Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SNMP Traps Version

https://support.nagios.com/forum/viewtopic.php?t=28101

Page 1 of 1

SNMP Traps Version

Posted: Tue Jul 08, 2014 3:37 am
by fpernet
Hi all,

We have a SOPHOS UTM 9 we would like to monitor using SNMP. SOPHOS is providing the MIB and is able to send it in only two version: 2c and 3.
We have a Nagios XI 2014R1.2 virtual machine x64.

We added the MIB with success AFAIK.
We are receiving traps but they go to unknown traps.

The tcpdump is:

Code: Select all

15:06:55.670444 IP (tos 0x0, ttl 64, id 29293, offset 0, flags [DF], proto UDP (17), length 142)
    proxy.idsa.local.43070 > idnagios.idsa.ch.snmptrap: [udp sum ok]  { SNMPv2c C=idcs { V2Trap(101) R=1950607514  system.sysUpTime.0=150467600 S:1.1.4.1.0=E:9789.1500 E:9789.1500.1.5="[portal.idsa.ch][INFO][005]" } }
The snmpttunknown.log gives:

Code: Select all

Mon Jul  7 14:55:09 2014: Unknown trap (.1.3.6.1.4.1.9789.1500) received from proxy at:
Value 0: proxy
Value 1: 192.168.10.254
Value 2: 17:9:46:09.00
Value 3: .1.3.6.1.4.1.9789.1500
Value 4: 192.168.10.254
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.9789.1500.1.5=[portal.idsa.ch][INFO][005]
It seems that all traps are analysed with 9789.1500 instead of 9789.1500.1.5. A test with a snmpV1 test trap is fine. If I modify this trap and change the OID from .1.3.6.1.4.1.9789.1500.1.5 to .1.3.6.1.4.1.9789.1500, then it works fine and the trap appears in Nagios for the host PROXY.

I've got the feeling that it has something to do with the snmp version (1, 2c or 3) ...

Does somebody faced a similar problem ? Don't Nagios (snmptt or snmptrapd) allow to make a difference following the snmp version ?

Many thanks in advance

Francois

Re: SNMP Traps Version

Posted: Tue Jul 08, 2014 10:33 am
by sreinhardt
snmptrapd is what would specify the version you are checking, by default it works with snmpv1 and 2, but can be configured to work with 3 as well. You may be right that this is a difference between snmp versions, however any differences should have been covered by the vendors mib, which does not seem to be the case here. Simply adding the additional .1 should not cause any other issues at this time, an update to your device in the future may require you to revert back to the original mib though. Also, no neither nagios nor snmptt should or do allow for interpretation of data inputted. They both rightfully expect that any checks against input should match checks exactly, otherwise you could have all sorts of vendor and version mismatching that shouldn't be happening.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited