Nagios Support Forum

Hello ,

I have traps coming from certain router using both V2 and V3 Traps , I can see them in tcpdump :

15:08:51.900168 IP 172.17.3.163.54022 > 172.19.2.65.162: F=a U=xxxxx E= 0x800x000x000x090x030x000x000x1B0x530x500x270xB8 C= V2Trap(128) .1.3.6.1.2.1.1.3.0=1677238464 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.6.3.1.1.5.5 .1.3.6.1.4.1.9.2.1.5.0=10.102.4.220 .1.3.6.1.4.1.9.9.412.1.1.1.0=1 .1.3.6.1.4.1.9.9.412.1.1.2.0="10.102.4.220"
15:08:52.155178 IP 172.17.3.163.54022 > 172.19.2.65.162: C=xxxxxxxx V2Trap(128) .1.3.6.1.2.1.1.3.0=1677238464 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.6.3.1.1.5.5 .1.3.6.1.4.1.9.2.1.5.0=10.102.4.220 .1.3.6.1.4.1.9.9.412.1.1.1.0=1 .1.3.6.1.4.1.9.9.412.1.1.2.0="10.102.4.220"

also have snmptt running but nothing being translated to xi .

Please help .

in the archive attached :
- snmpd.conf
- snmptrapd.conf
- snmptt.conf
- snmptt.ini
- service screenshot

In the XI GUI, can you go in to Admin > Unconfigured Objects and see it they are there?
Also, can you check the unknown log on the XI server to see if they are there?
Take a look at /var/log/snmptt/snmpttunknown.log to see if they show up there.

Hello ,

Nothing in unconfigured objects , nothing in snmpttunknown.log , both empty

Have a look in /var/log/snmptrapd.log and /var/log/snmptt.log. If nothing's in snmptrapd.log look at that, otherwise look at snmptt.

Do you have a service defined on the hosts sending traps that has "SNMP Traps" as the description? For some reason, that has to be the description.

Thanks gormank, another place to look for any errors is the following folder.

Hello ,

Thanks you all , I cleaned snmptt spool and it was solved , it was containing thousands of things .

but snmptt is not translating v3 traps , only v2 , can we do any fix ?

Thanks

+1 for v3 traps. We are using SNMPv3 more and more.

You need to configure snmptrapd to accept SNMPv3 traps or informs, add something like this to the bottom of your /etc/snmp/snmptrapd.conf:

For SNMPv3 informs:
Now restart snmptrapd:
You can then test it out from the command line and you should see it show up in /var/log/messages:
For SNMPv3 traps:
Now restart snmptrapd:
You can then test it out from the command line and you should see it show up in /var/log/messages:

Taken and adjusted from here:
- Read here for more information but you should only put any configuration in /etc/snmp/snmptrapd.conf (ignore the files listed in the guide).

http://www.net-snmp.org/wiki/index.php/ ... ifications

Hmm, now I remember that there's a change needed to the nagios init script if snmptt is used. The snmptt service stops working when the nagios service is restarted, so snmptt needs to be restarted with the nagios service.

Otherwise, the spool dir fills with traps as the OP described. Restarting snmptt allows it to process the files so no need to delete them. Or this is my experience.

@gormank, that shouldn't be the case, actually.. what do you have set for mode at the top of your /etc/snmp/snmptt.ini?