Hi HannuThanks a lot for the information you provided.I still have some issues in the services.cfg filei have pasted it below, i get this error in cgiStatus information:CRITICAL: Passive Service check is missing!If i set the check_period none nagios does not start.Please advicedefine service{ name generic-service active_checks_enabled 0 passive_checks_enabled 1
parallelize_check 1 obsess_over_service 1 check_freshness 0 notifications_enabled 1 event_handler_enabled 1 flap_detection_enabled
1 failure_prediction_enabled 1 process_perf_data 1 retain_status_information 1 retain_nonstatus_information 1 register 0 retry_check_interval
1 } define service{
register 0 name passive-check-template use generic-service check_freshness 1 check_period
none passive_checks_enabled 1 max_check_attempts 1 check_command passive_check_missing notification_interval 120 notification_period 24x7 notification_options w,c,r freshness_threshold
600} define service { use passive-check-template host_name node contact_groups
admins service_description snmp_trap_handling_ok register 1 normal_check_interval 2 retry_check_interval 2 check_period 24x7}RegardsVinod MoraesHannu Liljemark [EMAIL PROTECTED] wrote: On Wed, May 31, 2006 at 12:39:47AM -0700, Vinod wrote: I tried to configure nagios to listen to snmp traps from a host. i have been referring to documents http://www.samag.com/documents/s=9559/sam0503g/ http://www.snmptt.org/docs/snmptt.shtml#Integration-with-other-softwareI've been using http://www.samag.com/documents/s=9559/sam0503g/ withgood success. Secondly
http://www.samag.com/documents/s=9559/sam0503g/ speicifes usepassive-check-template but its not mentioned how to define the passive-check-templateYou can define passive_check_missing in checkcommands.cfg,although it wont be used in this case:define command{command_namepassive_check_missingcommand_line$USER1$/passive_check_missing.sh}Here's what passive_check_missing.sh looks like:#!/bin/sh/bin/echo "CRITICAL: Passive Service check is missing!"exit 2In services.cfg we define the template that will be used by thesnmp_trap_handling_* service checks:define service{register0namepassive-check-templateuse generic-servicecheck_freshness 1check_periodnone
passive_checks_enabled 1max_check_attempts 1check_command passive_check_missingfreshness_threshold 600}I've been converting mibs with:snmpttconvertmib --net_snmp_perl --format_desc=6 --in=FOO.mib \--out=/etc/snmp/snmptt-FOO.confas that seems to produce EVENTs with descriptions making moresense than the default convert shown in the article. You may wantto look though them anyway or replace 6 with smaller number.Check 'snmpttconvermib --help' for more info.I've also made a small change to the snmptraphandling.py. TrendMicro's MIBs use the severity NORMAL when snmptraphandling.pyonly matches Normal (case sensitive). So I've added a sectionto also match NORMAL.My sec.conf looks
like:type=Singleptype=RegExppattern=(\w+\s+\d+\s\d+:\d+:\d+)\s[\w\.\-]+\ssnmptt\[\d+\]:\s\([\d\.]*)\s(Normal|NORMAL|INFORMATIONAL|MINOR|WARNING|SEVERE|\MAJOR|CRITICAL)\s\"Status Events\"\s([\w\.\-]*)\s\-\s(.*)desc=snmptrap received from $3action="" /opt/nagios/libexec/eventhandlers/snmptraphandling.py\ $4 $3 "$5"When converting MIBs, you also may want to check themthrough to see what kind of severities are defined for various traps.So far there seems to a lot of Normal severity traps even for trapsthat alert you about hardware failures etc. The article says "Oneof the beauties of this solution is that we can use the event severityset by the mib designer. Nagios will always report the event statusbased on this information." and I think this is somewhat problematicwith a lot of MIBs. Many traps seem to define the severity somewhereelse.Lets take examples from SUN-PLATFORM-MIB. Some Sun
server mightsend alarm traps and these have Normal severity so snmptt + sec + Nagioswould map them to OK. However they might be something worse: componenthas blown up or system is reaching temperatures where metal startsto melt... so I guess this setup has some drawbacks.EVENT sunPlatEquipmentAlarm .1.3.6.1.4.1.42.2.70.101.2.0.5\ "Status Events" NormalEVENT sunPlatEnvironmentalAlarm .1.3.6.1.4.1.42.2.70.101.2.0.4\ "Status Events" NormalYou get the severity as a variable: 7: sunPlatNotificationPerceivedSeverity Syntax="INTEGER" 1: indeterminate 2: critical 3: major 4: minor 5: warning 6: cleared Descr="The perceived severity of the alarm, as specified by the agent that generated it in accordance with X.733, sec. 8.1.2.3."I'd be in