Ad Widget

Collapse

SNMPv3 fallback trap on Zabbix does not update - aurba switch 2930F

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • stanley783
    Junior Member
    • Nov 2020
    • 6
    #1

    SNMPv3 fallback trap on Zabbix does not update - aurba switch 2930F

    Hi,

    tried to configure SNMPv3 on zabbix for monitoring multiple devices. One of which is Aruba switch 2930F. Configuration followed:
    for user creation - https://community.arubanetworks.com/...snmp-version-3
    for snmpv3 configuration - https://techhub.hpe.com/eginfolib/Ar...A-0000000011F3

    snmptrapd.conf has created user with SHA and AES, nothing else, and authUser has log,execute rights.

    tcpdump on zabbix shows:
    Code:
    15:51:38.266481 IP 10.110.30.71.161 > 10.110.255.22.43968: F= U="" E=_00_00_00_0b_00_00_88_3a_30_31_d6_a0 C="" Report(31) .1.3.6.1.6.3.15.1.1.4.0=1
15:51:38.267638 IP 10.110.30.71.161 > 10.110.255.22.43968: F=ap U="zab-monitor3" [!scoped PDU]12_a3_03_81_fe_9d_3d_38_e7_d3_7d_47_90_a3_5c_2b_bf _a3_19_d2_3b_4e_0d_f8_91_b2_ba_c6_b3_f7_13_56_77_8 a_81_d0_3e_27_e5_09_65_d6_e4_b3_8d_54_0a_67_49_5d_ ad_f4_82_33_67_5b_46_f5_b9_8a_a4_3a_ea_15_d8_05_d5 _16_1f_a6_2b_e7_30_89_d6_1e_e1_42_58_c9_2b_a4_64_8 0_77_3d_6d_a1_99_3e_f2_90_8c_8c_ed_62_24_5f_24_09_ 64_7b_20_45_2d_f5_14_c0_0c_2d_6f_7c_c0_99_e3_51_32 _22_6b_0d_b5_82_fe_ea_a9_d0_db_8f_5f_bd_8a_69_87_6 1_d4_f7_64_4c_41_84_b0_14_90_43_15_87_95_1c_1d_5e_ fb_30_b7_e3_38_49_ed_9d_83_43_a5_ae_f3_2d_e2_58_6e _2d_ef_8e_34_56_ef_cd_22_1d_b2_48_02_01_8f_5d_34_f e_d0_87_79_1e_8a_a7_f7_50_43_6a_47_1f_1d_b8_74_c7_ 8b_29_f0_59_80_8a_b1_3c_2e_1e_41_d5_29_73_ee_92_f6 _5d_7c_12_c0_93_86_37_8b_d1_1a_e8_21_f6_75
15:51:38.345525 IP 10.110.30.71 > 10.110.255.22: ICMP echo reply, id 9929, seq 3, length 64
15:52:35.461156 IP 10.110.30.71 > 10.110.255.22: ICMP echo reply, id 10030, seq 0, length 64
15:52:35.482188 IP 10.110.30.71.161 > 10.110.255.22.43666: F= U="" E=_00_00_00_0b_00_00_88_3a_30_31_d6_a0 C="" Report(31) .1.3.6.1.6.3.15.1.1.4.0=2
15:52:35.483315 IP 10.110.30.71.161 > 10.110.255.22.43666: F=a U="zab-monitor3" E=_00_00_00_0b_00_00_88_3a_30_31_d6_a0 C="" Report(31) .1.3.6.1.6.3.15.1.1.2.0=1
15:52:35.484338 IP 10.110.30.71.161 > 10.110.255.22.43666: F=ap U="zab-monitor3" [!scoped PDU]7a_05_b5_eb_db_5c_4d_a6_e2_f9_a1_ac_26_16_b5_e1_04 _cf_85_fa_d4_e0_67_de_6a_97_3c_7d_45_32_bd_b7_0d_f 7_4e_24_2b_36_a0_ed_36_28_bf_5f_ad_eb_d0_bc_ef_a3_ 30_ff_2d_71_0c_98_56_26_ba_90_5c_a4_3d_31_35_37_aa _a7_f2_74_5f_12_72_fb_22_eb_c1_bc_2e_2f_20_51_51_5 8_aa_7e_eb_64_1b_ed_b3_52_ac_c3_05_29_cf_5b_16_ef_ 8c_54_a4_8d_b6_38_08_58_8a_39_b6_30_cd_2c_05_9d_4e _fb_9c_70_8a_8f_a6_02_fa_75_c4_f9_e6_86_fb_39_2d_a 3_4a_03_1a_53_f2_30_ea_7c_88_19_03_f9_03_e1_b6_b6_ 1a_8e_a7_e9_39_0e_bd_7d_76_ae_cd_66_ea_bd_a5_14_fe _5a_35_0c_a3_e4_b0_af_ce_ae_18_30_1c_b9_ed_0c_83_f d_47_dd_d6_a0_c8_07_b1_2e_cd_ad_a7_a5_66_be_c7_6d_ 9e_08_b5_58_1f_7a_d6_6c_c9_b2_72_54_40_e7_79_c0_02 _a4_36_35_00_c7_c6_af_20_12_18_84_4c_19_90
    But the trap fallback item is not updated (last data), any idea what might be the cause or how to troubleshoot? Thanks.

    Example of configuration on switch:
    Code:
    snmpv3 notify notifications tagvalue tags type trap
snmpv3 targetaddress zabbix params parameters 10.110.255.22 taglist tags
snmpv3 params parameters user zab-monitor3 sec-model ver3 message-processing ver3 priv
    Last edited by stanley783; 15-12-2020, 10:05.
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      First, the tcpdump output does not show sending traps from the device to Zabbix (on port 162).
      When you see trap traffic, check the logs of all components for errors (snmptrapd , zabbix-trap-file, zabbix_server. log)

        Comment

        • stanley783
          #2.1
          stanley783 commented
          15-12-2020, 13:00
          Editing a comment
          You were correct, those were not traps.
          Regarding checking the logs, for other switch related issue (that switch really is sending traps correctly but item trap fallback is not updated [item on other devices is updated correctly, just stating that i have working deployment]),

          Code:
          11:58:11.381461 IP 10.110.30.8.64775 > 10.110.255.22.162:  F=a U="zab-montest" E=_80_00_00_09_03_00_64_9e_f3_17_07_01 C="" V2Trap(238)  .1.3.6.1.2.1.1.3.0=911255695 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.9.9.41.2.0.1 .1.3.6.1.4.1.9.9.41.1.2.3.1.2.739585="LINK" .1.3.6.1.4.1.9.9.41.1.2.3.1.3.739585=4 .1.3.6.1.4.1.9.9.41.1.2.3.1.4.739585="UPDOWN" .1.3.6.1.4.1.9.9.41.1.2.3.1.5.739585="Interface GigabitEthernet2/0/19, changed state to down" .1.3.6.1.4.1.9.9.41.1.2.3.1.6.739585=911255694
          the zabbixtrap-file where traps are stored, is not showing this specific switch, zabbix_server.log does not mention it either, nor user used for that, and for snmptrapd logs - following guide (ubuntu 18) https://support.nagios.com/kb/article.php?id=88:

          Code:
          Execute the following command:

systemctl edit snmptrapd.service

Paste the following into the new file:

[Service]
ExecStart=
ExecStart=/usr/sbin/snmptrapd -Ln -f -Lf /var/log/snmptrapd.log

Now restart the SNMPTRAPD service:

systemctl daemon-reload
systemctl restart snmptrapd.service
          outputs very little and only from working traps/switches. Are those parameters incorrect? Thanks.
        • Hamardaban
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • May 2019
          • 2713
          #3
          Use Zabix documentation, not extraneous manuals.

          3 SNMP traps
          https://www.zabbix.com/documentation/5.0/manual/config/items/itemtypes/snmptrap


          and

          https://blog.zabbix.com/snmp-traps-in-zabbix/8210/

            Comment

            • stanley783
              #3.1
              stanley783 commented
              15-12-2020, 13:45
              Editing a comment
              Yes i used that to configure traps receiving, which is working correctly for all devices but one, and i was looking for debugging options how to fix that one problematic (same device type). Unfortunately for that purpose, those links are useless.

              And that "extraneous manuals" proposed some way for debugging.
              Last edited by stanley783; 15-12-2020, 13:52.
            • Hamardaban
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • May 2019
              • 2713
              #4
              Check what type of traps the problem device uses? Check the difference in the SNMP configuration between this device and other running ones. Check that the user settings are correct. Increase the debugging level of snmptrapd and try to find "traces" of incoming traps.

                Comment

                Previous template Next
                Working...