Page 1 of 1
modifying domain name of received SNMP traps
Posted: Fri Feb 24, 2017 11:51 am
by mvndnburg
Hi,
We're running:
Nagios XI Version : 5.4.0
Red Hat Enterprise Linux Server release 6.8 (Santiago)
I have set up passive checks and SNMP trap handling and this works fine with 'tweaked' test messages. However, in the 'real' SNMP traps the FQHN of the sending host differs from the host name as it is defined in Nagios. This is caused by different network interfaces (to different VLANs) having different host names.
In other words: Nagios knows the host as aaa.mgt.domain.biz but the traps are sent from aaa.domain.biz. I know that I can strip the domain name, in snmptt.ini but that is not what I am looking for here.
Is there a way to tweak the domain name and add '.mgt' to the hostname, in the received trap?
Re: modifying domain name of received SNMP traps
Posted: Fri Feb 24, 2017 1:09 pm
by SteveBeauchemin
I use a bit of snmptt...
The Doc here
http://snmptt.sourceforge.net/docs/snmp ... CONF-REGEX
will get you some good examples of using Regular Expressions.
You just need to match and play back the new data.
Something like this maybe?
Code: Select all
REGEX (Hostname: (\w+).domain.biz)(Hostname: $1.mgt.domain.biz)
The \w+ should match more than one letter I think? Kinda doing this off the cuff.
Below is the same thing with lines split to help clarify. So you have REGEX, then Input to Regex, and Output from Regex
You have something in one Parenthesis to evaluate, the Second Parenthesis is the result.
Code: Select all
REGEX
(Hostname: (\w+).domain.biz)
(Hostname: $1.mgt.domain.biz)
Basically, whatever is in the () becomes $1. If you have 3 () then you get $1 $2 $3
Without seeing your actual snmptt definition. Just add a REGEX after the FORMAT or EXEC before SDESC
Steve B
Re: modifying domain name of received SNMP traps
Posted: Fri Feb 24, 2017 1:40 pm
by dwhitfield
Thanks again Steve!
If you need more information on SNMP, there's a ton of it at
https://support.nagios.com/kb/category.php?id=14 , but please do let us know if you need additional help.
Re: modifying domain name of received SNMP traps
Posted: Tue Feb 28, 2017 2:49 am
by mvndnburg
Thanks for the tip, Steve!
Perl for the win. As always.
Re: modifying domain name of received SNMP traps
Posted: Tue Feb 28, 2017 9:59 am
by dwhitfield
@mvndnburg, it sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
Re: modifying domain name of received SNMP traps
Posted: Wed Mar 01, 2017 2:25 am
by mvndnburg
The issue has been resolved and the proposed solution works like a charm.
You can go ahead and close the thread.
For posterity, this is what I did in the imported /processed MIB:
Code: Select all
EVENT hawkAgentDeadTrap .1.3.6.1.4.1.2000.1.0.2 "Status Events" Major
FORMAT Hawk agent on $1 is dead
EXEC /usr/local/bin/snmptraphandling.py "$1" "SNMP Traps" "Major" "$@" "" "Hawk agent dead"
# include the 'mgt' in the TIBCO host name, if it's not there yet.
REGEX ((\w+\d+).domain.biz)($1.mgt.domain.biz)
SDESC
This trap is sent to announce the loss of a Hawk agent.
Variables:
1: hawkAgentHostName
2: hawkAgentHostDNSName
3: hawkAgentHostIP
4: hawkAgentAlertState
5: hawkAlertEventType
EDESC