Nagios Support Forum

Hello

For some reason all the traps we are receiving are with normal serverity, do you have an idea what may cause this?
For example ( from /var/log/snmptt/snmptt.log):
Wed Dec 18 11:19:18 2019 .1.3.6.1.4.1.9148.3.8.6.3.0.1 Normal "Status Events" somehostname - The notification will be generated whenever a trap is received from devices managed by NNC or a trap is generated by NNC server its self. 2679 SessionAgent SessionAgent.oraclesdm;IPaddress;Hostname=somehostname 1 Wed Dec 18 11:19:18 EET 2019 4 1 SA HostName = somehostname. SA IP Address = IPAddress. SA Status = inservice. SA Status Reason = inservice. apNNCItuX733AdditionalInformationIdentifier = 1. apNNCItuX733AdditionalInformationIndicator = 2. apNNCItuX733AdditionalInformationInformation = sourceHostTargetName = somehostname.
The sending system classifies this as critical, but for Nagios is just normal, so no alarm is sent out.

We have several systems sending but always the severity for each event is normal.

Thank you.

Have any of the systems' events ever registered as critical, or are these systems new in the monitoring environment?

The events need to be defined as critical in /etc/snmp/snmptt.conf. Have you modified this file? More information can be found here,
https://support.nagios.com/kb/article/n ... al-77.html

No, all the systems so far have only generated normal status events. My question is that the sending system classifies the alarms as critical, if i look at the /etc/snmp/snmptt.conf file the same alert with same oid is classified as NORMAL. How are the severity level generated to the /etc/snmp/snmptt.conf file, are they taken from the MIB file that corresponds to the oid?

Yes, currently i can go and change the /etc/snmp/snmptt.conf file and tell that the output should be CRITICAL but what happends to the rest of the traps i currently i have no knowledge of and they appear only when a problem occurs. Then i will not know about the event because it will processed as NORMAL and no alarm is sent out.

No, the entries in snmptt.conf treat everything as normal until it is otherwise matched and defined. Unfortunately we can't auto associate the severity of the SNMP trap to a Nagios severity, because the SNMP trap severity isn't standardized. Sometimes it's a string like NORMAL/WARNING/CRITICAL, and sometimes it's a number 0-6, but even when it's a number, it's not 0=normal, 6=critical. It varies from manufacturer to manufacturer.

Ok, good to know. Is it possible in that case to send alarm out on each trap sent to specific host, even if they are with NORMAL status?

Are you using Admin > SNMP Trap Interface or manually managing them in the /etc/snmp/snmptt.conf or /etc/snmp/snmptt.conf.nxti? (please be specific)

If you are using Admin > SNMP Trap Interface, you should be able to click the Defined Traps tab, edit the trap, and change the Severity from Parse to what you want it set to.

Otherwise, you would need to adjust the trap definition like so:
- Actually, don't modify the /etc/snmp/snmptt.conf.nxti by hand, use the web interface as it will cause issues

For /etc/snmp/snmptt.conf.nxti (from):

EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Normal

To:

EVENT NXTI_Event_1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "NXTI Test Event" Critical


For /etc/snmp/snmptt.conf (from):

EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal

To:

EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical

See here for advanced manipulation features:

http://snmptt.sourceforge.net/docs/snmp ... ile-format


See here for all the related KB articles for this:

Im not using Admin > SNMP Trap Interface at all. Im using configuration wizard and snmp traps service wizard. I see the traps coming in after service is created but all with NORMAL status.
Under Admin > SNMP Trap Interface has no traps defined or any traps received.
Not clear to me:
1) How should i change the events status? Change manually the status under /etc/snmp/snmptt.conf?
2) When i receive traps at the moment with NORMAL status for nagios, but sender classifies as CRITICAL, can i send email out on a trap even if it is with NORMAL status? Else i will have no knowledge of traps coming in that i need to changes from NORMAL -> CRITICAL in nagios side.

If you are seeing the traps in your XI web interface that means someone already set it up for you and now you need to adjust them to what you want.

First, check here for defined traps:

Admin > SNMP Trap Interface

If you don't see any there, run this command (as root) and send me the resulting /tmp/SNMPFILES.zip file:
More than likely, if you do not see any defined in Admin > SNMP Trap Interface you will need to do this:

As an example, edit your /etc/snmp/snmptt.conf (from):

EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Normal

To:

EVENT ciscoEpmNotificationAlarm .1.3.6.1.4.1.9.9.311.0.1 "Status Events" Critical

See here for advanced manipulation features:

http://snmptt.sourceforge.net/docs/snmp ... ile-format

If you are finally absolutely sure you're manually managing things through /etc/snmp/snmptt.conf then you can use this as well for a web based utility:
Which can be uploaded from Admin > Manage Components.