Page 1 of 1
Monitoring SNMP traps from F5 load balancer
Posted: Mon Jun 15, 2020 1:14 am
by ets_user
Hi,
We are trying to monitor the F5 load balancer using SNMP trap mechanism.
We added the MIB files to SNMP and we can see it in the defined traps section.
When we tried to send a trap from Load balancer we are not able to see it in snmp log or even in the snmp unknown logs files.
We have the trap mechanism working for our Nutanix clusters to confirm traps are being received.
But in this case we are getting tcpdump traffic from Load balancer ubut stilll not able to see the traps.
Kindly advise.
Re: Monitoring SNMP traps from F5 load balancer
Posted: Mon Jun 15, 2020 4:37 pm
by tgriep
Is the F5 load balancer sending the traps to the Nagios server using SNMP version 2 or SNMP version 3?
W would need to see the SNMP configuration files and the MIB files from the server so can you run the following 3 commands as root.
Code: Select all
tar cvfz /tmp/snmp.tgz /etc/snmp/*
tar cvfz /tmp/sharesnmp.tgz /usr/share/snmp/mibs/* --dereference
tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*
Then post these 3 files so w can check the settings and the MIB files for any errors.
Code: Select all
/tmp/snmp.tgz
/tmp/sharesnmp.tgz
/tmp/snmplog.tgz
If this file exists, post it as well.
Re: Monitoring SNMP traps from F5 load balancer
Posted: Tue Jun 16, 2020 6:18 am
by ets_user
Hi,
Please find below as requested.
Is the F5 load balancer sending the traps to the Nagios server using SNMP version 2 or SNMP version 3?
V3
W would need to see the SNMP configuration files and the MIB files from the server so can you run the following 3 commands as root.
logs as below.
[root@test ~]# tar cvfz /tmp/snmp.tgz /etc/snmp/*
tar: Removing leading `/' from member names
/etc/snmp/nagios-check-storage
/etc/snmp/snmpd.conf
/etc/snmp/snmptrapd.conf
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
/etc/snmp/snmptt.ini
/etc/snmp/snmptt_nxti.bak
/etc/snmp/tmp/
/etc/snmp/tmp/PRISM-MIB.txt
/etc/snmp/tmp/XCLARITY-MIB.txt
/etc/snmp/tmp/UTIMACO-LIMS-ALARM-MIB.txt
/etc/snmp/tmp/CLOUDERA_MIB.txt
/etc/snmp/tmp/F5-BIGIP-LOCAL-MIB.txt
/etc/snmp/tmp/F5-BIGIP-COMMON-MIB.txt
/etc/snmp/tmp/UTIMACO-LIMS-MIB.txt
/etc/snmp/tmp/IF-MIB.txt
/etc/snmp/tmp/AGENTX-MIB.txt
/etc/snmp/tmp/BRIDGE-MIB.txt
/etc/snmp/tmp/DISMAN-SCHEDULE-MIB.txt
/etc/snmp/tmp/DISMAN-EVENT-MIB.txt
/etc/snmp/tmp/DISMAN-SCRIPT-MIB.txt
[root@test ~]# tar cvfz /tmp/sharesnmp.tgz /usr/share/snmp/mibs/* --dereference
tar: Removing leading `/' from member names
/usr/share/snmp/mibs/AGENTX-MIB.txt
/usr/share/snmp/mibs/BRIDGE-MIB.txt
/usr/share/snmp/mibs/CLOUDERA_MIB.txt
/usr/share/snmp/mibs/DISMAN-EVENT-MIB.txt
/usr/share/snmp/mibs/DISMAN-SCHEDULE-MIB.txt
/usr/share/snmp/mibs/DISMAN-SCRIPT-MIB.txt
/usr/share/snmp/mibs/EtherLike-MIB.txt
/usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt
/usr/share/snmp/mibs/F5-BIGIP-LOCAL-MIB.txt
/usr/share/snmp/mibs/HCNUM-TC.txt
/usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
/usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt
/usr/share/snmp/mibs/IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
/usr/share/snmp/mibs/IANAifType-MIB.txt
/usr/share/snmp/mibs/IANA-LANGUAGE-MIB.txt
/usr/share/snmp/mibs/IANA-RTPROTO-MIB.txt
/usr/share/snmp/mibs/IF-INVERTED-STACK-MIB.txt
/usr/share/snmp/mibs/IF-MIB.txt
/usr/share/snmp/mibs/INET-ADDRESS-MIB.txt
/usr/share/snmp/mibs/IP-FORWARD-MIB.txt
/usr/share/snmp/mibs/IP-MIB.txt
/usr/share/snmp/mibs/IPV6-FLOW-LABEL-MIB.txt
/usr/share/snmp/mibs/IPV6-ICMP-MIB.txt
/usr/share/snmp/mibs/IPV6-MIB.txt
/usr/share/snmp/mibs/IPV6-TCP-MIB.txt
/usr/share/snmp/mibs/IPV6-TC.txt
/usr/share/snmp/mibs/IPV6-UDP-MIB.txt
/usr/share/snmp/mibs/LM-SENSORS-MIB.txt
/usr/share/snmp/mibs/MTA-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXAMPLES-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-PASS-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-TC.txt
/usr/share/snmp/mibs/NET-SNMP-VACM-MIB.txt
/usr/share/snmp/mibs/NETWORK-SERVICES-MIB.txt
/usr/share/snmp/mibs/NOTIFICATION-LOG-MIB.txt
/usr/share/snmp/mibs/PRISM-MIB.txt
/usr/share/snmp/mibs/processed_mibs/
/usr/share/snmp/mibs/processed_mibs/AGENTX-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-USER-BASED-SM-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-USM-AES-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-USM-DH-OBJECTS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/EtherLike-MIB.txt
/usr/share/snmp/mibs/processed_mibs/HCNUM-TC.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-VIEW-BASED-ACM-MIB.txt
/usr/share/snmp/mibs/processed_mibs/HOST-RESOURCES-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMPv2-CONF.txt
/usr/share/snmp/mibs/processed_mibs/HOST-RESOURCES-TYPES.txt
/usr/share/snmp/mibs/processed_mibs/IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UCD-DEMO-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IANA-LANGUAGE-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UCD-DISKIO-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IANA-RTPROTO-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IANAifType-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UCD-DLMOD-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IF-INVERTED-STACK-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UCD-IPFWACC-MIB.txt
/usr/share/snmp/mibs/processed_mibs/INET-ADDRESS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IP-FORWARD-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-FLOW-LABEL-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-ICMP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-TC.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-TCP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/IPV6-UDP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/LM-SENSORS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/MTA-MIB.txt
/usr/share/snmp/mibs/processed_mibs/UDP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-EXTEND-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-PASS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-TC.txt
/usr/share/snmp/mibs/processed_mibs/NET-SNMP-VACM-MIB.txt
/usr/share/snmp/mibs/processed_mibs/NETWORK-SERVICES-MIB.txt
/usr/share/snmp/mibs/processed_mibs/RFC1155-SMI.txt
/usr/share/snmp/mibs/processed_mibs/RFC1213-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SCTP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SMUX-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-COMMUNITY-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-FRAMEWORK-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-MPD-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-NOTIFICATION-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-PROXY-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMP-TARGET-MIB.txt
/usr/share/snmp/mibs/processed_mibs/SNMPv2-TC.txt
/usr/share/snmp/mibs/processed_mibs/SNMPv2-TM.txt
/usr/share/snmp/mibs/processed_mibs/TCP-MIB.txt
/usr/share/snmp/mibs/processed_mibs/TRANSPORT-ADDRESS-MIB.txt
/usr/share/snmp/mibs/processed_mibs/TUNNEL-MIB.txt
/usr/share/snmp/mibs/RFC1155-SMI.txt
/usr/share/snmp/mibs/RFC1213-MIB.txt
/usr/share/snmp/mibs/RFC-1215.txt
/usr/share/snmp/mibs/RMON-MIB.txt
/usr/share/snmp/mibs/SCTP-MIB.txt
/usr/share/snmp/mibs/SMUX-MIB.txt
/usr/share/snmp/mibs/SNMP-COMMUNITY-MIB.txt
/usr/share/snmp/mibs/SNMP-FRAMEWORK-MIB.txt
/usr/share/snmp/mibs/SNMP-MPD-MIB.txt
/usr/share/snmp/mibs/SNMP-NOTIFICATION-MIB.txt
/usr/share/snmp/mibs/SNMP-PROXY-MIB.txt
/usr/share/snmp/mibs/SNMP-TARGET-MIB.txt
/usr/share/snmp/mibs/SNMP-USER-BASED-SM-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-AES-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-DH-OBJECTS-MIB.txt
/usr/share/snmp/mibs/SNMPv2-CONF.txt
/usr/share/snmp/mibs/SNMPv2-MIB.txt
/usr/share/snmp/mibs/SNMPv2-SMI.txt
/usr/share/snmp/mibs/SNMPv2-TC.txt
/usr/share/snmp/mibs/SNMPv2-TM.txt
/usr/share/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
/usr/share/snmp/mibs/TCP-MIB.txt
/usr/share/snmp/mibs/TRANSPORT-ADDRESS-MIB.txt
/usr/share/snmp/mibs/TUNNEL-MIB.txt
/usr/share/snmp/mibs/UCD-DEMO-MIB.txt
/usr/share/snmp/mibs/UCD-DISKIO-MIB.txt
/usr/share/snmp/mibs/UCD-DLMOD-MIB.txt
/usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt
/usr/share/snmp/mibs/UCD-SNMP-MIB.txt
/usr/share/snmp/mibs/UDP-MIB.txt
/usr/share/snmp/mibs/UTIMACO-LIMS-ALARM-MIB.TXT
/usr/share/snmp/mibs/UTIMACO-LIMS-MIB.TXT
/usr/share/snmp/mibs/XCLARITY-MIB.txt
[root@test ~]# tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*
tar: Removing leading `/' from member names
/var/log/snmptt/snmptt.log
/var/log/snmptt/snmptt.log-20200517
/var/log/snmptt/snmptt.log-20200601
/var/log/snmptt/snmptt.log-20200607
/var/log/snmptt/snmptt.log-20200614
/var/log/snmptt/snmpttsystem.log
/var/log/snmptt/snmpttsystem.log-20200517
/var/log/snmptt/snmpttsystem.log-20200601
/var/log/snmptt/snmpttsystem.log-20200607
/var/log/snmptt/snmpttsystem.log-20200614
/var/log/snmptt/snmpttunknown.log
/var/log/snmptt/snmpttunknown.log-20200517
/var/log/snmptt/snmpttunknown.log-20200524
/var/log/snmptt/snmpttunknown.log-20200531
/var/log/snmptt/snmpttunknown.log-20200607
/var/log/snmptt/test.mib
Then post these 3 files so w can check the settings and the MIB files for any errors.
Attached.
If this file exists, post it as well.
Not exists.
Re: Monitoring SNMP traps from F5 load balancer
Posted: Tue Jun 16, 2020 2:26 pm
by tgriep
Thanks for the files. For some reason, the snmplog.tgz file are missing data so I may need you to run this again
Code: Select all
tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*
and upload the /tmp/snmplog.tgz file again.
One thing I see is that the MIB is uploaded and have defined traps but thew passive section for the definitions are missing so you will have to edit them defined traps and enable and add the passive section.
See this document on Page 8 for the Passive settings for the TRAPS.
https://assets.nagios.com/downloads/nag ... h-NXTI.pdf
Because the received traps are not showing up in the snmptt.log or the snmpttunknown.log file, then it is probably a SNMP version 3 authentication issue.
Make sure there is an entry in the /etc/snmp/snmptrapd.conf file with the credentials for the F5 system.
If it does, then you will have to run the snmptrapd daemon in debug mode.
Open a root shell and stop snmptrapd
Run snmptrapd in the forground, run this as root in a ssh session.
Code: Select all
snmptrapd -f -C -c /etc/snmp/snmptrapd.conf -Le -D
Login to the F5 device and see if you can generate a TRAP.
Get all of the console log messages from the snmptrapd console and post it.
Put it in a text file and attach that to the post as it could be very large.
Re: Monitoring SNMP traps from F5 load balancer
Posted: Wed Jun 24, 2020 3:14 pm
by ets_user
We do not see an entry for F5 in /etc/snmp/snmptrapd.conf file.
Please let us know how to add (where to find engine ID) so that we will proceed and send the logs.
Because the received traps are not showing up in the snmptt.log or the snmpttunknown.log file, then it is probably a SNMP version 3 authentication issue.
--How can we check this, will there be any version mismatch?
Re: Monitoring SNMP traps from F5 load balancer
Posted: Thu Jun 25, 2020 10:55 am
by tgriep
Whom ever setup the F5 unit, will have to provide the required information that needs to be added to the snmptrapd.conf file as all of that data is there.
Ask the person who setup the F5 device to provide the username, engine ID, Auth password, Auth protocol, Priv password and Priv protocol.
Add it to the snmptrapd.conf file like one of the existing ones and then restart snmptrapd and see if that works.