Page 1 of 1
SNMP trap for Triton Websense
Posted: Fri Apr 25, 2014 1:19 pm
by btemple
I followed the "How to Integrate SNMP traps with nagios XI " I have everything setup and can see test traps in the snmptt.log but I cannot seem to see anything in the gui and the trap service just says waiting and generates no alerts or anything that I can tell. There is no snmpttunknown.log so I assume the imported mib's are good
here is an example from snmptt.log
Fri Apr 25 14:10:46 2014 .1.3.6.1.4.1.23365.10000.0.10 Normal "Status Events" srqtrtn - Websense Alert: this event is for testing use
Re: SNMP trap for Triton Websense
Posted: Fri Apr 25, 2014 1:42 pm
by sreinhardt
Can you post your snmptt.conf file please? My guess, since snmptt is not adding to unknown.log, is that the exec line just needs to be changed.
Re: SNMP trap for Triton Websense
Posted: Fri Apr 25, 2014 1:48 pm
by btemple
[root@ var]# cat /etc/snmp/snmptt.conf
Code: Select all
#
#
#
EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT Device reinitialized (coldStart)
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (coldStart)"
SDESC
A coldStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself and that its
configuration may have been altered.
EDESC
#
#
#
EVENT warmStart .1.3.6.1.6.3.1.1.5.2 "Status Events" Normal
FORMAT Device reinitialized (warmStart)
#EXEC qpage -f TRAP notifygroup1 "Device reinitialized (warmStart)"
SDESC
A warmStart trap signifies that the SNMPv2 entity, acting
in an agent role, is reinitializing itself such that its
configuration is unaltered.
EDESC
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
FORMAT Link down on interface $1. Admin state: $2. Operational state: $3
#EXEC qpage -f TRAP notifygroup1 "Link down on interface $1. Admin state: $2. Operational state: $3"
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state). This other state is indicated by the included value
of ifOperStatus.
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT Link up on interface $1. Admin state: $2. Operational state: $3
#EXEC qpage -f TRAP notifygroup1 "Link up on interface $1. Admin state: $2. Operational state: $3"
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state). This other state is indicated by the
included value of ifOperStatus.
EDESC
#
#
#
EVENT authenticationFailure .1.3.6.1.6.3.1.1.5.5 "Status Events" Normal
FORMAT SNMP athentication failure
#EXEC qpage -f TRAP notifygroup1 "SNMP authentication failure"
SDESC
An authenticationFailure trap signifies that the SNMPv2
entity, acting in an agent role, has received a protocol
message that is not properly authenticated. While all
implementations of the SNMPv2 must be capable of generating
this trap, the snmpEnableAuthenTraps object indicates
whether this trap will be generated.
EDESC
Re: SNMP trap for Triton Websense
Posted: Fri Apr 25, 2014 1:55 pm
by sreinhardt
I'm guessing that is an incomplete copy, as it does not have any includes lines or additions for the OID that you listed above. Could you attach it instead of pasting it please?
Re: SNMP trap for Triton Websense
Posted: Fri Apr 25, 2014 2:00 pm
by btemple
looks like the file is the same
Edit: I changed the group permission on snmptt.conf then reran the mib upload / process and the file updated with websense mib info. I will test and close if everything begins to work.
Re: SNMP trap for Triton Websense
Posted: Mon Apr 28, 2014 8:43 am
by btemple
I changed the group permission on snmptt.conf then reran the mib upload / process and the file updated with websense mib info. I will test and close if everything begins to work.
Re: SNMP trap for Triton Websense
Posted: Mon Apr 28, 2014 9:47 am
by slansing
Let us know if all goes well!
Re: SNMP trap for Triton Websense
Posted: Mon Apr 28, 2014 2:16 pm
by btemple
looks like the permission change resolved the issue. when I originally imported and proceeded the mibs the snmptt.conf file did not reflect the changes. once I changed the permissions and re-ran the import the snmptt.conf file updated and the alerts were processed as expected. Please close the thread at your leisure