Nagios Support Forum

Good morning
My question is around SNMP traps. I have read and followed the documentation bellow
https://www.google.ca/url?sa=t&rct=j&q= ... NiSJDIjFjQ

Called: How to Integrate SNMP Traps With Nagios XI

I think I have setup properly. However on the Nagios service it says only OK: TRAP RESET

I loaded the mibs from the ui interface and with the cli command

I have no un-configured object. And no firewall issues.

I am not sure where to go … is there a command I could run to make sure I receive traps?

Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162. So if you run tcpdump port 162 on your Nagios host (or ngrep port 162 if you install ngrep) then you should be able to see traffic when SNMP traps come in on port 162.

I'd check the status of the processes and look at recent logs.

service snmptrapd status
service snmptt status
ll /var/log/snmp*

gormank has it right, here's some additional info (double check your EXEC lines in /etc/snmp/snmptt.conf):

This is the general flow of how SNMP traps work:

Device -> XI Server -> snmptrapd -> snmptt -> Nagios XI

Here's how it works in greater detail:

1. The device sends a SNMP trap with say an OID of .1.3.6.1.6.3.1.1.5.1 to the Nagios XI server.

2. The snmptrapd service receives the trap and then runs the default handler for traps (in this case SNMPTT)
- Taken from /etc/snmp/snmptrapd.conf

3. SNMPTT reads the trap and does some processing on it based on it's configuration (translate IP of sender into DNS name, strip domain, all configurable in /etc/snmp/snmptt.ini).

4. SNMPTT doesn't know anything about the traps in your MIB files, the MIB files on the system are just used for translation from .1.3.6.1.6.3.1.1.5.1 into coldStart. You need to process the MIB file that contains your traps to get them into the /etc/snmp/snmptt.conf file which SNMPTT reads to match against to see if it should do anything with it (.1.3.6.1.6.3.1.1.5.1).

5. Since you've run addmib on the MIB file containing your traps (in this case /usr/share/snmp/mibs/SNMPv2-MIB.txt) it processes the trap and puts it into a format SNMPTT understands and changes the EXEC line (see below) to execute the snmptraphandling.py script (that's what puts it into Nagios).
So SNMPTT says "Hey, I received a trap with OID .1.3.6.1.6.3.1.1.5.1, do I know anything about it? Let me check my /etc/snmp/snmptt.conf file. Oh, I see it matches the coldStart event (from above), I will run this EXEC line now (which happens to put it into Nagios)."

You can read more about SNMPTT and what those lines mean (and how you can change them if you want) here:

http://snmptt.sourceforge.net/docs/snmptt.shtml

ssax wrote:gormank has it right, here's some additional info (double check your EXEC lines in /etc/snmp/snmptt.conf):

This is the general flow of how SNMP traps work:

Device -> XI Server -> snmptrapd -> snmptt -> Nagios XI

Here's how it works in greater detail:

1. The device sends a SNMP trap with say an OID of .1.3.6.1.6.3.1.1.5.1 to the Nagios XI server.

2. The snmptrapd service receives the trap and then runs the default handler for traps (in this case SNMPTT)
- Taken from /etc/snmp/snmptrapd.conf

Code: Select all

traphandle default /usr/sbin/snmptthandler

3. SNMPTT reads the trap and does some processing on it based on it's configuration (translate IP of sender into DNS name, strip domain, all configurable in /etc/snmp/snmptt.ini).

4. SNMPTT doesn't know anything about the traps in your MIB files, the MIB files on the system are just used for translation from .1.3.6.1.6.3.1.1.5.1 into coldStart. You need to process the MIB file that contains your traps to get them into the /etc/snmp/snmptt.conf file which SNMPTT reads to match against to see if it should do anything with it (.1.3.6.1.6.3.1.1.5.1).

5. Since you've run addmib on the MIB file containing your traps (in this case /usr/share/snmp/mibs/SNMPv2-MIB.txt) it processes the trap and puts it into a format SNMPTT understands and changes the EXEC line (see below) to execute the snmptraphandling.py script (that's what puts it into Nagios).

Code: Select all

EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT A coldStart trap signifies that the SNMP entity, $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A coldStart trap signifies that the SNMP entity, $*"
SDESC
A coldStart trap signifies that the SNMP entity,
supporting a notification originator application, is
reinitializing itself and that its configuration may
have been altered.
Variables:
EDESC

So SNMPTT says "Hey, I received a trap with OID .1.3.6.1.6.3.1.1.5.1, do I know anything about it? Let me check my /etc/snmp/snmptt.conf file. Oh, I see it matches the coldStart event (from above), I will run this EXEC line now (which happens to put it into Nagios)."

You can read more about SNMPTT and what those lines mean (and how you can change them if you want) here:

http://snmptt.sourceforge.net/docs/snmptt.shtml

This reply is pure gold! I printed it out and I will re-read it multiple times. It explains so much. Thank you!

Moneer81, thanks, glad it helped you.

psteam, did that help you with your problem?