Hi Forum,
I usually do not try to ask in forums, since most of the time the answers here are very clear and help getting along with the configuration. I also bought the Zabbix book which turned out to be really helpful. But now I got stuck with this SNMP trapper thing. Maybe somebody can advise ?
I followed the instructions in the Manual (also in the book) to configure a simple SNMP trap.
My Configuration:
Zabbix Server 1.8.8 on Debian 6.0.3 - Squeeze
NET-SNMP Package v5.4.3
/etc/snmp/snmptrapd.conf:
/etc/zabbix/scripts/snmptrap.sh:
In Zabbix I configured an item for the host to be monitored with type 'zabbix trapper', key 'snmptraps' and type of information 'character'. Now, when I configure the Zabbix Server itself as the host to be monitored, configure the 'snmptraps' item for the zabbix server and drop the recommended test command on the shell, everything works fine. Still, this is just local traffic.
Example:
root@zabbix:/etc/zabbix/scripts# zabbix_sender -z zabbix -p 10051 -s zabbix -k snmptraps -o "blah blah blah"
This command gives me the desired output in the Zabbix Web Frontend. So far, so good.
However, if I configure another host across the network to send snmp traps to the zabbix server, respectively to the snmptrapd listening on the Zabbix server on Port 162, nothing happens. I already opened our firewall for UDP port 162, since I noticed that those packets were blocked before. What happens now is, that the SNMP packets arrive at the zabbix host and even at the zabbix server, but they won't be displayed in the web frontend.
The output of tcpdump while sending the trap from another host looks like this:
root@zabbix:/etc/zabbix/scripts# tcpdump -i eth0 port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:24:02.637632 IP HOST_WHO_SENDS_THE_TRAP.snmp > zabbix.snmp-trap: Trap(181) E:18928.1.1 192.168.0.XXX enterpriseSpecific s=679 1731451940 system.sysDescr.0="2025-8-14 14:22:32 : H/W Monitor : Test Event" system.sysContact.0="[email protected]" system.sysName.0="HOST_WHO_SENDS_THE_TRAP" system.sysLocation.0="S01"
This means, the packet actually arrives at the Zabbix Host, but then disappears in Nirvana. I switched the Zabbix Server log to Debug mode to see if I can actually see if the server ever received this trap, but I can't confirm if it really does. Here's the output of the log file when I send a test event from the host to be monitored. Looks like there's some query sent to the database, but I can't really figure out why the desired text doesn't show up in the Zabbix frontend.
24018:20111209:132741.526 query [txnlev:0] [select i.itemid,i.hostid,h.proxy_hostid,i.type,i.data_typ e,i.value_type,i.key_,i.snmp_community,i.snmp_oid, i.snmp_port,i.snmpv3_securityname,i.snmpv3_securit ylevel,i.snmpv3_authpassphrase,i.snmpv3_privpassph rase,i.ipmi_sensor,i.delay,i.delay_flex,i.trapper_ hosts,i.logtimefmt,i.params,i.status,i.authtype,i. username,i.password,i.publickey,i.privatekey from items i,hosts h where i.hostid=h.hostid and h.status in (0) and i.status in (0,3) and i.itemid between 000000000000000 and 099999999999999]
24018:20111209:132741.578 query [txnlev:0] [select hostid,proxy_hostid,host,useip,ip,dns,port,useipmi ,ipmi_ip,ipmi_port,ipmi_authtype,ipmi_privilege,ip mi_username,ipmi_password,maintenance_status,maint enance_type,maintenance_from,errors_from,available ,disable_until,snmp_errors_from,snmp_available,snm p_disable_until,ipmi_errors_from,ipmi_available,ip mi_disable_until,status from hosts where status in (0,5,6) and hostid between 000000000000000 and 099999999999999]
Is there anything I'm missing ?? Any help would be greatly appreciated.
Best regards,
Daniel
I usually do not try to ask in forums, since most of the time the answers here are very clear and help getting along with the configuration. I also bought the Zabbix book which turned out to be really helpful. But now I got stuck with this SNMP trapper thing. Maybe somebody can advise ?
I followed the instructions in the Manual (also in the book) to configure a simple SNMP trap.
My Configuration:
Zabbix Server 1.8.8 on Debian 6.0.3 - Squeeze
NET-SNMP Package v5.4.3
/etc/snmp/snmptrapd.conf:
Code:
authCommunity execute public authCommunity execute PUBLIC traphandle default /bin/bash /etc/zabbix/scripts/snmptrap.sh disableAuthorization yes
Code:
ZABBIX_SERVER="fqdn_of_zabbix_server"; ZABBIX_PORT="10051"; ZABBIX_SENDER="/opt/zabbix/bin/zabbix_sender"; KEY="snmptraps"; HOST="fqdn_of_host_to_be_monitored"; # END OF CONFIGURATION read hostname read ip read uptime read oid read address read community read enterprise oid=`echo $oid|cut -f2 -d' '` address=`echo $address|cut -f2 -d' '` community=`echo $community|cut -f2 -d' '` enterprise=`echo $enterprise|cut -f2 -d' '` oid=`echo $oid|cut -f11 -d'.'` community=`echo $community|cut -f2 -d'"'` str="$hostname $address $community $enterprise $oid" $ZABBIX_SENDER -z $ZABBIX_SERVER -p $ZABBIX_PORT -s "$HOST" -k "$KEY" -o "$str"
Example:
root@zabbix:/etc/zabbix/scripts# zabbix_sender -z zabbix -p 10051 -s zabbix -k snmptraps -o "blah blah blah"
This command gives me the desired output in the Zabbix Web Frontend. So far, so good.
However, if I configure another host across the network to send snmp traps to the zabbix server, respectively to the snmptrapd listening on the Zabbix server on Port 162, nothing happens. I already opened our firewall for UDP port 162, since I noticed that those packets were blocked before. What happens now is, that the SNMP packets arrive at the zabbix host and even at the zabbix server, but they won't be displayed in the web frontend.
The output of tcpdump while sending the trap from another host looks like this:
root@zabbix:/etc/zabbix/scripts# tcpdump -i eth0 port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:24:02.637632 IP HOST_WHO_SENDS_THE_TRAP.snmp > zabbix.snmp-trap: Trap(181) E:18928.1.1 192.168.0.XXX enterpriseSpecific s=679 1731451940 system.sysDescr.0="2025-8-14 14:22:32 : H/W Monitor : Test Event" system.sysContact.0="[email protected]" system.sysName.0="HOST_WHO_SENDS_THE_TRAP" system.sysLocation.0="S01"
This means, the packet actually arrives at the Zabbix Host, but then disappears in Nirvana. I switched the Zabbix Server log to Debug mode to see if I can actually see if the server ever received this trap, but I can't confirm if it really does. Here's the output of the log file when I send a test event from the host to be monitored. Looks like there's some query sent to the database, but I can't really figure out why the desired text doesn't show up in the Zabbix frontend.
24018:20111209:132741.526 query [txnlev:0] [select i.itemid,i.hostid,h.proxy_hostid,i.type,i.data_typ e,i.value_type,i.key_,i.snmp_community,i.snmp_oid, i.snmp_port,i.snmpv3_securityname,i.snmpv3_securit ylevel,i.snmpv3_authpassphrase,i.snmpv3_privpassph rase,i.ipmi_sensor,i.delay,i.delay_flex,i.trapper_ hosts,i.logtimefmt,i.params,i.status,i.authtype,i. username,i.password,i.publickey,i.privatekey from items i,hosts h where i.hostid=h.hostid and h.status in (0) and i.status in (0,3) and i.itemid between 000000000000000 and 099999999999999]
24018:20111209:132741.578 query [txnlev:0] [select hostid,proxy_hostid,host,useip,ip,dns,port,useipmi ,ipmi_ip,ipmi_port,ipmi_authtype,ipmi_privilege,ip mi_username,ipmi_password,maintenance_status,maint enance_type,maintenance_from,errors_from,available ,disable_until,snmp_errors_from,snmp_available,snm p_disable_until,ipmi_errors_from,ipmi_available,ip mi_disable_until,status from hosts where status in (0,5,6) and hostid between 000000000000000 and 099999999999999]
Is there anything I'm missing ?? Any help would be greatly appreciated.
Best regards,
Daniel
Comment