2013년 1월 14일 월요일

Nagios SNMP Trap: part 2 - Configuration


In my last post, I described how to install Nagios core, plugin and Snmptt. This time I'm going to focus on explanation of configuration.

This step is converting CISCO MIB file (it is omitted, In my opinion, it should have showed on my last).
# ConvertMib of CISCO MIB file
$ snmpttconvertmib --in=/usr/share/snmp/mibs/CISCO-UNIFIED-COMPUTING-MIB.my --out=/etc/snmp/snmptt.conf.cisco --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1' --net_snmp_perl
exec: /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1

*****  UCD-SNMP / NET-SNMP Perl module enabled *****
****  Processing MIB file *****

snmptranslate version: NET-SNMP version: 5.5
severity: Normal

File to load is:        /usr/share/snmp/mibs/CISCO-UNIFIED-COMPUTING-MIB.my
File to APPEND TO:      /etc/snmp/snmptt.conf.cisco

MIBS environment var:   /usr/share/snmp/mibs/CISCO-UNIFIED-COMPUTING-MIB.my
mib name: CISCO-UNIFIED-COMPUTING-MIB

*****  Using UCD-SNMP / NET-SNMP Perl module *****

Processing MIB:         CISCO-UNIFIED-COMPUTING-MIB
#
Split line TRAP-TYPE / NOTIFICATION-TYPE found (MODULE-IDENTITY,).
Line: 15
NOTIFICATION-TYPE: MODULE-IDENTITY
Enterprise: ciscoMgmt
Looking up via snmptranslate: CISCO-UNIFIED-COMPUTING-MIB::MODULE-IDENTITY
Unknown object identifier: CISCO-UNIFIED-COMPUTING-MIB::MODULE-IDENTITY
OID:
#
Line: 2216
NOTIFICATION-TYPE: cucsFaultActiveNotif
Variables: cucsFaultDescription cucsFaultAffectedObjectId cucsFaultAffectedObjectDn cucsFaultCreationTime cucsFaultLastModificationTime cucsFaultCode cucsFaultType cucsFaultProbableCause cucsFaultSeverity cucsFaultOccur
Enterprise: ciscoUnifiedComputingMIBNotifs
Looking up via snmptranslate: CISCO-UNIFIED-COMPUTING-MIB::cucsFaultActiveNotif
OID: .1.3.6.1.4.1.9.9.719.0.1
#
Line: 2235
NOTIFICATION-TYPE: cucsFaultClearNotif
Variables: cucsFaultDescription cucsFaultAffectedObjectId cucsFaultAffectedObjectDn cucsFaultCreationTime cucsFaultLastModificationTime cucsFaultCode cucsFaultType cucsFaultProbableCause cucsFaultSeverity cucsFaultOccur
Enterprise: ciscoUnifiedComputingMIBNotifs
Looking up via snmptranslate: CISCO-UNIFIED-COMPUTING-MIB::cucsFaultClearNotif
OID: .1.3.6.1.4.1.9.9.719.0.2

Done
Total translations:        3
Successful translations:   2
Failed translations:       1
/etc/snmp/snmptt.conf.cisco file is successfully created.

Next, it is configuration of Nagios.
# Create Nagios Service for SNMP TRAP
$ vi /usr/local/nagios/etc/objects/remote-host.cfg

# Define a host for the remote machine
define host {
        use     linux-server
        host_name       cisco-ucs
        alias           cisco ucs manager
        address         192.168.20.228
        }

# Define a service to "trap-service" the server
define service{
        use                        generic-service
        name                       trap-service
        register                   0
        service_description        TRAP
        is_volatile                1
        check_command              check_host_alive
        max_check_attempts         1
        normal_check_interval      1
        retry_check_interval       1
        notification_interval      31536000
        active_checks_enabled      0
        passive_checks_enabled     1
        }

# Define a service to check
define service{
        use                        trap-service
        host_name                  cisco-ucs
        }

$ service nagios restart
MySQL Server installation, I assume that I already installed MySQL. so I just created SMNPTT tables on nagios_db (Originally, nagios_db is used store ndo2db data and I simply add tables without creating DB). Table scripts are copied from here.
# Crate new user "snmptt"
grant all privileges on nagios_db.* to 'snmptt'@'localhost' identified by 'snmptt';
mysql> grant all privileges on nagios_db.* to 'snmptt'@'%' identified by 'snmptt';

# Add tables into the database
CREATE TABLE snmptt (
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
eventname VARCHAR(50),
eventid VARCHAR(50),
trapoid VARCHAR(100),
enterprise VARCHAR(100),
community VARCHAR(20),
hostname VARCHAR(100),
agentip  VARCHAR(16),
category VARCHAR(20),
severity VARCHAR(20),
uptime  VARCHAR(20),
traptime VARCHAR(30),
formatline VARCHAR(255));

CREATE TABLE snmptt_unknown (
trapoid VARCHAR(100),
enterprise VARCHAR(100),
community VARCHAR(20),
hostname VARCHAR(100),
agentip  VARCHAR(16),
uptime  VARCHAR(20),
traptime VARCHAR(30),
formatline VARCHAR(255));

CREATE TABLE snmptt_statistics (
stat_time VARCHAR(30),
total_received BIGINT,
total_translated BIGINT,
total_ignored BIGINT,
total_unknown BIGINT);

# Needs to install additional perl modules
# Download ftp://ftp.perl.org/pub/CPAN/authors/id/T/TI/TIMB/DBI-1.622.tar.gz and ftp://ftp.perl.org/pub/CPAN/authors/id/T/TI/TIMB/CHECKSUMS
# Copy to /root/.cpan/sources/authors/id/authors/id/T/TI/TIMB/
$ perl -MCPAN -e 'install DBI'

# Download ftp://ftp.perl.org/pub/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.022.tar.gz and ftp://ftp.perl.org/pub/CPAN/authors/id/C/CA/CAPTTOFU/CHECKSUMS
# Copy to  /root/.cpan/sources/authors/id/C/CA/CAPTTOFU/
$ perl -MCPAN -e 'install DBD::mysql'

$ vi /etc/snmp/snmptt.ini
mysql_dbi_enable=1
mysql_dbi_host=localhost
mysql_dbi_port=3306
mysql_dbi_database=nagios_db
mysql_dbi_table=snmptt
mysql_dbi_table_unknown=snmptt_unknown
mysql_dbi_username=snmptt
mysql_dbi_password=snmptt
Those are two important tables here, snmptt table only stores data coming from H/Ws which have already registered MIB translating (In the example, CISCO UCS is my registered H/W)
On the other hand, snmptt_unknown table stores other H/Ws which are not registered MIB files (If you have Oracle Tape Backup Library and you get event trap from this H/W, the data will be stored into snmptt_unknown.

$ service snmptt restart

$ mysql -u snmptt -p nagios_db;
mysql> select id, eventname, severity from snmptt;
id   |     eventname                 | severity
1    |     EventMonitorTrapInfo  | Normal
Finally, we are able to see an eventrap data in mysql.

Troubleshooting
Problem: If you have an error, while trap data in inserted into the table:
Error : mysql_error: 'Column 'next_notification' cannot be null'

Resolution : Change the schema of the column of the table.
mysql> alter table nagios_servicestatus modify column next_notification datetime default '0000-00-00 00:00:00';
mysql> desc nagios_servicestatus;
----------------------------------------------------
Field                  |    Type     | Null | Key | Default                      | Extra
----------------------------------------------------
.....
next_notification |   datetime | YES |       | 0000-00-00 00:00:00 | 
.....

References:
1. http://forum.centreon.com/archive/index.php/t-6766.html

댓글 3개:

  1. Hi,

    I'm struggling because I just can't recieve the traps, I'm on the handler mode.. but I don't know what is wrong on my system:
    1.- I generate snmp events ./simulate_events_tf.sh (on my monitored host)
    2. I do tail of /var/log/messages
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:04 gdl-storage snmptrapd[32621]: No access configuration - dropping trap.
    Sep 17 17:09:18 gdl-storage snmptt-sys[4869]: Total traps received=0,Total traps translated=0,Total traps ignored=0,Total unknown traps=0

    3. The content of /etc/snmp/snmptrap.conf
    # Example configuration file for snmptrapd
    #
    # No traps are handled by default, you must edit this file!
    #
    disableAuthorization yes
    #authcommunity log,execute,net public
    #traphandle default /usr/sbin/snmptt
    traphandle default /usr/sbin/snmptthandler
    # traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script col

    답글삭제
  2. after running the commnad:

    snmpttconvertmib --in=/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my --out=/etc/snmp/snmptt.conf.cisco --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1' --net_snmp_perl exec: /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1
    exec: /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1


    I'm getting the error below.


    ***** UCD-SNMP / NET-SNMP Perl module enabled *****



    ***** Processing MIB file *****

    snmptranslate version: NET-SNMP version: 5.7.2
    severity: Normal

    File to load is: /usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
    File to APPEND TO: /etc/snmp/snmptt.conf.cisco

    MIBS environment var: /usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
    mib name: CISCO-CONFIG-MAN-MIB
    MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs
    Cannot find module (CISCO-TC): At line 42 in /usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
    Cannot find module (CISCO-SMI): At line 44 in /usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
    Did not find 'Unsigned64' in module #-1 (/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my)
    Did not find 'ciscoMgmt' in module #-1 (/usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my)
    Unlinked OID in CISCO-CONFIG-MAN-MIB: ciscoConfigManMIB ::= { ciscoMgmt 43 }
    Undefined identifier: ciscoMgmt near line 47 of /usr/share/snmp/mibs/CISCO-CONFIG-MAN-MIB.my
    Cannot adopt OID in CISCO-CONFIG-MAN-MIB: ciscoConfigManMIBGroups ::= { ciscoConfigManMIBConformance 2 }
    Cannot adopt OID in CISCO-CONFIG-MAN-MIB: ciscoConfigManMIBCompliances ::= { ciscoConfigManMIBConformance 1 }
    Cannot adopt OID in CISCO-CONFIG-MAN-MIB: ciscoConfigManMIBComplianceRev4 ::= { ciscoConfigManMIBCompliances 4 }
    Cannot adopt OID in CISCO-CONFIG-MAN-MIB: ciscoConfigManMIBComplianceRev3 ::= { ciscoConfigManMIBCompliances 3 }

    답글삭제
  3. down CISCO-TC and CISCO-SMI into /usr/share/snmp/mibs using wget and the links from the following page ftp://ftp.cisco.com/pub/mibs/supportlists/ucs/ucs-manager-supportlist.html

    답글삭제