Nagios Support Forum

Posted: **Fri Jul 12, 2019 9:41 am**

Hi, i've a problem with checking the state of WatchGuard MultiWan, because the only way to do is with the traps, not with SNMP query.
I simulated a problem and checked the nagiosxi logs and i find the 2 trap from the device as aspected: the first for the Down message and the second for the Up message.
But the problem is that the OID it's the same!
The only difference is in the Ent Value 3 but, correct me if i wrong, it's not possibile to configure a check on this..
Any idea?

Code: Select all

Thu Jul 11 16:30:57 2019: Unknown trap (.1.3.6.1.4.1.3097.2.3.0.1) received from 172.30.1.1 at:
Value 0: 172.30.1.1
Value 1: 172.30.1.1
Value 2: 6:15:58:00.75
Value 3: .1.3.6.1.4.1.3097.2.3.0.1
Value 4: 172.30.1.1
Value 5:
Value 6: .1.3.6.1.4.1.3097.2.3
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.3097.2.4.2.0=multi-wan event
Ent Value 1: .1.3.6.1.4.1.3097.2.4.3.0=Thu Jul 11 16:30:57 2019 (CEST)
Ent Value 2: .1.3.6.1.4.1.3097.2.4.5.0=FWL01X002
Ent Value 3: .1.3.6.1.4.1.3097.2.4.6.0=External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0

Code: Select all

Thu Jul 11 16:36:13 2019: Unknown trap (.1.3.6.1.4.1.3097.2.3.0.1) received from 172.30.1.1 at:
Value 0: 172.30.1.1
Value 1: 172.30.1.1
Value 2: 6:16:03:15.29
Value 3: .1.3.6.1.4.1.3097.2.3.0.1
Value 4: 172.30.1.1
Value 5:
Value 6: .1.3.6.1.4.1.3097.2.3
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.3097.2.4.2.0=multi-wan event
Ent Value 1: .1.3.6.1.4.1.3097.2.4.3.0=Thu Jul 11 16:36:12 2019 (CEST)
Ent Value 2: .1.3.6.1.4.1.3097.2.4.5.0=FWL01X002
Ent Value 3: .1.3.6.1.4.1.3097.2.4.6.0=External interface[WAN] is now UP, link 1, ip=192.168.1.2 mask=255.255.255.0

Posted: **Fri Jul 12, 2019 1:25 pm**

To get separate Alerts with the Traps, you would have to create 2 separate trap entries and add a Match state to them. Plus some minor changes.
The Match statement will look at the 3rd value and generate an alert accordingly.

Take a look at the Nagios XI - SNMP Trap Tutorial at this link.
https://support.nagios.com/kb/article/n ... al-77.html

Go to the section "Create Custom Events In SNMPTT" for details on how to setup the separate traps.

Or, if you are using a newer version of XI, you can use this document for the SNMP Trap Interface and the Match statement will go in to the Additional Raw Data field. See page 10.
https://assets.nagios.com/downloads/nag ... h-NXTI.pdf

Before doing the above, you will have to upload the MIB file for the device.
Go to the Admin > Manage MIBs menu, browse for the MIB and check the upload it there.

Posted: **Mon Jul 15, 2019 9:42 am**

Thanks Tom, usefull as usual!
I uploaded the mib with trap processing, but in /etc/snmp/snmptt.conf only this line is added

Code: Select all

MIB: WATCHGUARD-SYSTEM-CONFIG-MIB (file:/usr/share/snmp/mibs/WATCHGUARD-SYSTEM-CONFIG-MIB.mib) converted on Mon Jul 15 15:34:41 2019 using snmpttconvertmib v1.4beta2

The file with the OID .1.3.6.1.4.1.3097.2.3.0.1 is this
http://www.circitor.fr/Mibs/Mib/W/WATCH ... IG-MIB.mib

Anyway is it necessary?
also if i define the event in snmptt.conf with the OID?

and for the Match part can i put a line like this

Code: Select all

Match $4: External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0

or is better with the ""

Code: Select all

Match $4: "External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0"

or can i use the* like this:

Code: Select all

Match $4: External interface[WAN] is now DOWN*

Sorry but i haven't found this informations in the web

Posted: **Mon Jul 15, 2019 11:55 am**

The reason the reason there is only that line in the snmptt.conf file is that the WATCHGUARD-SYSTEM-CONFIG-MIB file requires another MIB file to be loaded first.
If you haven't done so, upload this mib tile first.

Code: Select all

WATCHGUARD-MIB

Remove this line from the snmptt.conf file

Code: Select all

MIB: WATCHGUARD-SYSTEM-CONFIG-MIB (file:/usr/share/snmp/mibs/WATCHGUARD-SYSTEM-CONFIG-MIB.mib) converted on Mon Jul 15 15:34:41 2019 using snmpttconvertmib v1.4beta2

And re-upload the WATCHGUARD-SYSTEM-CONFIG-MIB.mib file so it will add the entries.

Most MIB files load settings from other MIB files.
Open one up and under the IMPORTS section, they usually have the names of the MIBs that have to be loaded first.

For the Match statement, you can use the whole string in the Match statement like the following example.

Code: Select all

Match $4: (External interface[WAN] is now DOWN, link 1, ip=192.168.1.2 mask=255.255.255.0)

Or for a partical string, you can use this.

Code: Select all

Match $4: (DOWN)

When using strings, they have to be between the () to be used as a regex to find the data.

See this link.
http://snmptt.sourceforge.net/docs/snmptt.shtml

Nagios Support Forum

Watchguard Trap Trouble

Watchguard Trap Trouble

Re: Watchguard Trap Trouble

Re: Watchguard Trap Trouble

Re: Watchguard Trap Trouble