Nagios Support Forum

Posted: **Mon Nov 02, 2015 7:51 am**

Hi,

I follow that guide : https://assets.nagios.com/downloads/nag ... ios_XI.pdf. After that I create a host and setup the snmptrap to that host. I make sure the mib is upload by "manage mib".

Now I see the host information in NagiosXI UI and I see the SNMP Traps : Pending : No check result for service yet.

I see some trap coming in the log : /var/log/snmptt/snmptt.log

Fri Oct 30 13:03:04 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0001-wan - Device reinitialized (coldStart)
Fri Oct 30 13:03:05 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0001 - Device reinitialized (coldStart)
Fri Oct 30 13:03:05 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0004-wan - Device reinitialized (coldStart)
Fri Oct 30 13:03:05 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0004 - Device reinitialized (coldStart)
Fri Oct 30 13:03:19 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0002-wan - Device reinitialized (coldStart)
Fri Oct 30 13:03:20 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0002 - Device reinitialized (coldStart)
Fri Oct 30 13:03:38 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0003-wan - Device reinitialized (coldStart)
Fri Oct 30 13:03:38 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0003 - Device reinitialized (coldStart)
Fri Oct 30 13:04:00 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0001-wan - Device reinitialized (coldStart)
Fri Oct 30 13:04:00 2015 .1.3.6.1.6.3.1.1.5.1 Normal "Status Events" sanrpa0001 - Device reinitialized (coldStart)

and
/var/log/snmptt/snmpttunknown.log

Fri Oct 30 13:04:00 2015: Unknown trap (.1.3.6.1.4.1.8072.4.0.2) received from sanrpa0001 at:
Value 0: sanrpa0001
Value 1: 172.26.252.164
Value 2: 0:0:00:55.36
Value 3: .1.3.6.1.4.1.8072.4.0.2
Value 4: 192.168.10.20
Value 5: public
Value 6: .1.3.6.1.4.1.8072.4
Value 7:
Value 8:
Value 9:
Value 10:

Fri Oct 30 13:04:00 2015: Unknown trap (.1.3.6.1.4.1.8072.4.0.2) received from sanrpa0001 at:
Value 0: sanrpa0001
Value 1: 172.26.252.164
Value 2: 0:0:00:55.36
Value 3: .1.3.6.1.4.1.8072.4.0.2
Value 4: 172.26.252.164
Value 5:
Value 6: .1.3.6.1.4.1.8072.4
Value 7:
Value 8:
Value 9:
Value 10:

I see the short name in the snmp log but my host is configure with fqdn. I don't understand why the trap is unknow because I upload the right mib.

Thx in advance for your help

Posted: **Mon Nov 02, 2015 8:18 am**

What version of Nagios XI are you using? 5.2.0
Linux Distribution and version? RHEL7
32 or 64bit? 64BIT
VMware Image or Manual Install of XI? Manual Installation (Your script is like automatic

)
I use a proxy.

System Profile :

Nagios XI Installation Profile
System:
Nagios XI Version : 5.2.0
sldmon0139 3.10.0-229.14.1.el7.x86_64 x86_64
Red Hat Enterprise Linux Server release 7.1 (Maipo)
Gnome is not installed
Apache Information
PHP Version: 5.4.16
Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Server Name: sldmon0139
Server Address: 172.26.14.229
Server Port: 80
Date/Time
PHP Timezone: US/Eastern
PHP Time: Mon, 02 Nov 2015 08:14:32 -0500
System Time: Mon, 02 Nov 2015 08:14:32 -0500
Nagios XI Data
License ends in:

Days left in Trial: 56

nagios (pid 24757) is running...
NPCD running (pid 24186).
ndo2db (pid 24113) is running...
CPU Load 15: 0.30
Total Hosts: 114
Total Services: 398
Function 'get_base_uri' returns: http://sldmon0139/nagiosxi/
Function 'get_base_url' returns: http://sldmon0139/nagiosxi/
Function 'get_backend_url(internal_call=false)' returns: http://sldmon0139/nagiosxi/includes/com ... rofile.php
Function 'get_backend_url(internal_call=true)' returns: http://localhost/nagiosxi/backend/
Ping Test localhost
Running:

/bin/ping -c 3 localhost 2>&1

PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.043 ms

--- localhost ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.039/0.041/0.043/0.005 ms
Test wget To localhost
WGET From URL: http://localhost/nagiosxi/includes/components/ccm/
Running:

/usr/bin/wget http://localhost/nagiosxi/includes/components/ccm/

--2015-11-02 08:14:34-- http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: '/usr/local/nagiosxi/tmp/ccm_index.tmp'

0K .......... 110M=0s

2015-11-02 08:14:34 (110 MB/s) - '/usr/local/nagiosxi/tmp/ccm_index.tmp' saved [10347]

Network Settings

1: lo: mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eno16780032: mtu 1500 qdisc mq state UP qlen 1000

link/ether 00:50:56:8c:07:28 brd ff:ff:ff:ff:ff:ff

inet 172.26.14.229/24 brd 172.26.14.255 scope global eno16780032

valid_lft forever preferred_lft forever

inet6 fe80::250:56ff:fe8c:728/64 scope link

valid_lft forever preferred_lft forever

default via 172.26.14.1 dev eno16780032 proto static metric 100

172.26.14.0/24 dev eno16780032 proto kernel scope link src 172.26.14.229 metric 100

Posted: **Mon Nov 02, 2015 1:12 pm**

When you uploaded the MIB file in the XI GUI, did you have the Process Trap check box selected when you uploaded the file?
Can you upload the MIB file so we can review it?
Can you upload the /etc/snmp/snmptt.conf file from your Nagios XI system?

Posted: **Mon Nov 02, 2015 1:35 pm**

tgriep wrote:When you uploaded the MIB file in the XI GUI, did you have the Process Trap check box selected when you uploaded the file?

Yes, I select that option and I see a message about snmptt cannot restart. I use ssh session and restart systemctl restart snmptt.service

tgriep wrote:Can you upload the MIB file so we can review it?
Can you upload the /etc/snmp/snmptt.conf file from your Nagios XI system?

nagios.zip

Posted: **Mon Nov 02, 2015 2:43 pm**

Ok, that OID in the unknown log isn't in the MIB files that you posted but it is on the system already but it needs to be added to the snmptt.conf file. Here is how to do that.
In a root shell on the Nagios system, run the following.

Code: Select all

addmib /usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt
service snmptt restart

This should add the settings to the snmptt.conf file and then the Nagios XI system should start receiving that OID.

Posted: **Mon Nov 02, 2015 2:53 pm**

Do I need to follow that or just use what is already there with NAgiosXI.
https://assets.nagios.com/downloads/nag ... ios_XI.pdf

Thank you!

Posted: **Mon Nov 02, 2015 3:02 pm**

I want to make sure if I use the config wizard and add my host like that

FQDN vs Short name.

I receive trap with the short name but the host use the fqdn. It's possible a part of my problem. I addmi like you said and restart.

Thank you!

Posted: **Mon Nov 02, 2015 3:10 pm**

You do need to run the addmib command to add that OID in the snmptt.conf file.
Also, you will need to make sure that remote host is in your DNS servers and that the snmptt daemon is setup to use DNS.
See this link for more information.
http://snmptt.sourceforge.net/docs/snmptt.shtml#DNS

Posted: **Mon Nov 02, 2015 3:19 pm**

It's possible to configure multiple aliases to an host ?

Mon Nov 2 15:11:55 2015 .1.3.6.1.4.1.8072.4.0.2 Normal "Status Events" sanrpa0001-wan - An indication that the agent is in the process of being shut down.
Mon Nov 2 15:11:55 2015 .1.3.6.1.4.1.8072.4.0.2 Normal "Status Events" sanrpa0001 - An indication that the agent is in the process of being shut down.

sanrpa0001-wan
sanrpa0001
sanrpa0001.saq.qc.ca
sanrpa0001-wan.saq.qc.ca

Thank you!

Posted: **Mon Nov 02, 2015 7:38 pm**

bennyboy wrote:It's possible to configure multiple aliases to an host ?

Mon Nov 2 15:11:55 2015 .1.3.6.1.4.1.8072.4.0.2 Normal "Status Events" sanrpa0001-wan - An indication that the agent is in the process of being shut down.
Mon Nov 2 15:11:55 2015 .1.3.6.1.4.1.8072.4.0.2 Normal "Status Events" sanrpa0001 - An indication that the agent is in the process of being shut down.

sanrpa0001-wan
sanrpa0001
sanrpa0001.saq.qc.ca
sanrpa0001-wan.saq.qc.ca

Thank you!

bennyboy wrote:I receive trap with the short name but the host use the fqdn. It's possible a part of my problem. I addmi like you said and restart.

I don't think you can do multiple aliases however you have options.

In your file /etc/snmp/snmptt.ini define strip_domain = 0
This would always submit the full resolved name.

FYI the -wan in sanrpa0001-wan cannot be removed by stripping the domain, however you might be able to do a regex:
http://snmptt.sourceforge.net/docs/snmp ... CONF-REGEX

You might be able to use $A instead of $r in your EXEC statements:
http://snmptt.sourceforge.net/docs/snmp ... ONF-FORMAT

Nagios Support Forum

SNMP Trap - see entry in log but pending in UI

SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI

Re: SNMP Trap - see entry in log but pending in UI