Nagios Support Forum

Hi Team,

I am receiving the trap in my server.

+++++++++++++++++++++++++++++++++++
[root@nagiosxi snmptt]# tcpdump -i any -vv -A -T snmp -s 0 "(dst port 162) or (src port 161) or (dst port 161) and (host 10.10.172.104)"
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
15:10:33.398053 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.54083 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x7E0x040x1D0x190xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=588988497 system.sysUpTime.0=14134395 S:1.1.4.1.0=E:38204.2.2.4048 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.21 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

.h

.4.C...Y.q0..M...0...w...............301.......~....;q[............myuser....~x.......{..0.........~....;q[...........#[email protected]...+.......C....{0..
+...........+......<...P0O..+......<....@At Time :2018-08-13 15:05:01 Signaling link 10.10.96.21 is down.00..+......<....!HCM-SIGNALLING-1,IP:10.10.172.1040...+......<.....PARK10...+......<.....
15:10:33.462143 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.47665 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x2D0x3E0x460x530xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=1881756200 system.sysUpTime.0=14134401 S:1.1.4.1.0=E:38204.2.2.4050 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.25 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

.h

.4.1...Y..0..M...0...5.h.............301.......->FS.;q[............myuser..s..L ...~.....0.........->FS.;q[...........p)R(......0..0...+.......C.....0..
+...........+......<...R0O..+......<....@At Time :2018-08-13 15:05:01 Signaling link 10.10.96.25 is down.00..+......<....!HCM-SIGNALLING-1,IP:10.10.172.1040...+......<.....PARK10...+......<.....
15:10:33.527152 IP (tos 0x40, ttl 61, id 0, offset 0, flags [DF], proto UDP (17), length 365)
10.10.172.104.41100 > 10.10.164.52.snmptrap: { SNMPv3 { F=a } { USM B=1 T=0 U=myuser } { ScopedPDU E= 0x800x000x1F0x880x800x910xFC0x440x750xAD0x3B0x710x5B0x000x000x000x00 C= { V2Trap(231) R=1288002910 system.sysUpTime.0=14134408 S:1.1.4.1.0=E:38204.2.2.4052 E:38204.2.1.2="At Time :2018-08-13 15:05:01 Signaling link 10.10.96.29 is down." E:38204.2.1.3="HCM-SIGNALLING-1,IP:10.10.172.104" E:38204.2.1.6="PARK1" E:38204.2.1.7="" } } }
[email protected]..@.=...

+++++++++++++++++++++++++

while checking in the SNMP logs I am not getting the same logs in ant of the stated below.

snmptt.debug|| snmptthandler.debug snmptt.log || snmpttsystem.log || snmpttunknown.log


can you help me out as we are getting the V3 version of SNMP in the trap and initially I have configured the IP via SNMPv3 now when I trying to change or cross check the same I am not able to find the same on FE?

I am using Nagios XI.

Did you setup the snmptrapd daemon on the Nagios server to receive SNMP version 3 traps?

If not, on your XI server, edit the file /etc/snmp/snmptrapd.conf
At these two lines to the top: The -e 0x8000000001020304 is the engine ID the remote system is using to send the traps. If it is not using it, you can remove it from the createUser option.

This section are the credentials for the user name and encryption passwords used in the traps. Make sure they are updated.

These lines still need to be in the snmptrapd.conf file Save the file and then: Then test the traps again to see if they are received.