Setting up SNMP trap

[yunushaikh]

Hello Sir,

I need to setup SNMP trap on my nagios core 4.0.8
I can see the documentation is available for nagios XI but is there anyway we can setup on nagios core

[jolson]

You may be interested in NSTI, which is available for Nagios Core on the Nagios Exchange:
https://exchange.nagios.org/directory/A ... paign=NSTI

Let us know if you have any questions. Thanks!

[yunushaikh]

Hi Jolson,

I have 2 questions,
what are the advantages of using SNMP trap? how it is different from Nagios snmp monitoring?

Can I get one example of snmp trap setting it from that interface?

[Box293]

Traps are sent by remote devices to the Nagios server, this is called a Passive check. We don't know when a trap will be sent as it depends on why the sending device decides it will send a trap. For example with a UPS (battery backup), as soon as the device loses power, it will send a trap to say "hey, I lost power". This way Nagios is informed immediately.

SNMP checks that are initiated by Nagios are called Active checks. These are checks that Nagios performs the data collection via SNMP. In the same scenario above, if Nagios only checked the UPS every 5 minutes, then because of scheduling and the randomness of power failures, it might be a full five minutes before you know the UPS is on a battery ... which wouldn't be helpful if the UP only had a battery life of 7 minutes.

Does that make sense?

[yunushaikh]

Yes sir, I understood the difference

Is there any example of any service suppose if i want to get an alert immediately when network interface is down. How can I setup SNMP trap for that?
I want to know the procedure for setting up the trap

[ssax]

You would need to configure the device to send that type of trap.

You should read through this, it's for XI but the install script still works with Core and details the process pretty well on the Nagios side:

https://assets.nagios.com/downloads/nag ... ios_XI.pdf

[yunushaikh]

Can I find a good example of setting up SNMP trap for services?
It will help me lot. I read the document but the example might clear my doubt more easily.

Please help

[ssax]

You will need to setup your device to send SNMP traps to the Nagios Core server, it is different for each piece of hardware, you will need to work with your vendor to determine how to set it up.

For the Core side, the general process is this:

As an example, let's say that I want to show linkUp and linkDown traps in Nagios for a Cisco switch.

First you need to configure the Cisco switch to send them to the Nagios server.

Then run the script from the document to setup SNMP traps on Nagios (I know it says for XI but it works for Core as well).

Then you would add the appropriate MIB files to /usr/share/snmp/mibs
- In our example the MIB file that we need is already on the system (/usr/share/snmp/mibs/IF-MIB.txt)
- By default snmptt comes installed with some default traps that we want to get rid of:

Code: Select all

echo '' > /etc/snmp/snmptt.conf

Then run the addmib command on the file:
- This will add it to the /etc/snmp/snmptt.conf file with the proper EXEC line that will put it into Nagios.

Code: Select all

addmib /usr/share/snmp/mibs/IF-MIB.txt

Here are the entries it creates:

Code: Select all

MIB: IF-MIB (file:/usr/share/snmp/mibs/IF-MIB.txt) converted on Thu Sep  3 13:59:59 2015 using snmpttconvertmib v1.3
#
#
#
EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
FORMAT A linkDown trap signifies that the SNMP entity, acting in $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A linkDown trap signifies that the SNMP entity, acting in $*"
SDESC
A linkDown trap signifies that the SNMP entity, acting in
an agent role, has detected that the ifOperStatus object for
one of its communication links is about to enter the down
state from some other state (but not from the notPresent
state).  This other state is indicated by the included value
of ifOperStatus.
Variables:
  1: ifIndex
  2: ifAdminStatus
  3: ifOperStatus
EDESC
#
#
#
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT A linkUp trap signifies that the SNMP entity, acting in an $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A linkUp trap signifies that the SNMP entity, acting in an $*"
SDESC
A linkUp trap signifies that the SNMP entity, acting in an
agent role, has detected that the ifOperStatus object for
one of its communication links left the down state and
transitioned into some other state (but not into the
notPresent state).  This other state is indicated by the
included value of ifOperStatus.
Variables:
  1: ifIndex
  2: ifAdminStatus
  3: ifOperStatus
EDESC

Notice how they both say Normal, we know that linkUp should be Normal but we want linkDown to be Critical so we would change this line from:

Code: Select all

EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal

To:

Code: Select all

EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Critical

Now we restart the snmptt service (every time you use addmib or edit your /etc/snmp/snmptt.conf file you need to restart snmtt server so that changes take effect):

Code: Select all

service snmptt restart

Now you should setup the service in Nagios:

The template:

Code: Select all

define service {
name                            snmp_trap_template
service_description             SNMP Trap Template
active_checks_enabled           1       ; Active service checks are enabled
passive_checks_enabled          1       ; Passive service checks are enabled/accepted
parallelize_check               1       ; Active service checks should be parallelized
process_perf_data               0
obsess_over_service             0       ; We should obsess over this service (if necessary)
check_freshness                 0       ; Default is to NOT check service 'freshness'
notifications_enabled           1       ; Service notifications are enabled
event_handler_enabled           1       ; Service event handler is enabled
flap_detection_enabled          1       ; Flap detection is enabled
process_perf_data               1       ; Process performance data
retain_status_information       1       ; Retain status information across program restarts
retain_nonstatus_information    1       ; Retain non-status information across program restarts
check_command                   check-host-alive      ; This will be used to reset the service to "OK"
is_volatile                     1
check_period                    24x7
max_check_attempts              1
normal_check_interval           1
retry_check_interval            1
notification_interval           60
notification_period             24x7
notification_options            w,u,c,r
contact_groups                  nagiosadmins       ; Modify this to match your Nagios contactgroup definitions
register                        0
}

The service:

Code: Select all

define service {
use                 snmp_trap_template
hostgroup_name      switches,routers
service_description SNMP Trap
check_interval      60 ; Don't clear for 1 hour
}

Now restart the Nagios service:

Code: Select all

service nagios restart

Now generate the trap on the device (pull a network cable on our device, or you can test with the snmptrap command) and it should send it in, the process is:

device > snmptrapd > snmptt > snmptraphandling.py > Nagios

You can watch the log files under /var/log/snmptt/* for the trap to come in, the trap hostname needs to be identical (IP or name (case-sensitive)) to what is in Nagios for it to work.

You may need to adjust these settings in your /etc/snmp/snmptt.ini file to what you want them set as:

Code: Select all

# SNMPTRAPD passes the IP address of device sending the trap, and the IP address of the
# actual SNMP agent.  These addresses could differ if the trap was sent on behalf of another
# device (relay, proxy etc).
# If DNS is enabled, the agent IP address is converted to a host name using a DNS lookup
# (which includes the local hosts file, depending on how the OS is configured).  This name
# will be used for: NODES entry matches, hostname field in logged traps (file / database),
# and the $A variable.  Host names on the NODES line will be resolved and the IP address
# will then be used for comparing.
# Set to 0 to disable DNS resolution
# Set to 1 to enable DNS resolution
dns_enable = 1

# Set to 0 to enable the use of FQDN (Fully Qualified Domain Names).  If a host name is
# passed to SNMPTT that contains a domain name, it will not be altered in any way by
# SNMPTT.  This also affects resolve_value_ip_addresses.
# Set to 1 to have SNMPTT strip the domain name from the host name passed to it.  For
# example, server01.domain.com would be changed to server01
# Set to 2 to have SNMPTT strip the domain name from the host name passed to it
# based on the list of domains in strip_domain_list
strip_domain = 1

Don't forget to restart snmptt if you make changes to the /etc/snmp/snmptt.ini as well:

Code: Select all

service snmptt restart

[yunushaikh]

Hello Sir,

I want to monitor a jsp result in a trap. There is one string which I will monitor and if it is not found then that server should send me a trap. In this way I need to setup snmp trap.
Please let me know if you can give me any idea about generating this kind of traps.

[jdalrymple]

As already discussed, most of the legwork of SNMP traps is handled on the end of the monitored device. Ultimately it sounds like you should have an active monitor that simply is monitoring a webpage for a specific string. Is that not the case? Unless you have very intimate knowledge of the web server and the jsp you're monitoring, making it trap upon a broken load will likely be impossible.

Check this out to give you an idea of what I'm saying: https://exchange.nagios.org/directory/P ... nt/details