On Wed, May 31, 2006 at 12:39:47AM -0700, Vinod wrote: > I tried to configure nagios to listen to snmp traps from a host. > i have been referring to documents > http://www.samag.com/documents/s=9559/sam0503g/ > http://www.snmptt.org/docs/snmptt.shtml#Integration-with-other-software
I've been using http://www.samag.com/documents/s=9559/sam0503g/ with good success. > Secondly > http://www.samag.com/documents/s=9559/sam0503g/ > speicifes > use passive-check-template > but its not mentioned how to define the passive-check-template You can define passive_check_missing in checkcommands.cfg, although it wont be used in this case: define command{ command_name passive_check_missing command_line $USER1$/passive_check_missing.sh } Here's what passive_check_missing.sh looks like: #!/bin/sh /bin/echo "CRITICAL: Passive Service check is missing!" exit 2 In services.cfg we define the template that will be used by the snmp_trap_handling_* service checks: define service{ register 0 name passive-check-template use generic-service check_freshness 1 check_period none passive_checks_enabled 1 max_check_attempts 1 check_command passive_check_missing freshness_threshold 600 } I've been converting mibs with: snmpttconvertmib --net_snmp_perl --format_desc=6 --in=FOO.mib \ --out=/etc/snmp/snmptt-FOO.conf as that seems to produce EVENTs with descriptions making more sense than the default convert shown in the article. You may want to look though them anyway or replace 6 with smaller number. Check 'snmpttconvermib --help' for more info. I've also made a small change to the snmptraphandling.py. Trend Micro's MIBs use the severity NORMAL when snmptraphandling.py only matches Normal (case sensitive). So I've added a section to also match NORMAL. My sec.conf looks like: type=Single ptype=RegExp pattern=(\w+\s+\d+\s\d+:\d+:\d+)\s[\w\.\-]+\ssnmptt\[\d+\]:\s\ ([\d\.]*)\s(Normal|NORMAL|INFORMATIONAL|MINOR|WARNING|SEVERE|\ MAJOR|CRITICAL)\s\"Status Events\"\s([\w\.\-]*)\s\-\s(.*) desc=snmptrap received from $3 action=shellcmd /opt/nagios/libexec/eventhandlers/snmptraphandling.py\ $4 $3 "$5" When converting MIBs, you also may want to check them through to see what kind of severities are defined for various traps. So far there seems to a lot of Normal severity traps even for traps that alert you about hardware failures etc. The article says "One of the beauties of this solution is that we can use the event severity set by the mib designer. Nagios will always report the event status based on this information." and I think this is somewhat problematic with a lot of MIBs. Many traps seem to define the severity somewhere else. Lets take examples from SUN-PLATFORM-MIB. Some Sun server might send alarm traps and these have Normal severity so snmptt + sec + Nagios would map them to OK. However they might be something worse: component has blown up or system is reaching temperatures where metal starts to melt... so I guess this setup has some drawbacks. EVENT sunPlatEquipmentAlarm .1.3.6.1.4.1.42.2.70.101.2.0.5\ "Status Events" Normal EVENT sunPlatEnvironmentalAlarm .1.3.6.1.4.1.42.2.70.101.2.0.4\ "Status Events" Normal You get the severity as a variable: 7: sunPlatNotificationPerceivedSeverity Syntax="INTEGER" 1: indeterminate 2: critical 3: major 4: minor 5: warning 6: cleared Descr="The perceived severity of the alarm, as specified by the agent that generated it in accordance with X.733, sec. 8.1.2.3." I'd be interesting in hearing from others if they've come up with some solution to this, or if I've misunderstood something. Regards, -- Hannu Liljemark | Appelsiini Finland Oy | http://appelsiini.fi _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null