Nagios Support Forum

tgriep wrote:Did you go through this guide to enable XI to receive SNMP Traps?
https://assets.nagios.com/downloads/nag ... os_XI.pdf
If not, run through it and see if this resolves the issue for you.

If you still have problems, can you post the files in this folder so we can review them?

Code: Select all

/etc/snmp

Can you post an example of the trap that is in the messages file as well?

Jun 21 12:55:05 localhost snmptrapd[1308]: 2016-06-21 12:55:05 192.168.242.50(via UDP: [192.168.242.50]:161->[10.0.1.161]) TRAP, SNMP v1, community redacted#012#011.1.3.6.1.4.1.1418.4 Enterprise Specific Trap (5) Uptime: 0:11:29.52#012#011.1.3.6.1.4.1.1418.4.3.1.2.2 = STRING: "Outlet3"#011.1.3.6.1.4.1.1418.4.3.1.3.2 = INTEGER: 2

gormank wrote:Snmptrapd is the trap receiver, and it logs in messages. Do you see these entries?
Do you see snmptt entries in messages, or just the snmptt.log?
Are there files in /var/spool/snmptt/?

My system has
/var/log/snmptt/snmptt.log
/var/log/snmptt/snmpttsystem.log
/var/log/snmptt/snmpttunknown.log

What's in those files, assuming they exist?

What are their timestamps? ll /var/log/snmptt/*log

ssax wrote:In addition to tgriep's and gormank's posts, by default snmptrapd will put the traps into /var/log/messages so that's why you are seeing them there.

Sounds like you have a good idea of how it works but I'll include the info below just in case it answers some questions.

This is the general flow of how SNMP traps work:

Device -> XI Server -> snmptrapd -> snmptt -> Nagios XI

Here's how it works in greater detail:

1. The device sends a SNMP trap with say an OID of .1.3.6.1.6.3.1.1.5.1 to the Nagios XI server.

2. The snmptrapd service receives the trap and then runs the default handler for traps (in this case SNMPTT)
- Taken from /etc/snmp/snmptrapd.conf

Code: Select all

traphandle default /usr/sbin/snmptthandler

3. SNMPTT reads the trap and does some processing on it based on it's configuration (translate IP of sender into DNS name, strip domain, all configurable in /etc/snmp/snmptt.ini).

4. SNMPTT doesn't know anything about the traps in your MIB files, the MIB files on the system are just used for translation from .1.3.6.1.6.3.1.1.5.1 into coldStart. You need to process the MIB file that contains your traps to get them into the /etc/snmp/snmptt.conf file which SNMPTT reads to match against to see if it should do anything with it (.1.3.6.1.6.3.1.1.5.1).

5. Since you've run addmib on the MIB file containing your traps (in this case /usr/share/snmp/mibs/SNMPv2-MIB.txt) it processes the trap and puts it into a format SNMPTT understands and changes the EXEC line (see below) to execute the snmptraphandling.py script (that's what puts it into Nagios).

Code: Select all

EVENT coldStart .1.3.6.1.6.3.1.1.5.1 "Status Events" Normal
FORMAT A coldStart trap signifies that the SNMP entity, $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "A coldStart trap signifies that the SNMP entity, $*"
SDESC
A coldStart trap signifies that the SNMP entity,
supporting a notification originator application, is
reinitializing itself and that its configuration may
have been altered.
Variables:
EDESC

So SNMPTT says "Hey, I received a trap with OID .1.3.6.1.6.3.1.1.5.1, do I know anything about it? Let me check my /etc/snmp/snmptt.conf file. Oh, I see it matches the coldStart event (from above), I will run this EXEC line now (which happens to put it into Nagios)."

You can read more about SNMPTT and what those lines mean (and how you can change them if you want) here:

http://snmptt.sourceforge.net/docs/snmptt.shtml