Passive monitoring using SNMP traps

[alf@emcom.no]

Hello.
I am a newbie with Nagios, and I need some help to figure out if what I am trying to do is feasible, and if so - how.
I have a few routers remotely installed, and they cannot be reached from the outside - so I have to rely on the devices trapping to my Nagios server.
BUT; the traps generated are not critical warnings or what traps are usually used for. In stead, the traps contain an array of different parameters (OIDs) with values.
Can I receive the traps, and in stead of using a catch-all "TRAP" service, use the data within to update the respective services/OIDs that reside within the trap data ?
Do I have to write my own traphandler or submit-routine ?

Actual status right now is as follows :

- All traps are received as service TRAP - content is further OIDs

The root OID is .1.3.6.1.4.1.30140.1.27.0.1000 as found in /var/log/snmptt.log ;

Code: Select all

Thu Aug  6 09:49:09 2015 .1.3.6.1.4.1.30140.1.27.0.1000 Critical "SNMP Traps" 10.10.11.20 - 

Any help much appreciated.

[jdalrymple]

Your approach doesn't sound right to me. Traps can be written for just about anything on a Linux server using net-snmp custom extensions. Let's say though you wanted to monitor a Cisco device - the traps are hard coded into IOS and you can't add/adjust them. So you'll be able to get a trap alert for interface up or interface down, but I don't think an IOS device will send a trap if the CPU usage exceeds a specific threshold or if the system ambient temperature goes over so many degrees.

With that said, you can use our snmp trap handler in just about any way you wish by just modifying the config file. It will interpret any trap you send in any way you specify. The management of such a configuration would be an absolute nightmare. I mean an absolute nightmare - if you try to monitor your infrastructure this way you will come to hate monitoring altogether. The other problem with traps is that you have no idea if something goes offline.

If I were you I would look towards working around your network restrictions - put a remote worker at the site to run local checks and send data back to Nagios, or something.

[Box293]

Can I receive the traps, and in stead of using a catch-all "TRAP" service, use the data within to update the respective services/OIDs that reside within the trap data ?

Yes

Here is an example EVENT:

Code: Select all

EVENT upsDiagnosticsPassed .1.3.6.1.4.1.318.0.10 "Status Events" INFORMATIONAL
FORMAT APC UPS: Passed self-test: The UPS passed internal self-test.
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "APC UPS: Passed self-test: The UPS passed internal self-test."

In the EXEC line this "SNMP Traps" is the name of the service that will be targeted in Nagios.

So if I wanted, I could dedicate a passive service in Nagios called "Self Test" and change my EXEC line to be as follows:

Code: Select all

EXEC /usr/local/bin/snmptraphandling.py "$r" "Self Test" "$s" "$@" "$-*" "APC UPS: Passed self-test: The UPS passed internal self-test."

If lots of DATA is coming in on the one OID, then you can have multiple duplicate EVENT's and by adding a MATCH statement to each one, you can use different EXEC lines for different services and data.

Check out the SNMPTT Documentation:
http://snmptt.sourceforge.net/docs/snmp ... CONF-MATCH

[alf@emcom.no]

Thankx so much Box293 - that got the old synapses going
I wrote my own very simple handler that merely calls on submit_check_result for each sub-parameter that I wanted to "read" contained in the trap data.
Not hard at all, when you just understand how and why.
Thanks again !

--- Solved ---