SMTP Traps not working since upgrade

[danniiffxi]

Hi Guys

I got the following emails from one of our Infrastructure engineers who setup SNMP Traps last year, however late last year we upgraded from CentOS 6 to CentOS 7 and he suspects it has been broken since then.

I have had a look myself and can't see a problem, so here I am. Any ideas? Please let me know if you need any other information.

Hi

The SNMP traps are not working on Nagios XI (both prod and test), I suspect something happened during the upgrade at the end of last year.

I triggered a test trap from a switch (SWKWSWV01) and even if the trap is defined in nagios and the MIB (re)installed (1).
Even sending a test trap from nagios-test server to itself does not work (2), the trap ends up in the unknow trap log.

Would you please be able to have a look and/or open a ticket with Nagios?

Thanks,


(1)
Mon Feb 1 10:41:27 2021: Unknown trap (.1.3.6.1.6.3.1.1.5.5) received from UNKNOWN at:
Value 0: UNKNOWN
Value 1: 192.168.252.250
Value 2: 194:20:01:38.97
Value 3: .1.3.6.1.6.3.1.1.5.5
Value 4: 192.168.252.250
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.9.2.1.5.0=10.10.10.10
Ent Value 1: .1.3.6.1.4.1.9.9.412.1.1.1.0=1
Ent Value 2: .1.3.6.1.4.1.9.9.412.1.1.2.0=10.10.10.10

(2).
Mon Feb 1 10:51:30 2021: Unknown trap (.1.3.6.1.4.1.8072.2.3.0.1) received from localhost at:
Value 0: localhost
Value 1: 127.0.0.1
Value 2: 45:16:34:38.45
Value 3: .1.3.6.1.4.1.8072.2.3.0.1
Value 4: 127.0.0.1
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.8072.2.3.2.1=123456

[benjaminsmith]

Hi,

I'm pretty sure you're hitting this issue. Please follow the steps in the knowledgebase article below and let us know if this issue is resolved.

SNMP traps are now showing UNKNOWN for the sender IP

If not, please send over the system profile.

To send us your system profile.
Login to the Nagios XI GUI using a web browser.
Click the "Admin" > "System Profile" Menu
Click the "Download Profile" button

Regards,
Benjamin

[danniiffxi]

Hi Benjamin

Sorry for the late reply, it took the infrastructure guys an age to check everything. Unfortunately it is still not working and traps are coming through as unknown. I'll PM you the my system profile now.

Many thanks

[benjaminsmith]

Hi @danniiffxi,

I was pretty certain that was this issue here. We'll gather up some data so we can take a closer look at what's going on. If you want to zip this up in and send it over in PM that would probably be easiest.

1. Attach the following files

Code: Select all

/usr/sbin/snmptt 
/tmp/snmp.tgz
/tmp/sharesnmp.tgz
/tmp/snmplog.tgz

2. Run the following commands as root to gather the SNMP configuration files and the MIB files.

Code: Select all

tar cvfz /tmp/snmp.tgz /etc/snmp/*
tar cvfz /tmp/sharesnmp.tgz /usr/share/snmp/mibs/* --dereference
tar cvfz /tmp/snmplog.tgz /var/log/snmptt/*

3. Also, post the IP address of the device that is sending the trap and the OID.

Thanks,
Benjamin

[danniiffxi]

Hi Benjamin,

All requested info in a PM to you.

[benjaminsmith]

Hi danniiffxi,

It looks like the issue here is that some MIB files are missing and cannot be translated, therefore they are showing up in the snmpttunknown.log. The main OID's in the log are:

1.3.6.1.4.1.9.9.109.2.0.1
1.3.6.1.4.1.12356.101.2.0.301
1.3.6.1.6.3.1.1.5.5

To resolve this, find these MIB file and re-add them to XI in the Admin > Manage MIBs menu.

CISCO-PROCESS-MIB
FORTINET-FORTIGATE-MIB
SW-FIREWALL-TRAPv1.0.MIB
SONICWALL-FIREWALL-TRAP-MIB
DISMAN-EVENT-MIB

Once they have been added, click on the right arrow under the Actions column in the MIB interface and select process traps. For example, try this on the FORTINET-FORTIGATE-MIB since that is already installed on this system. And the same for the DISMAN-EVENT-MIB MIB interface.

For help on how to translate and convert MIB files, take a look at the following knowledgbase article.

Translating and Converting MIB Files

Let us know if you get it resolved.

Benjamin