hi,
i'm trying to get snmptt working but i have no success. The trap
receiver snmptrapd is running and he receives traps:
Nagios 3rc3
NagTrap Version 0.1.2:
MySQL 5.x
ps ax | grep snmp
6493 ?? Ss 0:00.69 snmptrapd -Lf /var/log/snmptt.debug -On -C -c
/usr/local/share/snmp/snmpd.conf
my snmpd.conf looks like:
#
disableAuthorization yes
traphandle default /usr/local/sbin/snmptt ini=/usr/local/etc/snmptt.ini
#
and now the snmptt.ini
#
[General]
snmptt_system_name = logserver
mode = standalone
multiple_event = 1
dns_enable = 0
strip_domain = 0
strip_domain_list = END
domain.com
END
resolve_value_ip_addresses = 0
net_snmp_perl_enable = 1
net_snmp_perl_best_guess = 0
translate_log_trap_oid = 0
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 1
translate_varname_oid_format = 1
translate_integers = 1
wildcard_expansion_separator =
allow_unsafe_regex = 0
remove_backslash_from_quotes = 0
dynamic_nodes = 0
description_mode = 0
description_clean = 1
threads_enable = 0
threads_max = 10
[DaemonMode]
daemon_fork = 1
daemon_uid =
pid_file = /var/run/snmptt.pid
spool_directory = /var/spool/snmptt/
sleep = 5
use_trap_time = 1
keep_unlogged_traps = 1
[Logging]
stdout_enable = 1
log_enable = 1
log_file = /var/log/snmptt.log
log_system_enable = 1
log_system_file = /var/log/snmpttsystem.log
unknown_trap_log_enable = 1
unknown_trap_log_file = /var/log/snmpttunknown.log
statistics_interval = 0
syslog_enable = 1
syslog_facility = local0
syslog_level_debug = END
END
syslog_level_info = END
END
syslog_level_notice = END
END
syslog_level_warning = END
END
syslog_level_err = END
END
syslog_level_crit = END
END
syslog_level_alert = END
END
syslog_level = warning
syslog_system_enable = 1
syslog_system_facility = local0
syslog_system_level = warning
[SQL]
db_translate_enterprise = 0
db_unknown_trap_format = '$-*'
sql_custom_columns = END
END
sql_custom_columns_unknown = END
END
mysql_dbi_enable = 1
mysql_dbi_host = datenbankserver
mysql_dbi_port = 3306
mysql_dbi_database = snmptt
mysql_dbi_table = snmptt
mysql_dbi_table_unknown = snmptt_unknown
mysql_dbi_table_statistics =
mysql_dbi_username = snmpttuser
mysql_dbi_password = snmpttpass
mysql_ping_on_insert = 1
mysql_ping_interval = 300
[Exec]
exec_enable = 1
pre_exec_enable = 1
unknown_trap_exec =
unknown_trap_exec_format =
exec_escape = 1
[Debugging]
DEBUGGING = 2
DEBUGGING_FILE = /var/log/snmptt.debug
DEBUGGING_FILE_HANDLER = /var/log/snmptthandler.debug
[TrapFiles]
snmptt_conf_files = END
/etc/snmp/snmptt.conf
END
##
you can see, we use mysql, cause of NagTrap.
Here you can see the MIB: http://pastebin.com/m4b101454
and i converted it with the snmpttmibconverter:
./snmpttconvertmib --in=asc.mib --out=snmptt.conf --net_snmp_perl
/etc/snmp/snmptt.conf
#
MIB: ASC-SNMP-MIB-EXT (file:./asc.mib) converted on Fri Mar 7 13:01:25
2008 using snmpttconvertmib v1.2
#
#
#
EVENT ascEvoNotif .1.3.6.1.4.1.4063.2.1.1.1 Status Events Normal
FORMAT RecorderID:$1
SDESC
RecorderID:%s
Hostname
Module:%s
Type: %s
Code: %s
Number:%s
Opened:%s
Updated: %s
Closed:%s
Text: %s
Close Comment: %s
Variables:
1: ascEvoSystemID
Syntax=OCTETSTR
Descr=System ID, this is the unique recorder ID
2: ascEvoSystemName
Syntax=OCTETSTR
Descr=System name, the hostname of the recorder
3: ascEvoModuleName
Syntax=OCTETSTR
Descr=Module name, the process which caused the message
4: ascEvoErrType
Syntax=OCTETSTR
Descr=Error type LOG_ERROR, LOG_WARNING, LOG_INFO, LOG_AUDIT
5: ascEvoErrCode
Syntax=OCTETSTR
Descr=Error code
6: ascEvoErrUniqueID
Syntax=OCTETSTR
Descr=Unique error counter
7: ascEvoErrOpenTime
Syntax=OCTETSTR
Descr=Error opened time
8: ascEvoErrUpdateTime
Syntax=OCTETSTR
Descr=Error updated time is the same as ascEvoOpenTime on first
occurence
9: ascEvoErrCloseTime
Syntax=OCTETSTR
Descr=Error closed time if closed else empty
10: ascEvoErrText
Syntax=OCTETSTR
Descr=Error text as an additional description
11: ascEvoErrCloseComment
Syntax=OCTETSTR
Descr=Error close comment if closed else empty
EDESC
#
someone from a german portal (nagios-portal.de) says, that is looks
quite strange ...
the unknowntrap.log shows something like:
Mon Mar 10 10:17:38 2008: Unknown trap (.1.3.6.1.4.1.4063.2.1.2)
received from asc2.foo.com at:
Value 0: asc2.foo.com
Value 1: 16.24.37.23
Value 2: 10:19:18:29.24
Value 3: .1.3.6.1.4.1.4063.2.1.2
Value 4: 16.24.37.23
Value 5:
Value 6:
Ent Value 0: .1.3.6.1.4.1.4063.2.1.2.1=5175771137
Ent Value 1: .1.3.6.1.4.1.4063.2.1.2.2=evolution
Ent Value 2: .1.3.6.1.4.1.4063.2.1.2.3=IASAPISV
Ent Value 3: .1.3.6.1.4.1.4063.2.1.2.4=LOG_AUDIT
Ent Value 4: .1.3.6.1.4.1.4063.2.1.2.5=USER_SOFTWARE_START
Ent Value 5: .1.3.6.1.4.1.4063.2.1.2.6=1001
Ent Value 6: .1.3.6.1.4.1.4063.2.1.2.7=2008/03/10 10:15:36,137
Ent Value 7: