Page 1 of 2
Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 8:34 am
by BanditBBS
Code: Select all
Thu Mar 28 09:19:26 2013: Unknown trap (.1.3.6.1.4.1.111.15.2.0.1) received from svwddnagios01 at:
Value 0: svwddnagios01
Value 1: 10.200.48.252
Value 2: 0:0:00:00.01
Value 3: .1.3.6.1.4.1.111.15.2.0.1
Value 4: 10.200.32.51
Value 5: public
Value 6: .1.3.6.1.4.1.111.15.2
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.111.15.1.1.1.10.1=This is a test message from Oracle Enterprise Manager. Receiving this message indicates a successful configuration of your SNMP Console in Enterprise Manager.
The above trap is in my snmpttunknown.log file. I don't care about that, I'll figure out the MIB issue later.
My problem is, the value of Value 0 is the name of the nagios gearman worker that forwarded the trap to the primary NagiosXI server. I've done a bunch of searching the web, but can't seem to find much on forwarding traps. Anyone know if it is possible to make sure the original sender information stays in the trap and not the forwarding server?
Re: Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 12:45 pm
by scottwilkerson
What do you have in the snmptrapd on the gearman_worker machine?
Re: Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 12:49 pm
by BanditBBS
scottwilkerson wrote:What do you have in the snmptrapd on the gearman_worker machine?
I think I may have to use something like
http://code.google.com/p/samplicator/ to get the end result I need. Unless someone here gives me a hint on how to do it
Re: Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 12:51 pm
by BanditBBS
Oh, and I have to do it this way because there is a firewall between the group of machines/devices/worker and the main XI server.
Re: Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 1:58 pm
by BanditBBS
We are going to try that application I linked Friday morning unless I get another idea before then. I'll let you all know the outcome.
Re: Forwarded Traps have wrong sender
Posted: Thu Mar 28, 2013 2:18 pm
by abrist
I found this on the net-snmp user mailing list:
http://www.mail-archive.com/net-snmp-us ... 22567.html
> Is it possible for machine A to keep/retain the IP of the
> Cisco router when forwarding the traps to machine B? Did I
> miss anything?
You did not miss anything. As strange as it may seem, originating
addresses are not considered management information in SNMP. SNMPv3 has the
notion of engineID, which is both more accurate and more widely applicable than
source IP address, but for SNMPv1/v2c there is no simple solution. Could you
perhaps change the community of the traps to something like "routername-traps",
and associate thaty community with a source in your NM
So you may have to come up with a custom solution.
Re: Forwarded Traps have wrong sender
Posted: Fri Mar 29, 2013 11:06 am
by BanditBBS
So, I installed that application I linked and it worked, except it re-writes the IP header so the firewall is blocking it now.
However, I stopped that application and re-enabled snmptrapd. I also got the MIB installed for the translation. Amazingly, when it gets translated it must use the value in Value4 and it was translated properly to the correct host
So just using snmptrapd seems to work fine.....wow am I happy!
Re: Forwarded Traps have wrong sender
Posted: Fri Mar 29, 2013 11:09 am
by slansing
Excellent, it looks like both of your SNMP related issues got resolved on the same day, and a Friday at that!
Re: Forwarded Traps have wrong sender
Posted: Fri Mar 29, 2013 11:54 am
by BanditBBS
slansing wrote:Excellent, it looks like both of your SNMP related issues got resolved on the same day, and a Friday at that!
Sort of
Actually still having an issue with this. In the snmptt.log file I see this:
Code: Select all
Fri Mar 29 12:15:42 2013 .1.3.6.1.4.1.111.15.2.0.1 Normal "Status Events" svwddprdgrd01 - The variables included in the oraEM4Alert trap. This is a test message from Oracle Enterprise Manager. Receiving this message indicates a successful configuration of your SNMP Console in Enterprise Manager.
but in XI under unconfgured objects I see this:
Code: Select all
svwddnagios01 - 2013-03-29 12:15:51 DeleteConfigure
SNMP Traps 2013-03-29 12:15:51
So apparently, the snmptt.log file is showing the originating host for the trap, but the command is being written for Nagios using the forwarding host.
Re: Forwarded Traps have wrong sender
Posted: Fri Mar 29, 2013 12:47 pm
by BanditBBS
I fixed the issue. In the snmptt.conf file, I changed:
Code: Select all
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "The variables included in the oraEMNGAlert trap. $*"
to
Code: Select all
EXEC /usr/local/bin/snmptraphandling.py "$A" "SNMP Traps" "$s" "$@" "$-*" "The variables included in the oraEMNGAlert trap. $*"
This replaces the snmp trap sender hostname with the snmp trap agent(originator) host name. I'll just need to change that everywhere, but that shouldn't be an issue, as all my SNMP agents are objects with an IP. This would only cause issues for people if that was not true.