Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SNMP Traps

https://support.nagios.com/forum/viewtopic.php?t=34126

Page 1 of 1

SNMP Traps

Posted: Mon Aug 10, 2015 7:43 pm
by rajasegar
Is there any docs on how to configure different type of traps into different services in XI?
The idea is to setup a service assigned to a hostgroup. All traps will go to the particular host and relevant TRAP service instead of all dumped into a single SNMP TRAP service.

Thanks.

Re: SNMP Traps

Posted: Mon Aug 10, 2015 8:44 pm
by Box293
We don't have a full document that explains this yet but there are some forum posts that cover it.

The key to it is in the EXEC line.

Have a look at this post I made just recently:
https://support.nagios.com/forum/viewto ... 25#p147925

If the same OID has different data coming in, you can also use a MATCH statement. This means you can have multiple EVENTS for the SAME OID, but based on the match statement it can do different things.

Does this help?

Re: SNMP Traps

Posted: Mon Aug 10, 2015 8:59 pm
by rajasegar
Box293 wrote:We don't have a full document that explains this yet but there are some forum posts that cover it.

The key to it is in the EXEC line.

Have a look at this post I made just recently:
https://support.nagios.com/forum/viewto ... 25#p147925

If the same OID has different data coming in, you can also use a MATCH statement. This means you can have multiple EVENTS for the SAME OID, but based on the match statement it can do different things.

Does this help?
Thanks, will check it out now. Nagios official doc just does not go into details.
I just want to monitor the following traps for all the F5 devices and ignore the rest for the time being.
Any help will be greatly appreciated.

Code: Select all

TRAP NAME
bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10)
bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11)
bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12)
bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13)
bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14)
bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75)
bigipActive (.1.3.6.1.4.1.3375.2.4.0.15)
bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16)
bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17)
bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18)
bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34)
bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76)

Re: SNMP Traps

Posted: Mon Aug 10, 2015 9:22 pm
by rajasegar
A simple example with be a great help to figure all this out.

Re: SNMP Traps

Posted: Mon Aug 10, 2015 10:35 pm
by Box293
Can you post your /etc/snmp/snmptt.conf file, or at least the sections that contain the traps you just highlighted.

Re: SNMP Traps

Posted: Mon Aug 10, 2015 11:01 pm
by rajasegar
Box293 wrote:Can you post your /etc/snmp/snmptt.conf file, or at least the sections that contain the traps you just highlighted.
I am working on it. Need to get hold of network guys to simulate some event.
Let me test is out first before I engage you with issues.

Thanks

Here is some extract. Every single one is pointing to the same service.

Code: Select all

#
EVENT bigipGtmLeftGroup .1.3.6.1.4.1.3375.2.4.0.74 "Status Events" Normal
FORMAT BIG-IP GTM left sync group.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "BIG-IP GTM left sync group.  $*"
SDESC
BIG-IP GTM left sync group.
Variables:
  1: bigipNotifyObjMsg
EDESC
#
#
#
EVENT bigipStandByFail .1.3.6.1.4.1.3375.2.4.0.75 "Status Events" Normal
FORMAT In failover condition, this standby will not be able to go active.  $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "In failover condition, this standby will not be able to go active.  $*"
SDESC
In failover condition, this standby will not be able to go active.
Variables:
  1: bigipNotifyObjMsg
EDESC
#
#
#
EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"
SDESC
The TMM has run out of source ports and cannot open new communications channels with other machines.
Variables:
  1: bigipNotifyObjMsg
EDESC

Re: SNMP Traps

Posted: Mon Aug 10, 2015 11:52 pm
by Box293
Excellent, this was what I am after.

Take this one for example:

Code: Select all

EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"
I've left off SDESC to EDESC as this is informative only.

In the EXEC line, change "SNMP Traps" to "Port Exhaustion"

Restart the snmptt service.

Now, create a Passive Service in Nagios XI called "Port Exhaustion" and Apply Config. You can just use CCM to duplicate an existing "SNMP Traps" service and change the name to "Port Exhaustion".

This is how this trap will be targeted to this specific service (actually, any host that has a service with this name).

Note: When a trap is received and no service exists, it will appear under Admin > Monitoring Config > Unconfigured Objects. From here you can turn it into a service.

Does that make sense?

Re: SNMP Traps

Posted: Tue Aug 11, 2015 12:30 am
by rajasegar
Box293 wrote:Excellent, this was what I am after.

Take this one for example:

Code: Select all

EVENT bigipInetPortExhaustion .1.3.6.1.4.1.3375.2.4.0.76 "Status Events" Normal
FORMAT The TMM has run out of source ports and cannot open new communications channels with other machines. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The TMM has run out of source ports and cannot open new communications channels with other machines. $*"
I've left off SDESC to EDESC as this is informative only.

In the EXEC line, change "SNMP Traps" to "Port Exhaustion"

Restart the snmptt service.

Now, create a Passive Service in Nagios XI called "Port Exhaustion" and Apply Config. You can just use CCM to duplicate an existing "SNMP Traps" service and change the name to "Port Exhaustion".

This is how this trap will be targeted to this specific service (actually, any host that has a service with this name).

Note: When a trap is received and no service exists, it will appear under Admin > Monitoring Config > Unconfigured Objects. From here you can turn it into a service.

Does that make sense?
Yes.

So to summarise
1) I just remove the EVENT for the OIDs I am not interested to process. It will end up in the snmpttunknown.log
2) The trap will get processed by the the correct host. I am assuming it will use IP address to match.

Thanks for your help. It does make sense now.

Re: SNMP Traps

Posted: Tue Aug 11, 2015 12:58 am
by Box293
Great.
rajasegar wrote:1) I just remove the EVENT for the OIDs I am not interested to process. It will end up in the snmpttunknown.log
Yes, the whole EVENT includes the EVENT, FORMAT, EXEC and SDESC/EDESC lines.
rajasegar wrote:2) The trap will get processed by the the correct host. I am assuming it will use IP address to match.
Yes, it sends the address using the $r value to Nagios. This can be resolved to a DNS name as well, have a look at the SNMPTT documentation for more info on this.

http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited