Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Traps delivered to Nagios from device but not shown in GUI

https://support.nagios.com/forum/viewtopic.php?t=52862

Page 1 of 2

Traps delivered to Nagios from device but not shown in GUI

Posted: Thu Mar 07, 2019 7:16 am
by nms
Hi,

I have installed successfully "NagiosXI-SNMPTrap-setup.sh" and started off by testing traps to the local host (thus excluding firewall rules).
At this stage, all's well with SNMP Traps wizard setup and trap successfully visible in the GUI.
My test were made of sending this test trap from the local host itself:

Code: Select all

snmptrap -v 2c -c <community> 10.192.4.20 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456
I could then see it nice and clear:
2019-03-07_1306.png
After that, I tested on a remote Linux machine (the one I need the traps for). I made sure that access is granted by the firewall for UDP port 162.
This proved to be correct as when testing using the same snmptrap command from the remote host, I could see the trap coming into the nagios server from the tcpdump command.
2019-03-07_1309.png
The issue I have is that the trap is not visible in the snmpttunknown.log, nor visible in nagios.log, and thus I don't see it in the GUI, still "Waiting for Trap..."

How can I rectify the issue?

Nagios version is 5.4.13 running on CentOS 6.10.

Re: Traps delivered to Nagios from device but not shown in G

Posted: Thu Mar 07, 2019 2:03 pm
by cdienger
Also check the /var/log/snmptt/snmptt.log and /var/log/messages after sending the trap from the remote machine. Did you add the check for the remote host using unconfigured objects(Admin > Monitoring > Config > Unconfigured Objects)?

Re: Traps delivered to Nagios from device but not shown in G

Posted: Fri Mar 08, 2019 1:18 am
by nms
Hi,

None of these log files contain the test trap, quite strange. Only the tcpdump is confirming that somehow the trap is reaching nagios.

As of for unconfigured objects, this was checked many times, but none listed.

Rgds,

Re: Traps delivered to Nagios from device but not shown in G

Posted: Fri Mar 08, 2019 10:57 am
by cdienger
Can you provide a copy of /etc/snmp/snmptt.conf and the output of iptables -L?

Re: Traps delivered to Nagios from device but not shown in G

Posted: Fri Mar 08, 2019 12:57 pm
by nms
Hello,

Here they are:

The rule has been set up automatically by the script.

Code: Select all

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:snmptrap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
snmptt.conf attached. The test snmptrap definition is also setup (last one in the conf)

Thanks

Re: Traps delivered to Nagios from device but not shown in G

Posted: Fri Mar 08, 2019 3:48 pm
by npolovenko
@nms, Can you show us the output of:
ps -ef |grep snmp
Also, please upload snmptt.ini and snmptt.conf configs in this thread:
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.ini

Re: Traps delivered to Nagios from device but not shown in G

Posted: Mon Mar 11, 2019 2:27 pm
by nms
Hi,

Please find below snmptt process. ini and conf file attached

Code: Select all

ps -ef |grep snmp
root      2236     1  0 Mar06 ?        00:02:47 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid
root     13825 23633  0 20:26 pts/0    00:00:00 grep snmp
root     27668     1  0 20:02 ?        00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon
snmptt   27669 27668  0 20:02 ?        00:00:00 /usr/bin/perl /usr/sbin/snmptt --daemon
Thank you

Re: Traps delivered to Nagios from device but not shown in G

Posted: Mon Mar 11, 2019 3:17 pm
by npolovenko
@nms, TCP dump can process packets before they get captured by the firewall. I suggest turning off the firewall completely and sending the trap to the Nagios server. Then check the logs one more time.
/var/log/snmptt/snmptt.log
/var/log/snmptt/snmpttunknown.log

Re: Traps delivered to Nagios from device but not shown in G

Posted: Mon Mar 25, 2019 10:52 am
by nms
Hi,

apologies for a late reply.

The tcpdump is captured directly on the nagios XI server.
The scenario is semding traps from:

"remote server (am1-int-hlr01-p_p-nwops)" ---> "FW" ---> "NagiosXI (10.192.4.20)"
2019-03-25_1619.png
As you can see above the Nagios server is successfully receiving the trap but somehow it's not being translated, hence there is no firewall issue.

Again I have checked the snmpttunknown.log file but could not find any entry.

The test I'm using is sending this command from the remote server:

Code: Select all

snmptrap -v 2c -c <community-string> 10.192.4.20 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456
Rgds,

Re: Traps delivered to Nagios from device but not shown in G

Posted: Mon Mar 25, 2019 4:39 pm
by ssax
Please run this command and PM one of us the resulting /tmp/SNMPFILES.zip file:

Code: Select all

zip -r /tmp/SNMPFILES.zip /etc/snmp /var/log/snmptt
Thank you
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited