Page 1 of 2
Traps display only at "Unknown Traps Log Contents"
Posted: Fri Jan 28, 2022 8:29 am
by agpol07
Hi,
I'm triggerring some traps from a Cisco switch to Nagios XI, but it displayed only at Unknown Traps Log Contents.
Can somebody help me?
When i try to manually add the oid it says that
SQL Error [nagiosxi] : Duplicate entry 'SyslogMSG' for key 'xi_cmp_trapdata.trapdata_event_name'
Version 5.8.7 (Linux RH)
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Fri Jan 28, 2022 6:12 pm
by pbroste
Hello
@agpol07
Thanks for reaching out, want to dig into this a bit more by executing the following snmptrap with the oid:
Code: Select all
snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
Want to take a look at the snmptt logs:
Code: Select all
tar -czvf /tmp/smptrapdlogs.tar.gz /var/log/snmptt/*.log
Would like to take a look at your Nagios XI System Profile so we can see what is going on.
To send us your system profile.
- Login to the Nagios XI GUI using a web browser.
- Click the "Admin" > "System Profile" Menu
- Click the "Download Profile" button
- Save the profile.zip file and send via Private Message
Thanks,
Perry
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Fri Jan 28, 2022 6:14 pm
by ssax
In addition to what
@pbroste posted (
please do that as well), run this command as root or sudo and send me the resulting
/tmp/SNMPFILES.tar.gz file:
Code: Select all
GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?
Code: Select all
mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Mon Jan 31, 2022 6:15 am
by agpol07
pbroste wrote:Hello
@agpol07
Thanks for reaching out, want to dig into this a bit more by executing the following snmptrap with the oid:
Code: Select all
snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
Want to take a look at the snmptt logs:
Code: Select all
tar -czvf /tmp/smptrapdlogs.tar.gz /var/log/snmptt/*.log
Would like to take a look at your Nagios XI System Profile so we can see what is going on.
To send us your system profile.
- Login to the Nagios XI GUI using a web browser.
- Click the "Admin" > "System Profile" Menu
- Click the "Download Profile" button
- Save the profile.zip file and send via Private Message
Thanks,
Perry
The profile.zip that is downloaded is empty.
I sent you the system info from the same page with PM.
i didn't manage to run this command:
snmptrap -v 2c -c yourrocommonitytoken localhost '' <oid> i 123456
can you write it again, if i have as community:test123 and the oid is this:.1.3.6.1.4.1.9.9.41.2.0.1
In this command i have these results.
nagios-xi:/ # tar -czvf ./tmp/smptrapdlogs.tar.gz ./var/log/snmptt/*.log
./var/log/snmptt/snmptt.log
./var/log/snmptt/snmpttsystem.log
./var/log/snmptt/snmpttunknown.log
You have mail in /var/spool/mail/root
nagios-xi:/ #
ssax wrote:In addition to what
@pbroste posted (
please do that as well), run this command as root or sudo and send me the resulting
/tmp/SNMPFILES.tar.gz file:
Code: Select all
GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?
Code: Select all
mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
I've sent it to you through a PM
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Mon Jan 31, 2022 3:45 pm
by pbroste
Hello
@agpol07
Thanks for sending over the info, want to have you get the System Profile by using the command line script that we provide:
Code: Select all
rm -rf /usr/local/nagiosxi/var/components/profile.zip
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT
Then send the resulting /usr/local/nagiosxi/var/components/profile.zip file via Private Message.
Also, send the results on the following; please verify that you are running as 'root' super-user account as well.
/tmp/SNMPFILES.tar.gz file:
Code: Select all
GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?
Code: Select all
mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Thanks,
Perry
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Tue Feb 01, 2022 2:28 am
by agpol07
pbroste wrote:Hello
@agpol07
Thanks for sending over the info, want to have you get the System Profile by using the command line script that we provide:
Code: Select all
rm -rf /usr/local/nagiosxi/var/components/profile.zip
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT
Then send the resulting /usr/local/nagiosxi/var/components/profile.zip file via Private Message.
Also, send the results on the following; please verify that you are running as 'root' super-user account as well.
/tmp/SNMPFILES.tar.gz file:
Code: Select all
GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
What is the output of this command?
Code: Select all
mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
Thanks,
Perry
Code: Select all
nagios-xi:~ # GZIP=-9 tar czvf /tmp/SNMPFILES.tar.gz /etc/snmp /usr/share/snmp/mibs
tar: Removing leading `/' from member names
/etc/snmp/
/etc/snmp/snmpd.conf
tar: Removing leading `/' from hard link targets
/etc/snmp/snmptt_nxti.bak
/etc/snmp/snmptt.ini
gzip: warning: GZIP environment variable is deprecated; use an alias or script
/etc/snmp/nagios-check-storage
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
/etc/snmp/snmptrapd.conf
/etc/snmp/snmptt.ini.bak
/usr/share/snmp/mibs/
/usr/share/snmp/mibs/HCNUM-TC.txt
/usr/share/snmp/mibs/CISCO-CLASS-BASED-QOS-MIB.my
/usr/share/snmp/mibs/IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-VACM-MIB.txt
/usr/share/snmp/mibs/CISCO-CEF-MIB.my
/usr/share/snmp/mibs/UCD-SNMP-MIB.txt
/usr/share/snmp/mibs/NAGIOS-NOTIFY-MIB.txt
/usr/share/snmp/mibs/SNMPv2-TM.txt
/usr/share/snmp/mibs/SNMP-TLS-TM-MIB.txt
/usr/share/snmp/mibs/MTA-MIB.txt
/usr/share/snmp/mibs/DISMAN-SCRIPT-MIB.txt
/usr/share/snmp/mibs/CISCO-CIRCUIT-INTERFACE-MIB.my
/usr/share/snmp/mibs/SMUX-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-AGENT-MIB.txt
/usr/share/snmp/mibs/LM-SENSORS-MIB.txt
/usr/share/snmp/mibs/IPV6-TC.txt
/usr/share/snmp/mibs/NET-SNMP-MIB.txt
/usr/share/snmp/mibs/CISCO-AUTH-FRAMEWORK-MIB-V1SMI.my
/usr/share/snmp/mibs/IPV6-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXTEND-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
/usr/share/snmp/mibs/SNMP-PROXY-MIB.txt
/usr/share/snmp/mibs/CISCO-ERR-DISABLE-MIB-V1SMI.my
/usr/share/snmp/mibs/IF-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-STORM-CONTROL-MIB-V1SMI.my
/usr/share/snmp/mibs/SCTP-MIB.txt
/usr/share/snmp/mibs/SNMP-COMMUNITY-MIB.txt
/usr/share/snmp/mibs/SNMPv2-MIB.txt
/usr/share/snmp/mibs/CISCO-MAC-NOTIFICATION-MIB.my
/usr/share/snmp/mibs/IPV6-FLOW-LABEL-MIB.txt
/usr/share/snmp/mibs/CISCO-ACCESS-ENVMON-MIB.my
/usr/share/snmp/mibs/TCP-MIB.txt
/usr/share/snmp/mibs/SNMP-NOTIFICATION-MIB.txt
/usr/share/snmp/mibs/UDP-MIB.txt
/usr/share/snmp/mibs/UCD-DEMO-MIB.txt
/usr/share/snmp/mibs/CISCO-AUTH-FRAMEWORK-MIB.my
/usr/share/snmp/mibs/CISCO-CONFIG-COPY-MIB.my
/usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt
/usr/share/snmp/mibs/CISCO-ENTITY-SENSOR-MIB-V1SMI.my
/usr/share/snmp/mibs/IANAifType-MIB.txt
/usr/share/snmp/mibs/CISCO-BRIDGE-EXT-MIB.my
/usr/share/snmp/mibs/BRIDGE-MIB.my
/usr/share/snmp/mibs/CISCO-ENTITY-FRU-CONTROL-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-ENVMON-MIB-V1SMI.my
/usr/share/snmp/mibs/RFC-1215.txt
/usr/share/snmp/mibs/CISCO-EMBEDDED-EVENT-MGR-MIB.my
/usr/share/snmp/mibs/BRIDGE-MIB.txt
/usr/share/snmp/mibs/TUNNEL-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMP-USER-BASED-SM-MIB.txt
/usr/share/snmp/mibs/CISCO-CONFIG-COPY-MIB-V1SMI.txt
/usr/share/snmp/mibs/RMON-MIB.txt
/usr/share/snmp/mibs/UCD-DISKIO-MIB.txt
/usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt
/usr/share/snmp/mibs/TRANSPORT-ADDRESS-MIB.txt
/usr/share/snmp/mibs/CISCO-BRIDGE-EXT-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMPv2-CONF.txt
/usr/share/snmp/mibs/CISCO-CLUSTER-MIB.my
/usr/share/snmp/mibs/IPV6-TCP-MIB.txt
/usr/share/snmp/mibs/RFC1155-SMI.txt
/usr/share/snmp/mibs/SNMP-MPD-MIB.txt
/usr/share/snmp/mibs/DISMAN-EVENT-MIB.txt
/usr/share/snmp/mibs/SNMP-TSM-MIB.txt
/usr/share/snmp/mibs/CISCO-CLUSTER-MIB-V1SMI.my
/usr/share/snmp/mibs/IF-INVERTED-STACK-MIB.txt
/usr/share/snmp/mibs/CISCO-BULK-FILE-MIB.my
/usr/share/snmp/mibs/IPV6-ICMP-MIB.txt
/usr/share/snmp/mibs/SNMP-TARGET-MIB.txt
/usr/share/snmp/mibs/IANA-LANGUAGE-MIB.txt
/usr/share/snmp/mibs/CISCO-STP-EXTENSIONS-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-MAC-AUTH-BYPASS-MIB.my
/usr/share/snmp/mibs/IP-FORWARD-MIB.txt
/usr/share/snmp/mibs/nagios-root.mib
/usr/share/snmp/mibs/RFC1213-MIB.txt
/usr/share/snmp/mibs/nagios-notify.mib
/usr/share/snmp/mibs/CISCO-FLASH-MIB-V1SMI.my
/usr/share/snmp/mibs/DISMAN-SCHEDULE-MIB.txt
/usr/share/snmp/mibs/UCD-DLMOD-MIB.txt
/usr/share/snmp/mibs/IP-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-DH-OBJECTS-MIB.txt
/usr/share/snmp/mibs/NETWORK-SERVICES-MIB.txt
/usr/share/snmp/mibs/CISCO-FLASH-MIB.my
/usr/share/snmp/mibs/AGENTX-MIB.txt
/usr/share/snmp/mibs/CISCO-CDP-MIB.my
/usr/share/snmp/mibs/IANA-RTPROTO-MIB.txt
/usr/share/snmp/mibs/NOTIFICATION-LOG-MIB.txt
/usr/share/snmp/mibs/SNMP-USM-AES-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-SECURITY-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-ENTITY-FRU-CONTROL-MIB.my
/usr/share/snmp/mibs/NET-SNMP-TC.txt
/usr/share/snmp/mibs/CISCO-PRIVATE-VLAN-MIB-V1SMI.my
/usr/share/snmp/mibs/SNMP-USM-HMAC-SHA2-MIB.txt
/usr/share/snmp/mibs/CISCO-EIGRP-MIB.mib
/usr/share/snmp/mibs/INET-ADDRESS-MIB.txt
/usr/share/snmp/mibs/CISCO-MAC-NOTIFICATION-MIB-V1SMI.my
/usr/share/snmp/mibs/CISCO-MAC-AUTH-BYPASS-MIB-V1SMI.my
/usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
/usr/share/snmp/mibs/NET-SNMP-EXAMPLES-MIB.txt
/usr/share/snmp/mibs/CISCO-DATA-COLLECTION-MIB.my
/usr/share/snmp/mibs/SNMPv2-TC.txt
/usr/share/snmp/mibs/CISCO-DHCP-SNOOPING-MIB.my
/usr/share/snmp/mibs/SNMP-FRAMEWORK-MIB.txt
/usr/share/snmp/mibs/IPV6-UDP-MIB.txt
/usr/share/snmp/mibs/NAGIOS-ROOT-MIB.txt
/usr/share/snmp/mibs/CISCO-PORT-QOS-MIB-V1SMI.my
/usr/share/snmp/mibs/NET-SNMP-PASS-MIB.txt
/usr/share/snmp/mibs/CISCO-IF-EXTENSION-MIB.my
/usr/share/snmp/mibs/CISCO-ENTITY-VENDORTYPE-OID-MIB-V1SMI.my
/usr/share/snmp/mibs/EtherLike-MIB.txt
/usr/share/snmp/mibs/CISCO-CAR-MIB.my
/usr/share/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
/usr/share/snmp/mibs/SNMPv2-SMI.txt
/usr/share/snmp/mibs/CISCO-ACCESS-ENVMON-MIB-V1SMI.my
/usr/share/snmp/mibs/BRIDGE-MIB-V1SMI.my
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ #
nagios-xi:~ # mysql -unagiosxi -pn@gweb nagiosxi -e "SELECT * FROM xi_cmp_trapdata WHERE trapdata_event_name = 'SyslogMSG' \G";
mysql: [Warning] Using a password on the command line interface can be insecure.
*************************** 1. row ***************************
trapdata_id: 46
trapdata_updated: 2022-02-01 11:16:31
trapdata_enabled: 1
trapdata_event_name: SyslogMSG
trapdata_event_oid: .1.3.6.1.4.1.9.9.41.2.0.1
trapdata_category: Network_devices
trapdata_severity: Warning
trapdata_exec: YTowOnt9
trapdata_desc: Link-Up-Down
trapdata_custom_format:
trapdata_raw_data:
trapdata_wizard_integration_enabled: 1
trapdata_wizard_integration_data: YTo0OntzOjQ6Imhvc3QiO3M6MzoiJGFSIjtzOjc6InNlcnZpY2UiO3M6MTA6IlNOTVAgVHJhcHMiO3M6ODoic2V2ZXJpdHkiO3M6NzoiV0FSTklORyI7czo2OiJvdXRwdXQiO3M6NDM6IlNOTVAgVHJhcCBSZWNlaXZlZCBhdCAkQCB3aXRoIHZhcmlhYmxlcyAkKyoiO30=
trapdata_parent_mib_name:
Code: Select all
Tue Feb 1 14:11:29 2022: Unknown trap (.1.3.6.1.4.1.9.9.41.2.0.1) received from 10.XXX.XXX.XXX at:
Value 0: 10.XXX.XXX.XXX
Value 1: 10.XXX.XXX.XXX
Value 2: 242:18:55:43.07
Value 3: .1.3.6.1.4.1.9.9.41.2.0.1
Value 4: 10.XXX.XXX.XXX
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.9.9.41.1.2.3.1.2.9098=LINK
Ent Value 1: .1.3.6.1.4.1.9.9.41.1.2.3.1.3.9098=4
Ent Value 2: .1.3.6.1.4.1.9.9.41.1.2.3.1.4.9098=UPDOWN
Ent Value 3: .1.3.6.1.4.1.9.9.41.1.2.3.1.5.9098=Interface GigabitEthernet1/0/46, changed state to down
Ent Value 4: .1.3.6.1.4.1.9.9.41.1.2.3.1.6.9098=242:18:55:43.06
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Tue Feb 01, 2022 2:12 pm
by pbroste
Hello
@agpol07
Thanks for send over the info, the <oid> --> 1.3.6.1.4.1.9.9.41.2.0.1 references:
CISCO-SYSLOG-MIB:
clogMessageGenerated 1.3.6.1.4.1.9.9.41.2.0.1
Which states this in the mib notes: "When a syslog message is generated by the device a clogMessageGenerated notification is sent. The sending of these notifications can be enabled/disabled via the clogNotificationsEnabled object".
We don't see the associated mib listed, please download, unzip the attachment and place into the '/usr/share/snmp/mibs/' directory.
Let us know how things look,
Perry
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Tue Feb 01, 2022 2:35 pm
by ssax
Please edit this file:
Change this (at the bottom):
Code: Select all
[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
END
To this:
Code: Select all
[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
END
Then restart snmptt:
Now it should show up.
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Wed Feb 02, 2022 4:00 am
by agpol07
ssax wrote:Please edit this file:
Change this (at the bottom):
Code: Select all
[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
END
To this:
Code: Select all
[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.nxti
END
Then restart snmptt:
Now it should show up.
Thanks a lot, it worked..
Re: Traps display only at "Unknown Traps Log Contents"
Posted: Wed Feb 02, 2022 8:38 pm
by ssax
That's great to hear! Let us know when we're okay to lock this up and mark it as resolved.
Thank you!