Ad Widget

**sles** · 29-05-2012, 08:28

Hello!

Have the same problem with 2.0.
Could you tell me did you solve problem?

Thank you!

**ufocek** · 01-06-2012, 20:04

I want to configure snmptrap in 2.0 but it doesn't work. If I use snmptt or perl script which is add to zabbix.
zabbix and snmptt doesn't create a file zabbix_trap.tmp.
If I send a snmptrap test (snmptrap -v 1 -c public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.3' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.3 s “teststring000”) I see only information in /var/log/syslog file.
Somebody have a working snmptrap under zabbix 2.0 ?

**angelhc** · 22-06-2012, 13:41

I have the same problem on 2.0.
Just configuring the snmptt.conf, snmptt.ini and snmptrapd.conf and I can see the traps on syslog.

On created folder /../spool/snmptt/ I see each time I execute
snmptrap -Ci -v 2c -c public 172.16.10.110 "" "NET-SNMP-MIB::netSnmpExperimental" NET-SNMP-MIB:netSnmpExperimental s "prueba26"

A temp file which is deleted after "processing" but can't see anything on the items values.

Any idea?
Thanks.

**ghillan** · 30-08-2012, 12:49

having exacly the same issue ( zabbix 2.0.1 ) :

25624:20120830:113740.995 unmatched trap received from [172.20.14.193]: 11:37:40 2012/08/30 .1.3.6.1.3.94.0.6 alert "Port event" <SWITCH DNS NAME> - 172.20.14.193

exept the part that i see no data even using"snmptrap.fallback" as key.

Has anybody had any success with SNMP traps?

**ghillan** · 31-08-2012, 11:19

Finally made it work!!

Originally posted by ghillan

having exacly the same issue ( zabbix 2.0.1 ) :

25624:20120830:113740.995 unmatched trap received from [172.20.14.193]: 11:37:40 2012/08/30 .1.3.6.1.3.94.0.6 alert "Port event" <SWITCH DNS NAME> - 172.20.14.193

exept the part that i see no data even using"snmptrap.fallback" as key.

Has anybody had any success with SNMP traps?

Finally i made it!!!!!!!!!!
the reason nobody could make it work its basically that the official guide its wrong.

I had to do several changes, so lets explain them, one by one, starting from the snmptt log file. If you follow the guide exactly you willl end having on the snmptt log lines like this:

Wed Aug 29 15:02:55 2012 .1.3.6.1.3.94.0.6 Normal "General event" <SWITCH DNS NAME> - ZBXTRAP 172.20.14.193 172.20.14.193

One thing to be aware its that zabbix use just the info after the "-" to match the host and get all info.
And what we have here? In my case just the switch ip repeated 2 times. No worder that regex doesn't work.....

Now one cosideration: if you added your Host ( a fabric switch in my case ) using the IP, then zabbix will be able to match the IP's and will be able to recognize at least that this trap cpme from this host, so the snmptrap.fallback works. In case you used the DNS name ( as i did) Zabbix will try to match an IP with a name, and will not be able to understand even from who this trap come and even the fallback wiont work.

I made several tests with snmptt telling him to use the dns name:

12:33:40 2012/08/30 .1.3.6.1.3.94.0.4 Normal "General event" san-eg17.ebi.ac.uk - ZBXTRAP "switchname.domain.ac.uk" 172.20.14.193

but still zabbix was not able to match them. Then i triied to reconfigure snmptt to remove the domain part and live just the hostname. The names matched ferfectly but again zabbix could not gues from who the trap came. So in order to make it work you have to confizure your host in zabbix using his IP. Its the only wasy i made it work!

Now solved this issue u can set a snmptrap.fallback and you will commect the data. but the regex wont work...
WHY? BECAUSE REGEX ITS PARSING ONLY WHAT HE FIND AFTER THE "-"

So, getting bach to my frst line:
Wed Aug 29 15:03:07 2012 .1.3.6.1.3.94.0.4 Normal "General event" san-eg17.ebi.ac.uk - ZBXTRAP 172.20.14.193 172.20.14.193

I have practically no info exept the IP wich are pointless because the Item its already matched to the host...... so the key its to add more "stuf"f to the string changing the snmptt.conf file.

From zabbix help we have this line:
FORMAT ZBXTRAP $aA $ar

But basically both $aA and $ar give just the same thing ( the IP), so i removed one and added other stuff

one example;
EVENT port_event .1.3.6.1.4.1.1588.2.1.1.1.0.3 "Port event" alert
FORMAT ZBXTRAP $ar "$N" swFCPortIndex: "$2", swFcPortOpStatus: "$1"

lets have a look at the Format line:
$ar = its already explained..
$N = Give the event game (port_event in my case ). If you add this the regex will work!
other stuff:

if you add $+* you will basically get all variables and vaues.. in other words, everything. In my case i wasnted to know the port that was changing status and the state of the port: ( variable $2 and $1 ) and the made a "user friendly" string for those

The result of the above string its that into zabbix item history i see:
17:11:26 2012/08/30 .1.3.6.1.4.1.1588.2.1.1.1.0.3 alert "Port event" san-eg17 - "port_event" swFCPortIndex: "10", swFcPortOpStatus: "1"

Of course you need to know the value of each trap to tune it so i would suggest you to put also a general trapp and configure a fallback, in order to get everithing and then in snmptt "tune" a specific event.

in my case:

EVENT general .* "General event" Normal
FORMAT ZBXTRAP $ar $N $+*

EVENT port_event .1.3.6.1.4.1.1588.2.1.1.1.0.3 "Port event" alert
FORMAT ZBXTRAP $ar "$N" swFCPortIndex: "$2", swFcPortOpStatus: "$1"

With first event that match all incoming traps and will write out everything. Using a fallback you will be able to see everything in zabbix. Once gathered those info , you can make a dedicated event on snmptt ( as i did) and the in zabbix use regex to match the event name ( $N )

For more details about snmptt and the FORMAT command: http://snmptt.sourceforge.net/docs/s...TT.CONF-FORMAT

Conclusion: Now im collecting all the traps im interested and putting others into a fallback item. What im still missing its how to crate a trigger ( in order to get mail a if something happens).

**Crypty** · 18-09-2012, 16:20

Hello,

can I have a question? Unfortunately, I'm not able to set it correctly and obviously, you could know it.

If I type this:

Code:

snmptrap -v 1 -c public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.3' '127.0.0.1' 6 33 '55' .1.3.6.1.6.3.1.1.5.3 s "teststring000"

It returns this in the snmptt.log file:

Code:

15:42:26 2012/09/18 .1.3.6.1.6.3.1.1.5.3.0.33 Normal "general" localhost - ZBXTRAP 127.0.0.1 127.0.0.1 general .1.3.6.1.6.3.1.1.5.3:teststring000

So it looks fine. But now I'm not able to pass it to the Zabbix server.

I have this configuration:
snmptrapd.conf

traphandle default /usr/sbin/snmptt
authCommunity execute public
authCommunity execute PUBLIC

snmptt.ini

mode=daemon (works fine for standalone also)
date_time_format = %H:%M:%S %Y/%m/%d
stdout_enabled=1

zabbix_server.conf

StartSNMPTrapper=1

Zabbix HOST:

Host name 127.0.0.1
Visible name general
Group Trappers
Agent interface 127.0.0.1 IP port 10050
SNMP interface 127.0.0.1 IP port 161

Zabbix ITEM:

Name general
Type Zabbix Trapper
Key general
Type Log (I tried text too)
Log time format hh:mm:ss yyyy/MM/dd

The next thing, I'm able to do is typing this:

Code:

zabbix_sender -z 127.0.0.1 -p 10051 -s 127.0.0.1 -k general -o "test value5"

Which causes the Item to be updated correctly.

What should I do to be able to pass the TRAP to the Zabbix Host/Item? What am I missing? I was able to configure it under 1.8.12 version using snmphandle.sh file, but NOW I would like to use SNMPTT - using version 2.0.2 Zabbix.

------

To the Trigger issue you posted previously... I configured it at 1.8.12 in that way:

({Equipment - SNMP trapper:snmptraps.str(SNMPv2-SMI::enterprises.x.y.z)}=1) & ({Equipment - SNMP trapper:snmptraps.nodata(300)}=0)

That causes to look in the last data if it consists of the string "SNMPv2-SMI::enterprises.x.y.z" and if positive and the Item was updated within last 5 minutes, it triggers. The Alarm disappear after these 5 minutes...

I'm using real digits instead of x.y.z, but I don't post them here only...

**zabbixx** · 24-09-2012, 15:08

I have the same Problem here, I can't get traps to zabbix Server.
I cann send traps and receive them with smptt

sorry it my first zabbix setup, and its realy hard to get it worked :-(
exaple:
snmptt.conf

Code:

EVENT general .* "General event" Normal
FORMAT ZBXTRAP $ar $N $+*

zabbix_server.conf

Code:

StartSNMPTrapper=1
SNMPTrapperFile=/var/log/snmptt/snmptt.log

sending trap:

Code:

 sudo snmptrap -v 1 -c public localhost '' '' 2 0  '125' .  s "eth0"  .  s "n.a." .1.3.4 s "n.a."

trap is logged as follow in /var/log/snmptt/snmptt.log

Code:

14:26:16 2012/09/24 .1.3.6.1.6.3.1.1.5.3 Normal "General event" zabbixBox.local - ZBXTRAP 14x.xx.xx.xx general .ccitt:eth0 .ccitt:n.a. org.4:n.a.

Zabbix Item #1 for Host 14x.xx.xx.xx

Code:

Host-Interface: 14x.xx.xx.xx:161
Key: snmptrap["general"]
Type of info: Log
Date form: hh:mm:ss yyyy/MM/dd

Zabbix Item #2 for Host 14x.xx.xx.xx

Code:

Host-Interface: 14x.xx.xx.xx:161
Key: snmptrap.fallback
Type of info: Log
Date form: hh:mm:ss yyyy/MM/dd

cann somb. answer my questions???
1) how can i find out if the zabbix trapper works or not ?

I set allready zabbix to debug lvl 4 and log events to a file
buth there i can't find somt. about traps ... why ???

2) how can i get this trap to the Event Monitor of Zabix Webui ???

@Crypty
did you set the "SNMPTrapperFile" in zabbix_server.conf ?

**Crypty** · 24-09-2012, 15:11

Originally posted by zabbixx

@Crypty
did you set the "SNMPTrapperFile" in zabbix_server.conf ?

Hi,

yes I did.

I'm still not able to receive SNMP traps through SNMPTT. I managed to get it work through PERL script for now. If you want, I can post here the PERL solution, absolutely without SNMPTT unfortunately...

**zabbixx** · 24-09-2012, 15:26

Originally posted by Crypty

Hi,

yes I did.

I'm still not able to receive SNMP traps through SNMPTT. I managed to get it work through PERL script for now. If you want, I can post here the PERL solution, absolutely without SNMPTT unfortunately...

Hi,
it would be very nice if you can post here the PERL solution, and how i can get it to work.

**sneha.bhat** · 25-09-2012, 09:52

I too am facing issues with Traps in Zabbix 2.0

The snmptt service is running as a daemon. The test trap gets successfully logged in /var/log/messages. It is always processed by the snmptt as i always see a temporary file in /var/spool/snmptt.

But the trap is not showing on the TGIM portal. We are stuck in this place since 1 month now and its getting very frustrating

If feel that we are missing something in the snmpttconf file. Any help will be hugely appreciated!!!

The test trap being sent is :
snmptrap -v 1 -c public 172.17.69.62 '.1.3.6.1.6.3.1.1.5.3' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.3 s teststring000

The entry in the snmpttconf file is:

EVENT Enterprise Specific Trap IF-MIB::linkDown "teststring000" Normal
FORMAT Trap agent IP Address: $aA Trap Community String: $C Host of the system running SNMPTT: $H

@crypty:
Request you to please post the perl script solution here!

**Crypty** · 25-09-2012, 10:31

Hi all,

Several steps you need to do:

1) create snmptrap.sh at your /home/zabbix/bin/ directory and make it executable (+x). The content is as follows:

Code:

#!/bin/bash
#
# Zabbix
# Copyright (C) 2000,2001,2002,2003 Alexei Vladishev
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,                                                                                               
# but WITHOUT ANY WARRANTY; without even the implied warranty of                                                                                                     
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                                                                                                    
# GNU General Public License for more details.                                                                                                                                                                                                                                 
#                                                                                                                                                                                                                                                                              
# You should have received a copy of the GNU General Public License                                                                                                                                                                                                            
# along with this program; if not, write to the Free Software                                                                                                                                                                                                                  
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.                                                                                                                                                                                                                    
#                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                               
# CONFIGURATION                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                               
ZABBIX_SERVER="localhost";                                                                                                                                                                                                                                                     
ZABBIX_PORT="10051";                                                                                                                                                                                                                                                           
                                                                                                                                                                                                                                                                               
ZABBIX_SENDER="/usr/bin/zabbix_sender";                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                                               
KEY="snmptraps";                                                                                                                                                                                                                                                               
HOST="snmptraps";                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                               
# END OF CONFIGURATION                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                               
# define several variables, the name is not so important                                                                                                                                                                                                                       
read host                                                                                                                                                                                                                                                                      
read ip
read uptime
read oid
read value

# LOGGING TRAP INFO
echo $host >> /tmp/trap_messages.log
echo $ip >> /tmp/trap_messages.log
echo $uptime >> /tmp/trap_messages.log
echo $oid >> /tmp/trap_messages.log
echo $value >> /tmp/trap_messages.log

# Source and destination IP address returned by the trap
sourceIp=`echo $host|cut -f2 -d '[' | cut -f1 -d ']'`
destinationIp=`echo $host|cut -f3 -d '[' | cut -f1 -d ']'`

# Trap OID, Item OID and Trap OID identifier
trapOid=`echo $oid|cut -f2 -d' '`
itemOid=`echo $value|cut -f1 -d' '`
specOid=`echo $trapOid|cut -f2- -d'.'`
value=`echo $value|cut -f2- -d' '`

# Time 
uptime=`echo $uptime|cut -f2 -d ' '`
days=`echo $uptime|cut -f1 -d ':'`
hours=`echo $uptime|cut -f2 -d ':'`
minutes=`echo $uptime|cut -f3 -d ':'`
seconds=`echo $uptime|cut -f4 -d ':'`

# MySQL - get the right HOST according to Zabbix configuration
export HOME=/root
ZABBIXHOST=$(echo "select host from zabbix.hosts where host=\"$sourceIp\" order by 'hostid' limit 1;" | mysql -N 2> /dev/null) 
[[ "$ZABBIXHOST" ]] && HOST=$ZABBIXHOST

# declare an array with the TRAP text descriptions - Ray, RipEX
declare -A oid2desc
oid2desc[1.2.3.4.5]="Something you want to have on Trap Output - test"

# Create a string with all needed information - can be easily edited
str="Source IP: $sourceIp, TRAP Description: ${oid2desc[$specOid]}, TRAP OID: $trapOid, ITEM OID: $itemOid, Uptime: $days days $hours h $minutes m $seconds s, Returned value: $value"

# Send the information to the Zabbix server
$ZABBIX_SENDER -z $ZABBIX_SERVER -p $ZABBIX_PORT -s "$HOST" -k "$KEY" -o "$str"

This script is a little bit edited - e.g. oid2desc has only 1 record (I have more of them), ... But it's purpose is to transform input TRAP data and send them to the Zabbix using zabbix_sender. Remember, you will probably use different "cut" commands, ...

The same has to be: KEY, HOST at the top of the script. Path to zabbix_sender (check yours, can differ), same with ZABBIX_SERVER, ZABBIX_PORT.

2)
Create a host/item for general traps.
Host: "snmptraps", IP address 0.0.0.0, port 10050.
Item: key "snmptraps" (same as in the script), type zabbix trapper, info "character"

3)
Edit /etc/snmp/snmptrapd.conf:

Code:

authCommunity execute public
authCommunity execute PUBLIC
traphandle default /bin/bash /home/zabbix/bin/snmptrap.sh

4)
You need to execute snmptrapd with -n to have numberd OIDs.

5)
Create an Item to each monitored host you want, with triggers:
- if not, traps should end in the general trapper host/item
- name "snmptraps", zabbix trapper, key snmptraps, info character
Triggers:
My expression - I have them in a template.

Code:

({my_template:snmptraps.str(test)}=1) & ({my_template:snmptraps.nodata(300)}=0)

Meaning - if you find a "test" string in the received trap and data were updated within last 5 minutes, trigger an alert. "test" string is in snmptrap.sh at oid2desc array inserted. You can use whatever string you want. The trap will disappear after 300 seconds from the dashboard, you can send emails for each trigger...

Hope it helped

**zabbixx** · 08-10-2012, 14:10

Hi Cryoty thx for the script solution.
it works, but you catch all the traps from all devices to one host "snmptraps".
so you can't build templates with traps.... if y trap is received (linkDown) you have to look up witch host is this (resolve the ip manualy)....
the trap is not automaticly linked to the host exists in zabbix...

Originally posted by Crypty

....
2)
Create a host/item for general traps.
Host: "snmptraps", IP address 0.0.0.0, port 10050.
Item: key "snmptraps" (same as in the script), type zabbix trapper, info "character"

cann somb. post a "howto receive a trap with snmptt" ?
reg.
zabbixx

Ad Widget

Zabbix snmp trap with snmptt

Zabbix snmp trap with snmptt

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment