SNMP Trap defination with a fixed OID for several services

[parisa]

Thank you, It works, I have used $1 , $2, ... and $N , $aA ,... together because it couldn't recognize some variables.
for example, S23 is not recognized as Event-Name , I used $N instead of it.

Now, I have a question, How can I use MATCH statement several times in a trap definition?
for example, I want to use it for "XFaultFlag" and "XEventName", are below lines correct?
MATCH $9: xxx
MATCH $23:yyy
and does Nagios check both of the conditions ? actually I want "AND or OR" of the conditions ?

[parisa]

The problem of fault/recovery definition for every alarm had been resolved but I have faced with problem again, I don't know what is wrong?
I have defined two traps , a trap for fault state and another trap for recovery state as below:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.x.7.1.0.1 "XEventNotify" Critical
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$1" "Alarm_1" CRITICAL $@ "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$6" "$4" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"  MATCH $9:Fault
SDESC
The Trap is related to Alarm_1 
EDESC

Code: Select all

EVENT Alarm_1-cleared .1.x.x.x.x.x.x.x.x.x.7.1.0.1 "XEventNotify" Normal
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$1" "Alarm_1" OK $@ "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$6" "$4" "$-*" "The SNMP trap that is generated as a result of an event with the service $*" MATCH $9:Recovery
SDESC
The Trap is related to Alarm_1 when it has been cleared
EDESC

I used to get fault and recovery state of an alarm with your solution (use MATCH statement) but now doesn't change state of a service to "OK" when I receive trap for recovery a alarm. ( I see trap of recovery of an alarms in snmptt.log and I can see to change description service to recovery but the state is not changed to OK ),
Only change the state to critical.

[tgriep]

I took a look at the snmptt web site and you can use multiple MATCH statements.
Take a look at this site under the MATCH: section for more details on how the MATCH statement evaluates the statement.
http://snmptt.sourceforge.net/docs/snmp ... CONF-MATCH

If you want to match on both statements, you will have to set the MATCH MODE to "and" so that both of them have to be true to execute the trap.
MATCH MODE=and

The snmptraphandling.py script, the 3rd option is the status that is getting sent to the Nagios process and the first line, you have is set to OK but that is not a valid string and the script is not passing it.
The correct option to use is the word NORMAL. so replace the OK with NORMAL and it should send the correct statue for that trap.

[parisa]

Hi,
I have defined trap (In "add a Trap-definition", on UI) as below:

Trap Details:
Event Name: Alarm_1
OID: .1.x.x.x.x.x.x.x.x.1.7.1.0.1
Category: XEventNotify
Severity: Critical
Description: The Trap is related to Alarm_1
Passive Service Setup:
Enable Passive Service Setup
Host Name: $1
Service Description: Alarm_1
Severity: Critical
Service Output: Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10
Exec: /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*" MATCH $9:Fault MATCH $N:ETH_LOS MATCH MODE=and

and I have defined for recovery state of the alarm as below:
Trap Details:
Event Name: Alarm_1_cleared
OID: .1.x.x.x.x.x.x.x.x.1.7.1.0.1
Category: XEventNotify
Severity: Normal
Description: The Trap is related to Alarm_1 when has been cleared
Passive Service Setup:
Enable Passive Service Setup
Host Name: $0
Service Description: Alarm_1
Severity: OK
Service Output: Received trap from Host: $0 with Alarm: $N at Time: $5 with severity: $7 and Category: $10
Exec: /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*" MATCH $9:Recovery MATCH $N:ETH_LOS MATCH MODE=and

but when I checked "snmptt.conf.nxti", the trap is as below:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.1.7.1.0.1 "XEventNotify" Critical
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"  MATCH $9:Fault MATCH $N:Alarm_1 MATCH MODE=and
SDESC
The Trap is related to Alarm_1
EDESC

and:

Code: Select all

EVENT ETH_LOS_Cleared .1.3.6.1.4.1.2011.2.15.1.7.1.0.1 "hwNmNorthboundEventNotify" Normal
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" OK $@ "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"  MATCH $9:Recovery MATCH $N:Alarm_1 MATCH MODE=and
SDESC
The Trap is related to Alarm_1 has been cleared
EDESC

Note: Alarm_1 is a service too (service_1)

And snmptt.conf.nxti is not edited by hand, when edit it , after restart snmptt.service, it comeback to previous configuration.
And also Match statements don't work, because I add it in "Additional Raw Data" field of "Add a Trap Definition", it is shown as below and don't work:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.1.7.1.0.1 "XEventNotify" Critical
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*" 
MATCH $9:Fault^M
MATCH $N:Alarm_1^M
MATCH MODE=and

"^M" is added when I press Enter key.( even it don't work as follow: MATCH $9:Fault MATCH $N:Alarm_1 MATCH MODE=and )
And now I'm not able to delete it ( MATCH statemnets) via GUI.

Would you please tell me How I can use snmptt.conf instead of snmptt.conf.nxti to be able edit traps as hand-edit.
when upload MIB by SNMPTT (not SNMP Trap Interface), there is "This trap definition is being managed by NXTI" on top of each trap.

Thanks

[tgriep]

Please review this document which describes how to use the Nagios XI SNMP Trap Interface (NXTI) to monitor and manage incoming SNMP Traps.
https://assets.nagios.com/downloads/nag ... h-NXTI.pdf


The default SNMPTT configuration file on your Nagios XI server is /etc/snmp/snmptt.conf and is where the non-NXTI trap configurations reside.
NXTI utilizes the separate configuration file snmptt.conf.nxti, this file should never be edited manually as those changes will be lost.
Whenever you add / edit / remove a trap in NXTI snmptt.conf.nxti, is updated automatically and the snmptt service is restarted.


If you look at the bottom of the /etc/snmp/snmptt.ini file, you will see a [TrapFiles] section.
This is a list of the config files the snmptt daemon lloads.
The following file is the default configuration file and any manual changes, should be dome to this file so that is the one you should be editing.

Code: Select all

/etc/snmp/snmptt.conf

Try moving all of the custom Traps to this file and not edit the .nxti file as that gets over written by the XI GUI.

[parisa]

Thanks for your answer

I understand not to be able to change snmptt.conf.nxti (it is note top of snmptt.conf.nxti) but when I use GUI, I face with mentioned problem in last post.(the problem was related to match statement definition)

So I wanted to use snmptt.conf but when upload MIB by SNMPTT (not SNMP Trap Interface), there is "This trap definition is being managed by NXTI" on top of each trap and when define traps in snmptt.conf, it is not able to recognize traps. ( I have traps in snmptt.log but state service is not changed)

Would you please tell me How I can use snmptt.conf instead of snmptt.conf.nxti.

[tgriep]

To upload a MIB file and ass it to the snmptt.conf file, you would go to the Admin > Manage MIBs menu.
Select the "Add to SNMPTT" option and when you upload a MIB file, it will only add it to the /etc/snmp/snmptt.conf file.

That file should be part of the /etc/snmp/snmptt.ini file so when the snmptt.ini file is restarted, it will load that file.
It should look like this.

Code: Select all

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path 
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
END

I did recreate the ^M (Carriage Return) that you are seeing at the end of the MATCH statement.

I'll file a bug fix to get that changed.

If you do use the SNMP Trap Interface menu to edit / create the TRAPS, you do not need to fill in the Optional Exec string and the previous data will create the EXEC line unless you need another EXEC command for something else.

[parisa]

Hi,

I had uploaded Mibs just like you said and the snmptt_conf_files part of snmptt.ini was as below:

Code: Select all

snmptt_conf_files = <<END
/usr/share/snmp/mibs/processed_mibs/NAGIOS-NOTIFY-MIB.txt
/usr/share/snmp/mibs/processed_mibs/RFC-1215.txt
/usr/share/snmp/mibs/processed_mibs/DISMAN-SCHEDULE-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IF-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-EXAMPLES-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-MIB.txt
/usr/share/snmp/mibs/processed_mibs/DISMAN-EVENT-MIB.txt
/usr/share/snmp/mibs/processed_mibs/RMON-MIB.txt
/usr/share/snmp/mibs/processed_mibs/T2000-NETMANAGEMENT-MIB.txt
/usr/share/snmp/mibs/processed_mibs/DISMAN-SCRIPT-MIB.txt
/usr/share/snmp/mibs/processed_mibs/BRIDGE-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMPv2-MIB.txt
/usr/share/snmp/mibs/processed_mibs/HW-IMAPV1NORTHBOUND-TRAP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-AGENT-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UCD-SNMP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMPv2-SMI.txt
/usr/share/snmp/mibs/processed_mibs/NOTIFICATION-LOG-MIB.txt
/usr/share/snmp/mibs/processed_mibs/HW-IMAPV2NORTHBOUND-TRAP-MIB.txt
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti

*The Mibs is uploaded successfully, and traps is added in snmptt.conf but they is shown as comment and there is "This trap definition is being managed by NXTI" on top of each trap.

I defined new trap in snmptt.conf but the state of service is not changed when a trap is received by Nagios ( I have defined new traps similar to previous post)

please guide me,
1) In NXTI, I can not use "Additional Raw Data" to add Match statements and I can not use some Match statement in a Exec because based on previous post, it didn't work:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.1.7.1.0.1 "XEventNotify" Critical
FORMAT Received trap "$N" with variables "$+*"
EXEC php /usr/local/nagiosxi/scripts/nxti.php --event_name="$N"  --event_oid="$i" --numeric_oid="$o" --symbolic_oid="$O" --community="$C" --trap_hostname="$R" --trap_ip="$aR" --agent_hostname="$A" --agent_ip="$aA" --category="$c" --severity="$s" --uptime="$T" --datetime="$x $X" --unixtime="$@" --bindings="$+*"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "" "Received trap from Host: $1 with Alarm: $N at Time: $5 with severity: $7 and Category: $10"
EXEC /usr/local/bin/snmptraphandling.py "$0" "Alarm_1" "$s" "$@" "$-*" "The SNMP trap that is generated as a result of an event with the service $*"  MATCH $9:Fault MATCH $N:Alarm_1 MATCH MODE=and
SDESC
The Trap is related to Alarm_1
EDESC

2)In SNMPTT.conf , I have faced with above problem (*).

[tgriep]

This message "This trap definition is being managed by NXTI" means that the OID already exists in the nxti file.
So, if you want to use the snmptt.conf file to edit the traps, you need to remove the current entries from the SNMP Trap Interface and then upload them again.
Then you will be able to edit the traps in the snmptt.conf file and add the MATCH statements.

The issue with the "Additional Raw Data" field, I did file a bug report to get it fixed so you cannot use it until it gets fixed and the component is updated.

[parisa]

I got backup from snmptt.conf and created snmptt.conf again and deleted related MIBs and then added them again by SNMPTT, problem related to the message "This trap definition is being managed by NXTI" has been resolved.
Now I receive traps on "SNMP Trap" service.
When I defined traps in SNMPTT.conf to get traps on its relevant service as below:

Code: Select all

EVENT Alarm_1 .1.x.x.x.x.x.x.x.x.1.7.1.0.1 "TRS_Alarms" Critical
FORMAT $*
EXEC /usr/local/bin/snmptraphandling.py "$aA" "Alarm_1" "$s" "$@" "" "$*"
MATCH $9:Fault
MATCH $N:Alarm_1
MATCH MODE=and
SDESC
The Trap is related to Alarm_1 Alarm
EDESC
##
##
EVENT Alarm_1_Cleared .1.x.x.x.x.x.x.x.x.1.7.1.0.1 "TRS_Alarms" Normal
FORMAT $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "Alarm_1" "$s" "$@" "" "$*"
MATCH $9:Recovery
MATCH $N:Alarm_1
MATCH MODE=and
SDESC
The Trap is related to Alarm_1 Alarm, when the alarm has been cleared
EDESC

It doesn't work but when I delete Match statements, traps are received but they are not correct because the type and fault/recovery of every alarm is not recognized correctly. (Actually the Match statements don't work correctly)

As you may remember, I had told that I have a OID for around 15 services. (So I have to use Match statement to separate them)