(Re: prTable problem: solved), procfix problem this time

[Jose Dragone]

Hi Firstly, I want to thank you for all your help. Without the information you send me , I couldn't have solve my problem with detecting the traps authomatically. I have added a few lines to /usr/local/share/snmp/snmpd.conf and simply it did work: ################################# agentSecName tiopepe rouser tiopepe ## tiopepe is actually my nickname monitor -u tiopepe -o sysUpTime.0 -o hrSWRunName "high process memory" hrSWRunPerfMem > 30000 defaultMonitors yes # monitoring these processes proc mountd 4 0 proc ntalkd 4 proc sendmail 10 1 proc  httpd 12 1 #procfix NAME PROG ARGS  : these two scripts below do not run and I don't know why? procfix sendmail /root/Snmp-Scripts/procfix-sendmail.sh start procfix httpd /root/Snmp-Scripts/procfix-httpd.sh start ################################# This is part of my snmptrapd init file: ############################################# OPTIONS="-On -Lf /var/log/snmptrapd.log -F \"BEGIN GMT %#02.2h:%#02.2j Trap Type : %w TrapSubtype: %q Enterprise : %N TrapDesc : %W SecurityInfo: %P ++TrapVarsList: %v ++ SysUpTime : %Y Ye %M Mo %L Da %H h %J min %K sec -from %B  %b END\n\" -p /var/run/snmptrapd.pid -Le -OE -e" ############################################## The logs have the following info: ================================================================== /tmp/traps.data (this file is written by my trap-processing-script) : BEGIN GMT 13:32 Trap Type : 6 TrapSubtype: .1 Enterprise : .1.3.6.1.2.1.88.2 TrapDesc : Enterprise Specific SecurityInfo: TRAP, SNMP v1, community public ++TrapVarsList: .1.3.6.1.2.1.88.2.1.1 = STRING: process table .1.3.6.1.2.1.88.2.1.2 = STRING:         .1.3.6.1.2.1.88.2.1.3 = STRING:         .1.3.6.1.2.1.88.2.1.4 = OID: .1.3.6.1.4.1.2021.2.1.100.3        .1.3.6.1.2.1.88.2.1.5 = INTEGER: 1      .1.3.6.1.4.1.2021.2.1.2.3 = STRING: sendmail    .1.3.6.1.4.1.2021.2.1.101.3 = STRING: Too few sendmail running (# = 0) ++ SysUpTime : 2004 Ye 3 Mo 24 Da 8 h 33 min 32 sec -from localhost.localdomain UDP: [127.0.0.1]:32808 END BEGIN GMT 13:32 Trap Type : 0 TrapSubtype: 0 Enterprise : . TrapDesc : Cold Start SecurityInfo: TRAP2, SNMP v2c, community public ++TrapVarsList: .1.3.6.1.2.1.1.3.0 = Timeticks: (8280307) 23:00:03.07 .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.2.1.88.2.0.1     .1.3.6.1.2.1.88.2.1.1 = STRING: process table   .1.3.6.1.2.1.88.2.1.2 = STRING:         .1.3.6.1.2.1.88.2.1.3 = STRING:         .1.3.6.1.2.1.88.2.1.4 = OID: .1.3.6.1.4.1.2021.2.1.100.3        .1.3.6.1.2.1.88.2.1.5 = INTEGER: 1      .1.3.6.1.4.1.2021.2.1.2.3 = STRING: sendmail    .1.3.6.1.4.1.2021.2.1.101.3 = STRING: Too few sendmail running (# = 0) ++ SysUpTime : 2004 Ye 3 Mo 24 Da 8 h 33 min 32 sec -from localhost.localdomain UDP: [127.0.0.1]:32809 END /var/log/snmptrapd.log: opr011  TRAP-3  WARNING localhost.localdomain = , UDP: = [127.0.0.1]:32808, .1.3.6.1.2.1.1.3.0 = 0:23:00:03.07, .1.3.6.1.6.3.1.1.4.1.0 = .1.3.6.1.2.1.88.2.0.1, .1.3.6.1.2.1.88.2.1.1 = process table, .1.3.6.1.2.1.88.2.1.2 = , .1.3.6.1.2.1.88.2.1.3 = , .1.3.6.1.2.1.88.2.1.4 = .1.3.6.1.4.1.2021.2.1.100.3, .1.3.6.1.2.1.88.2.1.5 = 1, .1.3.6.1.4.1.2021.2.1.2.3 = sendmail, .1.3.6.1.4.1.2021.2.1.101.3 = Too few sendmail running (# = 0), .1.3.6.1.6.3.18.1.3.0 = 192.168.100.11, .1.3.6.1.6.3.18.1.4.0 = "public" opr011  TRAP-3  WARNING localhost.localdomain = , UDP: = [127.0.0.1]:32809, .1.3.6.1.2.1.1.3.0 = 0:23:00:03.07, .1.3.6.1.6.3.1.1.4.1.0 = .1.3.6.1.2.1.88.2.0.1, .1.3.6.1.2.1.88.2.1.1 = process table, .1.3.6.1.2.1.88.2.1.2 = , .1.3.6.1.2.1.88.2.1.3 = , .1.3.6.1.2.1.88.2.1.4 = .1.3.6.1.4.1.2021.2.1.100.3, .1.3.6.1.2.1.88.2.1.5 = 1, .1.3.6.1.4.1.2021.2.1.2.3 = sendmail, .1.3.6.1.4.1.2021.2.1.101.3 = Too few sendmail running (# = 0) opr011  TRAP-3  WARNING opr011.pictage.com.ar = , UDP: = [192.168.100.11]:32810, .1.3.6.1.2.1.1.3.0 = 0:23:00:03.07, .1.3.6.1.6.3.1.1.4.1.0 = .1.3.6.1.2.1.88.2.0.1, .1.3.6.1.2.1.88.2.1.1 = process table, .1.3.6.1.2.1.88.2.1.2 = , .1.3.6.1.2.1.88.2.1.3 = , .1.3.6.1.2.1.88.2.1.4 = .1.3.6.1.4.1.2021.2.1.100.3, .1.3.6.1.2.1.88.2.1.5 = 1, .1.3.6.1.4.1.2021.2.1.2.3 = sendmail, .1.3.6.1.4.1.2021.2.1.101.3 = Too few sendmail running (# = 0) /var/log/messages: Jan  9 10:24:24 opr011 snmptrapd: snmptrapd shutdown succeeded Jan  9 10:24:24 opr011 snmptrapd: Warning: no access control information configured.  <---NOTE1 Jan  9 10:24:24 opr011 snmptrapd:   It's unlikely this agent can serve any useful purpose in this state. <--- NOTE1 ############### NOTE1: What does it mean this line?. I'm sure I wrote several lines in the snmpd.conf about this In fact , I worte these lines: syslocation "Juramento 2017 4A, Buenos Aires, Argentina. TEL +54 11 4788 9977" syscontact  Jose Dragone <[EMAIL PROTECTED]> rwuser  tenroses rouser  rotenroses rouser  tenroses rocommunity  tenroses rwcommunity  rwtenroses # Now , it follows the rest of the /var/log/messages log file: ############### Jan  9 10:24:24 opr011 snmptrapd:   Run "snmpconf -g basic_setup" to help you configure the snmptrapd.conf file for this agent. Jan  9 10:24:24 opr011 snmptrapd: snmptrapd startup succeeded Jan  9 10:24:44 opr011 sendmail: sendmail shutdown succeeded Jan  9 10:24:44 opr011 sendmail: sm-client shutdown succeeded Jan  9 10:29:36 opr011 snmpd[28044]: Received SNMP packet(s) from UDP: [127.0.0.1]:32894 Jan  9 10:32:53 opr011 snmpd[28044]: Received SNMP packet(s) from callback: 1 on fd 4 Jan  9 10:32:53 opr011 snmpd[28044]: snmpd: send_trap: Timeout  <--- I'm worried about this line , what does it mean? ################################################## So whenever I stop the sendmail process , net-snmp is detecting it and writing to the logs. The part I going to dissable is this because is writing each trap three times to the logs: trapsink  opr011 trap2sink opr011 informsink  opr011 (I think I'm going to disable the first and the third line, and see what happens with the logs) ================================================================= procfix-sendmail.sh : #!/bin/sh if [ $# -gt 1 -o $# = 0 ] then     echo ""     echo "   quantity of parameters incorrect : $# "     echo "   USE : Script_Name action"     echo ""     exit 1 fi if [ "$1" != "" ] then         service sendmail $1 #       exit 1 fi # This script should receive as "ARG : start "from procfix and so should repair the problem with sendmail ================================================================== Sorry for having to add the logs in here. And again, thank you Dave for your help. Now I'm glad I could manage to send the traps to Nagios using the nsca pluggin. Regards          Jose Dragone          IT Engineer ====================================================================== Dave Shield wrote: On Wed, 2005-01-05 at 22:33, Jose Dragone wrote: I have a problem: According to the following list # snmpwalk -v2c -c mycomunity localhost UCD-SNMP-MIB::prTable UCD-SNMP-MIB::prNames.1 = STRING: mountd UCD-SNMP-MIB::prCount.1 = INTEGER: 0 UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: 1 UCD-SNMP-MIB::prErrMessage.1 = STRING: No mountd process running. The process name "mountd" should have been detected which it was (see 'prErrorFlag.1') and an snmptrap should have been received by the agent. No. The prTable does not automatically generate a trap in this situation. From the FAQ: What traps are sent by the agent? -------------------------------- [The agent] does not generate traps by default when one of the monitored characteristics (disk usage, running processes, etc) enters or leaves an error state. This can be configured using the 'defaultMonitors' config directive (also documented under DISMAN-EVENT-MIB). P.S. : Would it be possible to create a line in the snmpd.conf in order to process this trap in a better way for any process ? As for instance: traphandle UCD-SNMP-MIB::prTable /root/Snmp-Scripts/traps-v2.sh errorProcess or traphandle UCD-SNMP-MIB:: prErrorFlag /root/Snmp-Scripts/traps-v2.sh prErrorFlagDetected No - "traphandle" is not a valid directive in the snmpd.conf file, and is nothing to do with generating traps at all. This is used in the snmptrapd.conf file, and is concerned with how to process *received* traps and informs. Dave