Ad Widget

Collapse

SNMP Traps. Problem with handling traps.

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • zzipper
    Junior Member
    • Aug 2012
    • 14
    #1

    SNMP Traps. Problem with handling traps.

    Hello

    Introduction.
    There is a server freebsd 9.0, it is set to zabbix-server-2.0.2 from source. Becoming and configure all the documentation.
    Code:
    FreeBSD noc-pc 9.0-STABLE FreeBSD 9.0-STABLE # 0: Wed May 30 09:37:04 SAMT 2012 lev @ noc-pc :/ usr / obj / usr / src / sys / GENERIC amd64
    zabbix_server.conf
    Code:
    SourceIP = 10. * 0. *
LogFile = /tmp/zabbix_server.log
DebugLevel = 3
DBHost =
DBName = ****
DBUser = ****
DBPassword = ****
StartPollers = 10
StartPollersUnreachable = 5
StartTrappers = 10
StartPingers = 10
StartDiscoverers = 10
SNMPTrapperFile = /tmp/zabbix_traps.tmp
StartSNMPTrapper = 1
Timeout = 30
FpingLocation = /usr/local/sbin/fping
    snmptrapd.conf
    Code:
    ignoreauthfailure no
disableAuthorization no
authCommunity log, execute, net public
traphandle default snmptt
outputOption n
    snmptt.ini
    Code:
    [General]
mode = standalone
net_snmp_perl_enable = 1
net_snmp_perl_best_guess = 1
translate_log_trap_oid = 0
translate_value_oids = 0
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
translate_integers = 1
date_time_format =%H:%M:%S %Y/%m/%d

[DaemonMode]
daemon_fork = 1
daemon_uid = snmptt
pid_file = /var/run/snmptt.pid
spool_directory = /var/spool/snmptt /
sleep = 5
use_trap_time = 1
keep_unlogged_traps = 1
duplicate_trap_window = 0

[Logging]
stdout_enable = 0
log_enable = 1
log_file = /tmp/zabbix_traps.tmp
log_system_enable = 1
log_system_file = /var/log/snmptt/snmpttsystem.log
unknown_trap_log_enable = 1
unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log
statistics_interval = 0

[Debugging]
DEBUGGING = 2
DEBUGGING_FILE = /var/log/snmptt/snmptt.debug
DEBUGGING_FILE_HANDLER = /var/log/snmptt/snmptthandler.debug

[TrapFiles]
snmptt_conf_files = << END
/Usr/local/etc/snmp/snmptt.conf.generic
/Usr/local/etc/snmp/snmptt.conf.des3200-10L2
/Usr/local/etc/snmp/snmptt.conf.des3200-18L2
/Usr/local/etc/snmp/snmptt.conf.des3200-26L2
/Usr/local/etc/snmp/snmptt.conf.des3200-28L2
END
    Format of traps shown to the right, according to the documentation.

    The essence of the problem.
    Traps from the devices come to snmptrapd, broadcast snmptt, formed in zabbix_traps.tmp
    Code:
    14:25:04 2012/08/28 .1.3.6.1.4.1.171.11.113.1.2.2.20.0.1 Normal "Status Events" 10.x.1.10 - ZBXTRAP 10.x.1.10 Port security violation. Port: 6 MAC: 00 1F E2 B4 23 FA
14:25:05 2012/08/28 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events" 10.x.11.5 - ZBXTRAP 10.x.11.5 Link up on interface 4. Admin state: up. Operational state: up
14:25:05 2012/08/28 .1.3.6.1.4.1.171.12.1.4.2.0.10 Normal "General event" 10.x.11.5 - ZBXTRAP 10.x.11.5 10.x.11.5
    And it seems even passed on to zabbix_server. At least in the log zabbix_server.log:
    Code:
    *19419:20120828:143104.777 unmatched trap received from [10.x.1.10]: 14:31:03 2012/08/28 .1.3.6.1.4.1.171.11.113.1.2.2.20.0.1 Normal "Status Events" 10. x.1.10 - Port security violation. Port: 6 MAC: 00 14 36 2A E5 A9
*19419:20120828:143104.777 unmatched trap received from [10.x.7.14]: 14:31:04 2012/08/28 .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" 10.x.7.14 - Link down on interface 17. Admin state: up. Operational state: down
*19419:20120828:143104.777 unmatched trap received from [10.x.7.14]: 14:31:04 2012/08/28 .1.3.6.1.4.1.171.12.1.4.2.0.10 Normal "General event" 10.x. 7.14 - 10.x.7.14
    But apparently, traps are unmatch. Debug anything criminal, in my opinion, does not report. Attaching a piece of log https://dl.dropbox.com/u/5196843/zabbix_debug.txt

    Move the right way, please. I missed something somewhere? Or misunderstood? How do I match traps? And in general, in principle, then process them in the Frontend?

    Sorry for google translate.
    Last edited by zzipper; 30-08-2012, 08:11.
    Tags: None
    • zzipper
      Junior Member
      • Aug 2012
      • 14
      #2
      sorry for bump

        Comment

        • ghillan
          Junior Member
          • Jan 2012
          • 20
          #3
          i had a lot of problems too to make it work. check my last post here:

          We’ll be back soon!
          http://www.zabbix.com/forum/showthread.php?t=25425


          to see what problem i encountered and how to solve it. The documentation with traps its WRONG so dont trust it at all.

          A first easy test its to modify your item and use the falbackkey instead the one with regex. If fallback get those alerts then the configuration its ok, its just the regex that dont match the word you are chasing. My post explain how to solve it.

          If it does not work it means thatzabbix dont even understand from what device the trap come. this happens because trap identify the device with an ip , but you used a dns name to add a host. this mismatch caused me that problem and even the fallback continue to be "empty". I solved editing the hosts and putting IP instead the DNS name ( you dont need to change the visible name).

          Sadly you cannot trust the documentation example , and you need to edit the snmptt.conf file according to your needs, but can be done, and tyou can make it work. Look it at a positive side.

          Good luck

            Comment

            Previous template Next
            Working...