Trap Processing disable DNS

[b2m]

Hi all,

we have the problem with slow trap processing. I found out that it is a DNS matter. When I add the hosts to /etc/hosts everything is fast but this is impossible to do for every router we have.

We don't use a dns server in this network so DNS queries go to nirvana. How can I avoid that snmptrapd and / or snmptt try to resolve IP addresses to hostnames before giving the trap to Nagios XI? Of course in XI they should still be assigned to the hostname which is configured in XI.

Thanks a lot and best wishes

b2m

Code: Select all

cat /etc/snmp/snmptrapd.conf
disableAuthorization yes
traphandle default /usr/local/sbin/snmptthandler

Code: Select all

cat /etc/snmp/snmptt.ini | grep dns
dns_enable = 0

[sreinhardt]

If you wish to have hostnames populate, you really only have three options:
1) Leave dns enable within snmptt.ini which you already showed the option that would need to be enabled and allow normal resolution
2) Use the above setting and either maintain dns on the nagios system, or continually edit the hosts file, which understandably is not a great option.
3) Disable dns within the ini, and make sure that your devices are all sending the full hostname as XI expects, so that dns is not needed. This however may not be an option on all devices.

I suppose there is a fourth option of doubling every host that has a hostname and add a second for just ip addresses, but thats not a great option either.

[b2m]

Thanks a lot for your answer but I don't really understand.

As you know we have no DNS server. Anyway, processing works but it is slow as snmptrapd seems to try reverse lookups. I don't know why but Nagios receives the Traps correctly. Which means that a IP -> Hostname mapping is done somewhere. It could be true that the network elements send their names with the traps. So I doubt that DNS is really necessary.

To sum up:

1) default settings of snmptt / snmptrapd -> works but is slow
2) mapping in /etc/hosts -> works and is fast
3) disabling resolution in snmptrapd (-n switch) -> nagios shows unconfigured

In my opinion their has to be an option for snmptrapd to do just the same as in 1) without the pointless DNS lookup.

As Nagios XI has the IP -> Hostname mapping in its database I find it redundant to maintain another database or file like /etc/hosts.

Are there plans to improve and simplify trap processing in a future version? To be honest I did lots of testing but I find it hard to configure and a quite unreliable. For me there are too many deamons / scripts that have to interact correctly.

[sreinhardt]

What I, kind of, was working towards, is that this is not specific to traps. This will have the same behavior with any passive check submitted in regards to matching host name and service name. It is fully expected behavior that passively submitted checks\results only check those two items and if not matched are considered unconfigured objects within core. This intentionally leaves resolution to the item submitting those checks, in this case snmptt.

So while you can disable dns resolution via snmptt\trapd, this will only result in mismatches within nagios as the hostname will be an IP address instead of the actual hostname that is expected. In your particular case, it seems either creating an internal dns server, personally the preferred option, or editing the hosts file each time, are about your only options. You could write a script of some sort to look through your host configurations and match IP to name before submitting the passive results, but thats not a great solution either.

[b2m]

Sorry for coming up with that again .

I found something you can test yourself if you want to. Nagios XI definitely does some kind of correct IP -> Hostname mapping with its own database. Check this out:

Code: Select all

/usr/local/bin/snmptraphandling.py "10.182.116.249" "SNMP Traps" "Normal" "1" "just a dummy" "Test for demo"

With 10.182.116.249 is the Host xxx-LNCR01 in Nagios XI.

This commands which is also triggered everytime snmptt translates a trap results in the output like in the picture in the attachment.

So the only thing I need is that neither SNMPTRAPD nor SNMPTT tries to translate something but just pass the host's ip address to Nagios XI via the python script above. Do you know a method how to get this done?

Thanks a lot and best wishes

b2m


//Update

/etc/snmp/snmptt.conf

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$ar" "SNMP Traps" "$s" "$@" "Interface $2 $4" "linkDown"

/etc/sysconfig/snmptrapd

Code: Select all

OPTIONS="-Lsd -On -n -p /var/run/snmptrapd.pid"

Works fine so far. Thanks anyway...

[lmiltchev]

Thanks for the feedback! We will take a look at this. Locking the topic.