Need help capturing SNMP traps

[niebais]

Ok,
I installed the SNMP traps wizard and started using it. However, I'm having problems capturing some of the traps for some odd reason. I have two network switches that are sending traps and those seem to work fine. However, Nagios seems to fail to catch the traps from any other host.

Here's what I've done so far:

I'll refer to my servers as clientA and serverA.

On the clientA I run this command:
snmptrap -v 1 -c xxxxxxxxxxx serverA TRAP-TEST-MIB::demotraps clientA 6 17 '' SNMPv2-MIB::sysLocation.0 s "Nate was just here"

On serverA I run tcpdump -i eth0 | grep -i snmp and I see this when I run the command above:
09:05:11.799816 IP clientA.58101 > serverA.snmptrap: C=xxxxxxxxxxxxxxxxx Trap(64) E:2021.13.990 10.33.34.61 enterpriseSpecific s=17 370420830[|snmp]

However, with the service I configured, all I keep seeing is:
WAITING FOR TRAP...

Now, the confusing part is that two of my other hosts (which are switches) capture traps just fine and seem to work.

Thanks. This part is really confusing why it doesn't seem to work.

[mmestnik]

This sounds like snmptt has not been configured to handle these 'OID's. This is going to be the biggest pain for any one wanting to do traps, is getting the correct MIB files loaded into snmptt. For each and every OID you need to speciffy what state this trap indecates, is it a good trap or a trap indecating a problem.

This didn't come up during testing and I just hope that it's not an issue for any one. Though currently the system is limited to sorting OIDs as good/bad, if you have an OID that contains a value that indecates good or bad then you'll need to copy and adjust the python/handler script or write your own.

[niebais]

The problem I'm having is that most of the SNMP alerts aren't being caught so I tried to create one myself. I ran the addmib command on that particular mib thinking it would catch it. Any hints on what I need to modify inside the .py code to get this particular trap working?

Update: After looking at the script, I think I can edit it no problem.

[mmestnik]

Unfortunately it's most likely that the script is not being run. Installing the MIB(s) is not a substitute to setting up the correct OIDs in the snmptt file, it's a shortcut for doing that. If the shortcut fails then you likely have the wrong MIB, as in the OID you are looking for is not in that MIB.

Never the less you need to add an entry for each OID you wish to receive alerts for. Unknown OIDs are discarded, no solution.

[niebais]

That makes sense. I wish there were some kind of "catch all" for SNMP traps. I'll keep working on this.

[niebais]

Where can I find documentation on how to add the OID?

[niebais]

Hmm, I started to try and edit the snmptt.conf file and noticed that this particular mib already exists:
EVENT demo-trap .1.3.6.1.4.1.2021.13.990.0.17 "Status Events" Normal
FORMAT This is just a demo $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "This is just a demo $*"
SDESC
This is just a demo
Variables:
1: sysLocation
EDESC


It appears that the oid is added already. At least I have a spot to look into that might be causing me the problem. Thanks again.

[mmestnik]

You have to hand edit the file, copy another one and edit it to taste. It's about 30(if memory serves, maybe it's only 7 or 15) lines but only 4 or 5 would need to be updated. Compare the examples to see what needs changing, there shouldn't be anything that's not obvious.

Let us know how it goes, we understand this will be an issue of contention, but we have no way to test this in a lab.

[mmestnik]

The snmptt logs can also be helpful. I had an issue where snmptrapd was getting the trap but then not forwarding it on to snmptt, I don't remember what I did to fix it I didn't document it so it must have been something I did wrong.

It could be that snmptrapd isn't getting the network packets or rejecting the authentication.

[niebais]

Here's what I see in my snmptt logs when I send the trap:

Wed Jul 21 16:33:55 2010 .1.3.6.1.4.1.2021.13.990.0.17 Normal "Status Events" clientA - This is just a demo nate was here.