Trapsnmp nagios

[ophicius]

well, i summury what i do :

"trapsnmp for Switch HP procurve"

yast -i snmp snmptt

/etc/snmp/snmptrapd.conf

Quote:

traphandle default /usr/sbin/snmptthandler
disableAuthorization yes
donotlogtraps yes

/etc/snmp/snmpd.conf

Quote:

com2sec local localhost test
com2sec local 10.34.44.0/24 test

group rogroup v1 local

view all included .1

access rogroup "" any noauth exact all none none

-----snmptt-----
cp /usr/src/snmptt_1.2/snmptt /usr/sbin/
chmod +x /usr/sbin/
cp /usr/src/snmptt_1.2/snmptthandler /usr/sbin/
chmod +x /usr/sbin/snmptthandler
cp /usr/src/snmptt_1.2/snmptt.ini /etc/snmp/

standlone mode
add this line to "snmptrapd.conf"
traphandle default /usr/sbin/snmptt

after

Quote:

sudo
cp /usr/share/doc/packages/net-snmp/rc.snmptrapd /etc/init.d/snmptrapd
sudo chmod 755 /etc/init.d/snmptrapd
sudo /sbin/chkconfig snmptrapd on

--snmptt.ini--

Quote:

#
# SNMPTT v1.2 Configuration File
#
# Linux / Unix
#

[General]
# Name of this system for $H variable. If blank, system name will be the computer's
# hostname via Sys::Hostname.
snmptt_system_name =

# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
# Ignored by Windows. See documentation
mode = standalone

# Set to 1 to allow multiple trap definitions to be executed for the same trap.
# Set to 0 to have it stop after the first match.
# This option should normally be set to 1. See the section 'SNMPTT.CONF Configuration
# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches. This takes
# into consideration the NODES list. Therefore, if there is a matching trap, but
# the NODES list prevents it from being considered a match, the wildcard entry will
# only be used if there are no other exact matches.
multiple_event = 1

# SNMPTRAPD passes the IP address of device sending the trap, and the IP address of the
# actual SNMP agent. These addresses could differ if the trap was sent on behalf of another
# device (relay, proxy etc).
# If DNS is enabled, the agent IP address is converted to a host name using a DNS lookup
# (which includes the local hosts file, depending on how the OS is configured). This name
# will be used for: NODES entry matches, hostname field in logged traps (file / database),
# and the $A variable. Host names on the NODES line will be resolved and the IP address
# will then be used for comparing.
# Set to 0 to disable DNS resolution
# Set to 1 to enable DNS resolution
dns_enable = 0

# Set to 0 to enable the use of FQDN (Fully Qualified Domain Names). If a host name is
# passed to SNMPTT that contains a domain name, it will not be altered in any way by
# SNMPTT. This also affects resolve_value_ip_addresses.
# Set to 1 to have SNMPTT strip the domain name from the host name passed to it. For
# example, server01.domain.com would be changed to server01
# Set to 2 to have SNMPTT strip the domain name from the host name passed to it
# based on the list of domains in strip_domain_list
strip_domain = 0

# List of domain names that should be stripped when strip_domain is set to 2.
# List can contain one or more domains. For example, if the FQDN of a host is
# server01.city.domain.com and the list contains domain.com, the 'host' will be
# set as server01.city.
strip_domain_list = <<END
domain.com
END

# Configures how IP addresses contained in the VALUE of the variable bindings are handled.
# This only applies to the values for $n, $+n, $-n, $vn, $+*, $-*.
# Set to 0 to disable resolving ip address to host names
# Set to 1 to enable resolving ip address to host names
# Note: net_snmp_perl_enable *must* be enabled. The strip_domain settings influence the
# format of the resolved host name. DNS must be enabled (dns_enable)
resolve_value_ip_addresses = 0

# Set to 1 to enable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# This is required for $v variable substitution to work, and also for some other options
# that are enabled in this .ini file.
# Set to 0 to disable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# Note: Enabling this with stand-alone mode can cause SNMPTT to run very slowly due to
# the loading of the MIBS at startup.
net_snmp_perl_enable = 1

[Logging]
# Set to 1 to enable messages to be sent to standard output, or 0 to disable.
# Would normally be disabled unless you are piping this program to another
stdout_enable = 0

# Set to 1 to enable text logging of *TRAPS*. Make sure you specify a log_file
# location
log_enable = 1

# Log file location. The COMPLETE path and filename. Ex: '/var/log/snmptt.log'
log_file = /var/log/snmptt.log

# Set to 1 to enable text logging of *SNMPTT system errors*. Make sure you
# specify a log_system_file location
log_system_enable = 1

# Log file location. The COMPLETE path and filename.
# Ex: '/var/log/snmpttsystem.log'
log_system_file = /var/log/snmpttsystem.log

# Set to 1 to enable logging of unknown traps. This should normally be left off
# as the file could grow large quickly. Used primarily for troubleshooting. If
# you have defined a trap in snmptt.conf, but it is not executing, enable this to
# see if it is being considered an unknown trap due to an incorrect entry or
# simply missing from the snmptt.conf file.
# Unknown traps can be logged either a text file, a SQL table or both.
# See SQL section to define a SQL table to log unknown traps to.
unknown_trap_log_enable = 1

# Unknown trap log file location. The COMPLETE path and filename.
# Ex: '/var/log/snmpttunknown.log'
# Leave blank to disable logging to text file if logging to SQL is enabled
# for unknown traps
unknown_trap_log_file = /var/log/snmpttunknown.log



[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf

END

after i compile hp mibs:

they say ( This means that for each "MIB" in the first column, the "DEPENDENT MIBs" listed in the second column must be compiled first before the "MIB" can be compiled.)

hpicfLinktest.mib (HP-ICF-LINKTEST)


rfc2578.mib (SNMPv2-SMI)
rfc2579.mib (SNMPv2-TC)
rfc2819.mib (RMON-MIB)
hpicfOid.mib (HP-ICF-OID)


cp rfc2578.mib rfc2579.mib rfc2819.mib hpicfOid.mib /usr/share/snmp/mibs/

ex:

Quote:

# snmpttconvertmib --in=/usr/share/snmp/mibs/rfc2819.mib --out=/etc/snmp/snmptt.conf.procurve --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1'
exec: /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1

i add in my snmptt.ini

Quote:

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file). The COMPLETE path
# and filename. Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt.conf.procurve
END

after :

i go to localhost.cfg for configure :

Quote:

define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name linux-fxqr
alias linux-fxqr
address 10.34.44.23
}




# SERVICE DEFINITIONS


define service{
name snmptrap-service
use generic-service
register 0
service_description TRAP
is_volatile 1
check_command check-host-alive
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
passive_checks_enabled 1
check_period none
notification_interval 31536000
contact_groups toutlemonde
}

after
# /etc/init.d/nagios restart
Running configuration check...done.
Stopping nagios: done.
Starting nagios: done.


# /etc/init.d/snmptrapd restart
Shutting down snmptrapd: done
Starting snmptrapd: done

# /etc/init.d/snmpd restart
Shutting down snmpd: done
Starting snmpd done

when i tested with:
snmpwalk -v 1 -c test localhost => ok
snmpwalk -v 1 -c test Myswitch => ok

but i don't have traps....
thks for your help

[ophicius]

hello,
it's ok

[ophicius]

hello

in my services i've "Service is not scheduled to be checked.."

thks for help

[malcolmlewis]

Quote:

Originally Posted by ophicius

hello,
it's ok

Hi
So your traps are being generated ok now, but it's just the nagios
configuration now?

Sorry I may be slow in replying as there are some family matters that
have needed my attention.....

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.23-0.1-default
up 3 days 1:32, 2 users, load average: 0.14, 0.09, 0.08
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14

[ophicius]

hello,

i don't know really if all running correctly, when i go to "services detail" on nagios , i see my service TRAP with " Service is not scheduled to be checked" ..

thanks for your help

if you want we can talk more quicly on msn or other

[malcolmlewis]

Quote:

Originally Posted by ophicius

hello,

i don't know really if all running correctly, when i go to "services
detail" on nagios , i see my service TRAP with " Service is not
scheduled to be checked" ..

thanks for your help

if you want we can talk more quicly on msn or other

Hi
You need to add your snmp trap command in here;
> -rw-rw-r-- 1 nagios nagios 7722 juin 15 15:27 commands.cfg

Then in the service change it to the name you called it in the file
above
> check_command check-host-alive

Can you also use wireshark of aother packet capture to see the snmp
trap is leaving the host and also on the machine that is running nagios
to see it arrive ok.

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.23-0.1-default
up 5 days 7:54, 2 users, load average: 0.86, 0.25, 0.08
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14

[ophicius]

hello , i've that in commands.cfg

Quote:

################################################## ##############################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################## ##############################


# This command checks to see if a host is "alive" by pinging it
# The check must result in a 100% packet loss or 5 second (5000ms) round trip
# average time to produce a critical error.
# Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)

# 'check-host-alive' command definition
define command{
command_name check-host-alive
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
}

[ophicius]

and i've this trapsnmp which arrive

Quote:

456) E:11268.2.7.4.1 101.50.41.91 enterpriseSpecific s=3 4289 [|snmp]
10:24:06.430636 IP 101.50.41.91.dls-monitor > 101.50.41.61.snmptrap: C=test Trap(456) E:11268.2.7.4.1 101.50.41.91 enterpriseSpecific s=3 4289 [|snmp]
10:24:06.431980 IP 101.50.41.91.dls-monitor > 101.50.41.61.snmptrap: C=test Trap(456) E:11268.2.7.4.1 101.50.41.91 enterpriseSpecific s=3 4290 [|snmp]

[malcolmlewis]

Quote:

Originally Posted by ophicius

hello , i've that in commands.cfg

> ################################################## ##############################
> #
> # SAMPLE HOST CHECK COMMANDS
> #
> ################################################## ##############################
>
>
> # This command checks to see if a host is "alive" by pinging it
> # The check must result in a 100% packet loss or 5 second (5000ms)
> round trip
> # average time to produce a critical error.
> # Note: Five ICMP echo packets are sent (determined by the '-p 5'
> argument)
>
> # 'check-host-alive' command definition
> define command{
> command_name check-host-alive
> command_line $USER1$/check_ping -H $HOSTADDRESS$ -w
> 3000.0,80% -c 5000.0,100% -p 5
> }
>
>

Hi
So this is where you need to add a new (define) command to send the
trap and then call that command from your service.

Have you looked at http://exchange.nagios.org/

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.23-0.1-default
up 9 days 22:43, 2 users, load average: 0.04, 0.06, 0.07
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14

[malcolmlewis]

Quote:

Originally Posted by Malcolm

Quote:

Hi
So this is where you need to add a new (define) command to send the
trap and then call that command from your service.

Have you looked at http://exchange.nagios.org/

Hi
You might also look at SEC - simple event correlator
http://kodu.neti.ee/~risto/sec/ I've used this in the past to monitor
logs for events and then send an appropriate event.

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.23-0.1-default
up 9 days 22:51, 2 users, load average: 0.14, 0.10, 0.08
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14