No snmpttunknown.log | Some traps received | No traps sent

[Syndeticom]

I am trying to receive SNMP traps from edpoint devices.
I am then trying to forward them to another monitoring software.

Nagios XI.

1.) I have the Nagios VM downloaded, installed.
2.) Then I followed this guide to set up SNMP Trap sender: https://assets.nagios.com/downloads/nag ... ios_XI.pdf
3.) Then I imported the MIBs as instructed.
4.) I then modified the /etc/snmp/snmptt.conf and removed all the EXEC lines that were commented out.

I am using trapgen to generate and send traps to this Nagios machine.

Problem is that the SNMP traps don't allways get logged in:
/var/log/snmptt/snmptt.log

And the /var/log/snmptt/snmpttunknown.log does not even exist.

Needless to say, the traps are not being forwarded anywhere.


Can someone please share some ideas about what I might take a look at and possibly fix. I am attaching some of the config files, hoping there will be some kind soul willing to help.

Thank you very much in advance.

T

[tgriep]

If you want to forward the trap to another server and also receive the trap on the XI server you need to enable the net type:
Edit this file on the XI server
/etc/snmp/snmptrapd.conf

Change the settings to look like this. The xxx.xxx.xxx.xxx is the IP address of the server you want to forward the traps to and change public to the community string.

Code: Select all

disableAuthorization yes
traphandle default /usr/sbin/snmptthandler
authCommunity log,net public
forward default xxx.xxx.xxx.xxx public

Save the file and restart the daemons by running

Code: Select all

service snmptrapd restart
service snmptt restart

The unknown log file only has entries for when the snmptt daemon doesn't know what to do with the trap but if the does, it will forward the trap to Nagios XI.
Login to the XI GUI and go to the Admin > Unconfigured Objects menu, you should see the received traps there. Configure them and the XI server will process them for you from now on.

[Syndeticom]

Thanks for the response tgriep;

Unfortunately that doesn't seem to do anything.


I noticed the snmptt.log file stopped logging all the traps yesterday; Regardless of how many more traps I sent to it, they would not get logged anywhere.
I noticed that whenever I reboot the Nagios, and check the status of snmptt, it behaves in a rather weird way:

Code: Select all

[root@nags2 ~]# service snmptt status
snmptt (pid  1173) is running...
[root@nags2 ~]# service snmptt stop
Stopping snmptt:                                           [FAILED]
[root@nags2 ~]# service snmptt status
snmptt (pid 1172) is running...
[root@nags2 ~]# service snmptt stop
Stopping snmptt:                                           [FAILED]
[root@nags2 ~]# service snmptt status
snmptt is stopped
[root@nags2 ~]# service snmptt start
Starting snmptt:                                           [  OK  ]
[root@nags2 ~]#

So I figured, I should start over, (I'm desperate to speed this up as much as possible) so I got myself a clean new install (I am skipping over the entire config process - it's working ok) and tried modifying the snmptrapd.conf file, like you suggested - still no success.


I can receive & log all traps in the snmptt.log instantaneously, which is great, but it's not forwarding the traps anywhere.

Is there anything else I can try please?

All that needs to happen is for Nagios to forward all traps to another server - even if they are unknown - just send everything to the other server.

Thank you in advance,

P.s.: There is nothing logged in un-configured objects under GUI>Admin>Unconfigured Objects

[Syndeticom]

2 hours later - it's working. On both the old and new systems I was working on...


And I am struggling to understand what was the problem?

I suspect the snmptt service getting stuck somewhere along the way... I'm clueless.

I updated the /etc/snmp/snmptrapd.conf as instructed, then posted previous commnet, it wasn't working.


All I did since then was fiddle about with snmptt service - stopping, and starting it manually. And rebooting the machine.


I went back to my monitoring tool later only to find traps forwarded by Nagios.


I checked the snmptt.log file - the same log file I checked previously, now all the traps that I sent to it since yesterday are there.
The snmptt log file had last trap logged at about 15:00 yesterday;

When it started to work today, suddenly all of traps I kept sending it yesterday after 15:00 are there... How the...


I'd be interested to hear some more on the matter. ...

Thank you in advance,

[avandemore]

The problem was this:

Code: Select all

[root@nags2 ~]# service snmptt stop
Stopping snmptt:                                           [FAILED]

The failed reason may be logged somewhere in /var/log/snmptt/ or /var/log/messages or other depending on your config.

[tmcdonald]

Just checking in since we have not heard from you in a while. Did @avandemore's post clear things up or has the issue otherwise been resolved?