Ad Widget

Collapse

SNMP traps

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • manosnms
    Member
    • Jun 2020
    • 52
    #1

    SNMP traps

    Hello,

    Currently using Zabbix 5.0.2 & Centos 7.8

    I followed the instructions at https://zabbix.org/wiki/Start_with_SNMP_traps_in_Zabbix

    and in the instructions the results at log file from the test trap from localhost is


    HTML Code:
     18:58:38 2014/02/26 ZBXTRAP 127.0.0.1
PDU INFO:
notificationtype TRAP
version 0
receivedfrom UDP: [127.0.0.1]:40780->[127.0.0.1]
errorstatus 0
messageid 0
community public
transactionid 7
errorindex 0
requestid 0
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (55) 0:00:00.55
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: IF-MIB::linkUp.0.33
IF-MIB::linkUp type=4 value=STRING: "eth0" SNMP-COMMUNITY
MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID: IF-MIB::linkUp

    but when I do it i get the below:

    HTML Code:
    16:25:38 2020/09/02 ZBXTRAP 127.0.0.1
PDU INFO:
notificationtype TRAP
version 0
receivedfrom UDP: [127.0.0.1]:56734->[127.0.0.1]:162
errorstatus 0
messageid 0
community public
transactionid 37
errorindex 0
requestid 0
VARBINDS:
.1.3.6.1.2.1.1.3.0 type=67 value=Timeticks: (55) 0:00:00.55
.1.3.6.1.6.3.1.1.4.1.0 type=6 value=OID: .1.3.6.1.6.3.1.1.5.4.0.33
.1.3.6.1.6.3.1.1.5.4 type=4 value=STRING: "eth0"
.1.3.6.1.6.3.18.1.4.0 type=4 value=STRING: "public"
.1.3.6.1.6.3.1.1.4.3.0 type=6 value=OID: .1.3.6.1.6.3.1.1.5.4


    a lot of information is missing. why is that?



    In case that my help when I do a status at snmptrapd I receive the below warnings


    HTML Code:
    [root@zabbix snmp]# systemctl restart snmptrapd
[root@zabbix snmp]# systemctl status snmptrapd
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-09-02 16:40:24 EEST; 7s ago
Main PID: 4340 (snmptrapd)
Tasks: 2
CGroup: /system.slice/snmptrapd.service
├─4340 /usr/sbin/snmptrapd -On -Lsd -f
└─4359 /usr/bin/perl /usr/sbin/snmptt

Sep 02 16:40:28 zabbix snmptrapd[4340]: perl callback function 0x55e4ae57e800 returns 1
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprFlowctrlFlowControlRx' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-FLOWCTRL-MIB.my)
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprFlowctrlFlowControlTx' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-FLOWCTRL-MIB.my)
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprFlowctrlFlowControlRx' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-SW-MIB.my)
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprFlowctrlFlowControlTx' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-SW-MIB.my)
Sep 02 16:40:31 zabbix snmptrapd[4340]: Too many imported symbols (CfprFabricSwChEpIfRole): At line 287 in /usr/share/snmp/mibs/CISCO-FIREPOWER-FABRIC-MIB.my
Sep 02 16:40:31 zabbix snmptrapd[4340]: Unlinked OID in CISCO-FIREPOWER-FABRIC-MIB: cfprFabricObjects ::= { ciscoFirepowerMIBObjects 26 }
Sep 02 16:40:31 zabbix snmptrapd[4340]: Undefined identifier: ciscoFirepowerMIBObjects near line 347 of /usr/share/snmp/mibs/CISCO-FIREPOWER-FABRIC-MIB.my
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprSmAppInstanceFsmTaskFlags' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-SM-MIB.my)
Sep 02 16:40:31 zabbix snmptrapd[4340]: Did not find 'CfprSmLdMode' in module CISCO-FIREPOWER-TC-MIB (/usr/share/snmp/mibs/CISCO-FIREPOWER-SM-MIB.my)
Hint: Some lines were ellipsized, use -l to show in full.
[root@zabbix snmp]#
[root@zabbix snmp]#
[root@zabbix snmp]#
[root@zabbix snmp]# systemctl status snmptrapd -l
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-09-02 16:40:24 EEST; 21s ago
Main PID: 4340 (snmptrapd)
Tasks: 1
CGroup: /system.slice/snmptrapd.service
└─4340 /usr/sbin/snmptrapd -On -Lsd -f

Sep 02 16:40:41 zabbix snmptrapd[4340]: Cannot find module (DIFFSERV-MIB): At line 38 in /usr/share/snmp/mibs/CISCO-IETF-ISIS-MIB
Sep 02 16:40:41 zabbix snmptrapd[4340]: Did not find 'IndexIntegerNextFree' in module #-1 (/usr/share/snmp/mibs/CISCO-IETF-ISIS-MIB)
Sep 02 16:40:41 zabbix snmptrapd[4340]: Cannot find module (MPLS-LSR-STD-MIB): At line 36 in /usr/share/snmp/mibs/MPLS-L3VPN-STD-MIB
Sep 02 16:40:41 zabbix snmptrapd[4340]: Did not find 'MplsIndexType' in module #-1 (/usr/share/snmp/mibs/MPLS-L3VPN-STD-MIB)
Sep 02 16:40:41 zabbix snmptrapd[4340]: Module not found (ISIS-MIB): At line 49 in /usr/share/snmp/mibs/ISIS-CAPABILTY-MIB
Sep 02 16:40:41 zabbix snmptrapd[4340]: Cannot find module (DIFFSERV-MIB): At line 32 in /usr/share/snmp/mibs/MPLS-TE-STD-MIB
Sep 02 16:40:41 zabbix snmptrapd[4340]: Did not find 'IndexIntegerNextFree' in module #-1 (/usr/share/snmp/mibs/MPLS-TE-STD-MIB)
Sep 02 16:40:41 zabbix snmptrapd[4340]: Agent IP address was blank, so setting to the same as the host IP address of 10.10.4.74
Sep 02 16:40:41 zabbix snmptrapd[4340]: Agent IP address (10.10.4.74) is the same as the host IP, so copying the host name: UNKNOWN
Sep 02 16:40:41 zabbix snmptrapd[4340]: perl callback function 0x55e4ae57e800 returns 1


    Thank you all
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      I hope you know the entire sequence of processing the incoming trap and the place of snmptt in it. This component converts (formats) what will be output to the file that is processed by zabbix. Read the documentation on using SNMPTT and configure the conversion to suit your needs.
      http://www.snmptt.org/docs/snmptt.sh...on-file-format

        Comment

        • manosnms
          Member
          • Jun 2020
          • 52
          #3
          I have to say that is quite confusing. Could you please tell me which file Zabbix is reading to present the traps at GUI?

          is it the /var/log/zabbix/snmptrap.log or the /var/log/snmptt/snmptt.log ?


          thank you
          Last edited by manosnms; 03-09-2020, 10:14.

            Comment

            • Hamardaban
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • May 2019
              • 2713
              #4
              Read this https://www.zabbix.com/documentation...types/snmptrap - "The workflow of receiving a trap"

                Comment

                • manosnms
                  Member
                  • Jun 2020
                  • 52
                  #5
                  where can I see what is specified in regexp?

                  Catches all SNMP traps that match the regular expression specified in regexp. If regexp is unspecified, catches any trap

                  Attached Files

                    Comment

                    • Hamardaban
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • May 2019
                      • 2713
                      #6
                      You specify this regex expression yourself. For example, an item with the snmptrap["\bXXX\b"] key will only catch traps that have XXX in the text.

                      may be this help? https://blog.zabbix.com/snmp-traps-in-zabbix/8210/
                      Last edited by Hamardaban; 03-09-2020, 13:12.

                        Comment

                        • isaqueprofeta
                          Senior Member
                          Zabbix Certified SpecialistZabbix Certified Professional
                          • Aug 2020
                          • 154
                          #7
                          a lot of information is missing. why is that?
                          Seems like some MIB's are missing in your system, try to install/copy at least the IETF/RCF basic ones.

                            Comment

                            • Hamardaban
                              Senior Member
                              Zabbix Certified SpecialistZabbix Certified Professional
                              • May 2019
                              • 2713
                              #8
                              The absence of MIB only affects the conversion of the oid to text and back, and messages in logs. If you use numeric oid values in snmp items, you can ignore the lack of mib. But of course it is better to configure the snmp subsystem correctly!

                                Comment

                                • manosnms
                                  Member
                                  • Jun 2020
                                  • 52
                                  #9
                                  maybe this is the root cause?

                                  I get the below message


                                  HTML Code:
                                  [root@zabbix snmp]# systemctl status snmptrapd
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-09-07 17:02:20 EEST; 3min 36s ago
Main PID: 3292 (snmptrapd)
Tasks: 1
CGroup: /system.slice/snmptrapd.service
└─3292 /usr/sbin/snmptrapd -On -Lsd -f

Sep 07 17:05:39 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:40 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:41 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:41 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:42 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:50 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:50 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:50 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:50 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1
Sep 07 17:05:52 zabbix snmptrapd[3292]: perl callback function 0x5600ae8203b0 returns 1

                                    Comment

                                    • Hamardaban
                                      Senior Member
                                      Zabbix Certified SpecialistZabbix Certified Professional
                                      • May 2019
                                      • 2713
                                      #10
                                      How have you configured snmptrapd? Does it send data to snmptt or to the pl script? Show the contents of snmptrapd. conf (remove all comments!)

                                        Comment

                                        • manosnms
                                          Member
                                          • Jun 2020
                                          • 52
                                          #11
                                          HTML Code:
                                          authCommunity execute public
authCommunity execute internal
perl do "/usr/bin/zabbix_trap_receiver.pl";

                                          and I i tried also with

                                          traphandle default snmptt

                                            Comment

                                            • manosnms
                                              Member
                                              • Jun 2020
                                              • 52
                                              #12
                                              and whatever oid I put at snmp.conf


                                              i get the below

                                              HTML Code:
                                              [root@zabbix snmp]# systemctl restart snmptrapd
[root@zabbix snmp]# systemctl status snmptrapd
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-09-07 17:40:50 EEST; 2s ago
Main PID: 9049 (snmptrapd)
Tasks: 1
CGroup: /system.slice/snmptrapd.service
└─9049 /usr/sbin/snmptrapd -On -Lsd -f

Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORUpTime ::= { sysOREntry 4 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORDescr ::= { sysOREntry 3 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORID ::= { sysOREntry 2 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORIndex ::= { sysOREntry 1 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpTrapEnterprise ::= { snmpTrap 3 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpTrapOID ::= { snmpTrap 1 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpMIBConformance ::= { snmpMIB 2 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpMIBObjects ::= { snmpMIB 1 }
Sep 07 17:40:50 zabbix snmptrapd[9049]: NET-SNMP version 5.7.2
Sep 07 17:40:50 zabbix snmptrapd[9049]: perl callback function 0x56536097a340 returns 1[root@zabbix snmp]# systemctl restart snmptrapd
[root@zabbix snmp]# systemctl status snmptrapd
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmptrapd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-09-07 17:40:50 EEST; 2s ago
Main PID: 9049 (snmptrapd)
Tasks: 1
CGroup: /system.slice/snmptrapd.service
└─9049 /usr/sbin/snmptrapd -On -Lsd -f

Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORUpTime ::= { sysOREntry 4 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORDescr ::= { sysOREntry 3 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORID ::= { sysOREntry 2 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: sysORIndex ::= { sysOREntry 1 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpTrapEnterprise ::= { snmpTrap 3 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpTrapOID ::= { snmpTrap 1 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpMIBConformance ::= { snmpMIB 2 }
Sep 07 17:40:49 zabbix snmptrapd[9049]: Cannot adopt OID in SNMPv2-MIB: snmpMIBObjects ::= { snmpMIB 1 }
Sep 07 17:40:50 zabbix snmptrapd[9049]: NET-SNMP version 5.7.2
Sep 07 17:40:50 zabbix snmptrapd[9049]: perl callback function 0x56536097a340 returns 1

                                                Comment

                                                • Hamardaban
                                                  Senior Member
                                                  Zabbix Certified SpecialistZabbix Certified Professional
                                                  • May 2019
                                                  • 2713
                                                  #13
                                                  Unfortunately, I didn't work with the PL script use case. I prefer the option with snmptt .
                                                  I have snmptrapd.conf made like this " traphandle default /usr/local/sbin/snmptthandler --ini=/usr/local/etc/snmp/snmptt.ini "


                                                    Comment

                                                    • manosnms
                                                      Member
                                                      • Jun 2020
                                                      • 52
                                                      #14
                                                      so in my case -> " traphandle default /usr/sbin/snmptthandler --ini=/snmp/snmptt.ini"

                                                      do i still need the "authCommunity execute public" ?

                                                        Comment

                                                        • Hamardaban
                                                          Senior Member
                                                          Zabbix Certified SpecialistZabbix Certified Professional
                                                          • May 2019
                                                          • 2713
                                                          #15
                                                          Yes you need.

                                                          example of snmptrapd.conf
                                                          Code:
                                                          pidFile /var/run/snmptrapd.pid
doNotLogTraps yes
authCommunity log,execute YOU_COMMUNITY
traphandle default /usr/local/sbin/snmptthandler --ini=/usr/local/etc/snmp/snmptt.ini
[snmp] logOption s 7
[snmp] logOption f /var/log/snmptrapd.log
#0 or ! for LOG_EMERG,
#1 or a for LOG_ALERT, default
#2 or c for LOG_CRIT,
#3 or e for LOG_ERR,
#4 or w for LOG_WARNING,
#5 or n for LOG_NOTICE,
#6 or i for LOG_INFO, and
#7 or d for LOG_DEBUG.

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...