Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SNMP Trap alter

https://support.nagios.com/forum/viewtopic.php?t=62084

Page 1 of 1

SNMP Trap alter

Posted: Thu Mar 25, 2021 2:52 am
by huaming
Hi,

I've used wizard to build a snmp-trap service which can receive the snmp trap message from target IP. However, I found, e.g I did a change and saved this change at Cisco switch. NagiosXI can receive snmp trap message like below. but can't send out the alter.

"Thu Mar 25 14:02:49 2021 .1.3.6.1.4.1.9.9.43.2.0.1 Normal "Status Events" *.*.*.* - Notification of a configuration management event as 1 3 2"

since in NagiosXI, the status shows 'OK', I guess, there is no configuration set on respective lins in snmptt.cfg. However, I also found same on APC UPS. Below is my snmp trap set on switch. Would you please advise which kind of thing I can do on Nagios configuration side. do I miss out some Mib?

SNMP Trap configured on switch

snmp-server community chinaprod RO
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps cluster
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps errdisable
snmp-server enable traps vlan-membership
snmp-server host *.*.*.* informs version 2c XXX
snmp-server host *.*.*.* version 2c XXX

Re: SNMP Trap alter

Posted: Thu Mar 25, 2021 5:50 pm
by ssax
You would need to change the trap severity from Normal to Warning or Critical on the SNMPTT trap definition if you want it to alert.

Please run this command as root and PM me the resulting /tmp/SNMPFILES.tar.gz file so I can see how you have it setup:

Code: Select all

GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs

Re: SNMP Trap alter

Posted: Mon Mar 29, 2021 2:08 am
by huaming
Thanks, PMed

Re: SNMP Trap alter

Posted: Mon Mar 29, 2021 4:09 pm
by ssax
If you want it to come in as critical you would edit your /etc/snmp/snmptt.conf and change this:

Code: Select all

EVENT ciscoConfigManEvent .1.3.6.1.4.1.9.9.43.2.0.1 "Status Events" Normal
FORMAT Notification of a configuration management event as $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "Notification of a configuration management event as $*"
SDESC
Notification of a configuration management event as
recorded in ccmHistoryEventTable.
Variables:
  1: ccmHistoryEventCommandSource
  2: ccmHistoryEventConfigSource
  3: ccmHistoryEventConfigDestination
  4: ccmHistoryEventTerminalUser
EDESC
To this:

Code: Select all

EVENT ciscoConfigManEvent .1.3.6.1.4.1.9.9.43.2.0.1 "Status Events" Critical
FORMAT Notification of a configuration management event as $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "Notification of a configuration management event as $*"
SDESC
Notification of a configuration management event as
recorded in ccmHistoryEventTable.
Variables:
  1: ccmHistoryEventCommandSource
  2: ccmHistoryEventConfigSource
  3: ccmHistoryEventConfigDestination
  4: ccmHistoryEventTerminalUser
EDESC
Then restart snmptt:

Code: Select all

systemctl restart snmptt
Then when the trap comes in again it will come in as Critical.

Are you seeing them in Admin > Unconfigured Objects?

Are you seeing any of them going into /var/log/snmptt/snmpttunknown.log? If so, please send that file.

You should read through this guide as it gives a thorough explanation of this stuff:

https://support.nagios.com/kb/article.php?id=77

See here as well (no need to run the installation script), just read through it:

https://assets.nagios.com/downloads/nag ... ios_XI.pdf

Re: SNMP Trap alter

Posted: Thu Apr 01, 2021 6:26 pm
by huaming
Thanks, now I understand, i need to change the severity of the alter. so next time, I need to do same on those alters about other devices/applications as well.

Thanks again. ticket can be closed.

Re: SNMP Trap alter

Posted: Fri Apr 02, 2021 6:44 am
by scottwilkerson
huaming wrote:Thanks, now I understand, i need to change the severity of the alter. so next time, I need to do same on those alters about other devices/applications as well.

Thanks again. ticket can be closed.
Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited