Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

snmp trap / syslog unable to understand

https://support.nagios.com/forum/viewtopic.php?t=60004

Page 1 of 1

snmp trap / syslog unable to understand

Posted: Tue Sep 08, 2020 11:08 pm
by hsoc_mng
I have configured snmp trap for cisco asa and riverbed steelconnect. but the logs in nagios seem hard to understand.
i would like to configure more straight forward log rather thn complicating to understand. pls assist.

log from steelconnect :
0d\u0002\u0001\u0001\u0004\nnagiossnmp\xA7S\u0002\u0004\u0002aV\x8C\u0002\u0001\u0000\u0002\u0001\u00000E0\u0010\u0006\b+\u0006\u0001\u0002\u0001\u0001\u0003\u0000C\u0004\u0003\xF3\v\xA40\u0017\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0001\u0000\u0006\t+\u0006\u0001\u0006\u0003\u0001\u0001\u0005\u00050\u0018\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0003\u0000\u0006\n+\u0006\u0001\u0004\u0001\xBF\b\u0003\u0002\n


log from asa :
0\x82\u0001\xC5\u0002\u0001\u0001\u0004\nnagiossnmp\xA7\x82\u0001\xB2\u0002\u0001\u0002\u0002\u0001\u0000\u0002\u0001\u00000\x82\u0001\xA50\u0010\u0006\b+\u0006\u0001\u0002\u0001\u0001\u0003\u0000C\u0004J6\xCD\xC00\u0019\u0006\n+\u0006\u0001\u0006\u0003\u0001\u0001\u0004\u0001\u0000\u0006\v+\u0006\u0001\u0004\u0001\t\t)\u0002\u0000\u00010\u0014\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0002\u0000\u0004\u0002200\u0013\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0003\u0000\u0002\u0001\u00050\u001D\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0004\u0000\u0004\vSyslog_Trap0\x82\u0001\u0012\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0005\u0000\u0004\x81\xFF<164>Sep 09 2020 12:03:56 192.168.100.1 : %ASA-4-313005: No matching connection for ICMP error message: icmp src inside:192.168.100.51 dst outside:8.8.8.8 (type 3, code 3) on inside interface. Original IP payload: udp src 8.8.8.8/53 dst 192.168.100.51/490\u0016\u0006\u000E+\u0006\u0001\u0004\u0001\t\t)\u0001\u0002\u0003\u0001\u0006\u0000C\u0004J6\xCD\xC0

Re: snmp trap / syslog unable to understand

Posted: Wed Sep 09, 2020 3:29 pm
by cdienger
If the devices are sending snmp traps to the NLS machine then they are sending to the wrong input. Instead of sending snmp traps to the NLS syslog input, you should create a new input for snmp traps. Per https://www.elastic.co/guide/en/logstas ... ptrap.html, an input could look like:

Code: Select all

snmptrap{
community => "public"
port => "1062"
}
The devices would then need to be configured send their traps to the 1062 port and use the public community.

https://assets.nagios.com/downloads/nag ... Inputs.pdf covers adding inputs to NLS.

Note that adding an input usually requires opening the port on the NLS machine's local firewall. See the above document for the commands as they depend on your OS. You may also need to allow the port through other firewalls in your environment.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited