d

[DaemonMode]
daemon_fork = 1
daemon_uid = snmptt
pid_file = /var/run/snmptt.pid
spool_directory = /var/spool/snmptt/
sleep = 5
use_trap_time = 1
keep_unlogged_traps = 1
duplicate_trap_window = 0

[Logging]
stdout_enable = 1
log_enable = 1
log_file = /var/log/snmptt/snmptt.log
log_system_enable = 1
log_system_file = /var/log/snmptt/snmpttsystem.log
unknown_trap_log_enable = 1
unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log
statistics_interval = 0
syslog_enable = 1
syslog_facility = local0
syslog_level_debug = <<END
END
syslog_level_info = <<END
END
syslog_level_notice = <<END
END
syslog_level_warning = <<END
END
syslog_level_err = <<END
END
syslog_level_crit = <<END
END
syslog_level_alert = <<END
END
syslog_level = warning
syslog_system_enable = 1
syslog_system_facility = local0
syslog_system_level = warning

[Exec]
exec_enable = 1
pre_exec_enable = 1
unknown_trap_exec =
unknown_trap_exec_format =
exec_escape = 1

[Debugging]
DEBUGGING = 2
DEBUGGING_FILE = /var/log/snmptt/snmpttdebug.log
DEBUGGING_FILE_HANDLER =

[TrapFiles]
snmptt_conf_files = <<END
END

Code: Select all

[root@localhost ~]# ps -e | grep snmptt
 1015 ?        00:00:00 snmptt
 1016 ?        00:00:00 snmptt

Is it normally, that SNMPTT has 2 pid???