Show some LOVE, LIKE our page :)

Sunday, November 8, 2009

Nagios Receive SNMP Traps (with SNMPTT)

SNMPTT (SNMP Trap Translator) interacts with snmptrapd to receive traps and process them into Nagios by matching the IP of the trapping host to a host in Nagios and changing a passive check in Nagios to alert someone.
In the below guide:
[APC-UPS] –>send traps to–> [SNMPTRAPD –> SNMPTT –> NAGIOS]
clip_image001
Here’s a simple guide, adapted and made much more cut and dry (and a little more simpler) from the guide found here.
We use Nagios 3.20, SNMPTT 1.3beta2, Debian Lenny (5)
As usual, your feedback will mean a lot to us. Thanks!
Sanjay.
Download some pre-reqs
=======================

Main component is SNMP (and some snmp tools) so do this at the CLI
apt-get install snmp snmpd libsnmp-dev
SNMPTT setup starts
===================

1) apt-get install unzip

2) cd /usr/src
3) wget http://search.cpan.org/CPAN/authors/id/C/CH/CHORNY/Text-ParseWords-3.27.zip
4) unzip Text-ParseWords-3.27.zip
5) cd Text-ParseWords-3.27
6) perl Makefile.PL
7) make test
8) make install
9) perl -MCPAN -e shell
At the Perl CLI
install YAML
install Getopt::Long
install Config::IniFiles
install Time::HiRes
install Sys::Hostname
install Text::Balanced
install Sys::Syslog
install DBI
install DBD::mysql
install Crypt::DES
install Digest::MD5
install Digest::SHA1
install Digest::HMAC
install Net::SNMP

Download, install and configure snmptt (the magician)
=====================================================

10) cd /usr/src
11) wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.3beta2/snmptt_1.3beta2.tgz?use_mirror=nchc
12) tar -zxvf snmptt_1.3beta2.tgz
13) cd snmptt_1.3beta2
14) cp snmptthandler /usr/sbin
15) cp snmptt /usr/sbin
16) cp snmpttconvert /usr/sbin
17) cp snmpttconvertmib /usr/sbin
Configure snmptrapd to not log but send them to snmptt
======================================================
18) nano /etc/snmp/snmptrapd.conf

19) Enter the following lines in there
traphandle default /usr/sbin/snmptt
disableAuthorization yes
donotlogtraps yes

Configure and enable the snmptrapd as a service
===============================================
20a) nano /etc/default/snmpd and /etc/init.d/snmpd

TRAPDRUN=yes
TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'

20b) /etc/init.d/snmpd start
21) netstat -an | grep "162"
>> Should see output

22) cd usr/src/snmptt_1.3beta2
23) cp snmptt.ini /etc/snmp
24) nano /etc/snmp/snmptt.ini, look for and change the following settings
net_snmp_perl_enable = 1
dns_enable=1

25) cd /usr/src/nagios-plugins-1.4.13/
26) mkdir /usr/local/nagios/libexec/eventhandlers
27) cd /usr/local/nagios/libexec/eventhandlers
28) wget
29) chmod +x submit_check_result
TESTING - Create sample to test
===============================
30) cd /usr/share/snmp/mibs
31) wget

32) snmpttconvertmib --in=PowerNet-MIB.mib --out=/etc/snmp/snmptt.conf.apcpower --exec='/usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1'
Here, the line above, you can change TRAP to any name as long as it matches the Service name in Nagios and 1 is the alert type, 0=OK, 1=WARNING, 2=CRITICAL etc..
33) nano /etc/snmp/snmptt.ini
add the /etc/snmp/snmptt.conf.cpqpower in [TrapFiles], comment out snmptt.conf
Example: Here we added /etc/snmp/snmptt.conf.apcpower based on the snmpttconvertmib outputfile like above

[TrapFiles]
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf.apcpower
END

Enable log rotation
=======================
34) nano /etc/logrotate.conf
This is for log rotation. Add the following line at the end

/var/log/snmp/snmptt.log /var/log/snmp/snmpttunknown.log
{
missingok
}

35) mkdir /var/log/snmptt
36) touch /var/log/snmptt/snmptt.log
37) touch /var/log/snmptt/snmpttunknown.log
Configuring hosts file
=======================
Traps send IP not name, so we must configure /etc/hosts to add the name and ip of the device sending traps to us

38) nano /etc/hosts
Add the following as sample
192.168.1.11 sanjaypc
>> Important! This name will be the same as your hosts.cfg file in nagios that will receive the traps
Send a sample trap: - Load the same MIBs into a program like ireasoning and send a trap to your nagios IP
=======================================================

39) tail -f /var/log/snmptt/snmptt.log
Sun Nov 8 09:09:11 2009 .1.3.6.1.4.1.318.0.5 WARNING "Status Events" 192.168.157.1 - APC UPS: On battery: The UPS has switched to battery backup power.

40) tail -f /var/log/messages --- Output (after configuring Nagios settings below - or at least have a host/service defined that matches sanjaypc and TRAP)
Nov 8 09:09:20 server1 nagios: PASSIVE SERVICE CHECK: sanjaypc;TRAP;1;APC UPS: On battery: The UPS has switched to battery backup power.

Configuring Nagios- Sample definitions
=====================================

trap-service template
=====================================

define service{
name generic-service
register 0
check_period 24x7
max_check_attempts 3
normal_check_interval 15
retry_check_interval 5
active_checks_enabled 1
passive_checks_enabled 0
parallelize_check 1
obsess_over_service 0
check_freshness 0
event_handler_enabled 0
flap_detection_enabled 0
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
notification_interval 60
notification_period 24x7
notification_options w,u,c,r
notifications_enabled 1
}

define service{
name trap-service
use generic-service
register 0
service_description TRAP
is_volatile 1
check_command check-host-alive
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
passive_checks_enabled 1
check_period none
notification_interval 0
contact_groups admins
}

Create service to host - NOTE: Hostname must match to /etc/hosts definition we created earlier
==================================================

define service{
host_name sanjaypc
use trap-service
contact_groups admins
}

41) Restart nagios
42) Send a trap again and check Nagios website, it should turn yellow [WARNING] and a notificaiton sent out
Post a Comment