How to set up monitoring with SNMP Traps

WAS THIS PAGE HELPFUL? Leave Feedback

Overview

This page shows how to set up trap handling for a device to be monitored by your GroundWork system.

You will need to install, configure, and start the SNMP service on the monitored server before you can view traps in the SNMP Trap log file. You will also need to enable an IT device to forward traps to the GroundWork server. Each kind of device, router, switch, load balancer, Windows server has its own method. This page looks at a Windows server and uses a MIB file included with Windows.
Steps
Viewing the SNMP Trap log file

If you've configuring the SNMP service and enabled forwarding, traps should begin arriving on the GroundWork server.

  • In a terminal session for your GroundWork server, login and become user nagios.
  • You can see the traps by tailing from the /usr/local/groundwork/logs directory, the snmptrapd.log file, and see that each message is just a numeric set of codes.
  • The translation of these requires the knowledge of the same trap MIBs as the devices being monitored. These trap MIBs are available as text files, which can generally find on the manufacturer's site. There may be multiple MIBs to obtain, because the definitions are hierarchical. You would put the trap MIB file for a new device into a place like /tmp.
  • Example: 
    nagios@ip-10-30-2-10:~$ tail /usr/local/groundwork/logs/snmptrapd.log
	.1.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7
2018-08-08 15:37:41 10.30.2.70(via UDP: [10.30.2.70]:61841->[10.30.2.10]:162)
        TRAP, SNMP v1, community public
        .1.3.6.1.4.1.311.1.1.3.1.2 Link Up Trap (0) Uptime: 0:00:15.07
	.1.3.6.1.2.1.2.2.1.1.9 = INTEGER: 9
2018-08-08 15:37:41 10.30.2.70(via UDP: [10.30.2.70]:61841->[10.30.2.10]:162)
        TRAP, SNMP v1, community public
	.1.3.6.1.4.1.311.1.1.3.1.2 Link Up Trap (0) Uptime: 0:00:15.07
	.1.3.6.1.2.1.2.2.1.1.10 = INTEGER: 10
2018-08-08 15:37:41 10.30.2.70(via UDP: [10.30.2.70]:61841->[10.30.2.10]:162)
        TRAP, SNMP v1, community public
	.1.3.6.1.4.1.311.1.1.3.1.2 Link Up Trap (0) Uptime: 0:00:15.07
	.1.3.6.1.2.1.2.2.1.1.11 = INTEGER: 11
nagios@ip-10-30-2-10:~$
Copying a MIB to the GroundWork server
  • From a command line on your target machine, and from the \Windows\system32 directory, copy a mib file (we use a MIB file included with Windows) to your GroundWork server /home/groundwork directory.
  • Example: 
    Microsoft Windows [Version 10.0.14393](c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\groundwork>cd \Windows\system32
C:\Windows\System32>pscp mib_ii.mib [email protected]:/home/groundwork
[email protected]'s password:
mib_ii.mib                | 105 kB | 105.4 kB/s | ETA: 00:00:00 | 100%
C:\Windows\System32>
Running the MIB conversion script
  • From your GroundWork server, as user root, change to the /home/groundwork directory and run the script with the MIB text file as the argument.
  • You should see a status scroll by for each trap, ending with the total, successful, and failed translations found.
  • And it should end with the total, successful, and failed translations found. The failures might come from references to definitions in MIB files not present on the system. You will need to identify them and put them in the /usr/local/groundwork/common/share/snmp/mibs directory and try the conversion again.
  • Example: 
    root@ip-10-30-2-10:/home/groundwork# /usr/local/groundwork/tools/snmp_mibs/convert_mib.sh mib_ii.mib
*****  Processing MIB file *****
snmptranslate version: NET-SNMP version: 5.7.3
severity: Normal
File to load is:        ./mib_ii.mib
File to APPEND TO:      ./mib_ii.mib.conf
MIBS environment var:   ./mib_ii.mib
mib name: RFC1213-MIB
Processing MIB:         RFC1213-MIB
#
Line: 2627
TRAP-TYPE: coldStart
Looking up via snmptranslate: RFC1213-MIB::coldStart
OID: .1.3.6.1.2.1.11.0.0
#
Line: 2636
TRAP-TYPE: warmStart
Looking up via snmptranslate: RFC1213-MIB::warmStart
OID: .1.3.6.1.2.1.11.0.1
#
Line: 2645
TRAP-TYPE: linkDown
Variables: ifIndex
Looking up via snmptranslate: RFC1213-MIB::linkDown
OID: .1.3.6.1.2.1.11.0.2
#
Line: 2655
TRAP-TYPE: linkUp
Variables: ifIndex
Looking up via snmptranslate: RFC1213-MIB::linkUp
OID: .1.3.6.1.2.1.11.0.3
#
Line: 2665
TRAP-TYPE: authenticationFailure
Looking up via snmptranslate: RFC1213-MIB::authenticationFailure
OID: .1.3.6.1.2.1.11.0.4
Done
Total translations:        5
Successful translations:   5
Failed translations:       0
root@ip-10-30-2-10:/home/groundwork#
Copying the MIB output file
  • When you succeed, copy the output file (with the .conf extension) to the snmp directory.
  • Example: 
    root@ip-10-30-2-10:/home/groundwork# cp mib_ii.mib.conf /usr/local/groundwork/common/etc/snmp
root@ip-10-30-2-10:/home/groundwork# cd /usr/local/groundwork/common/etc/snmp
root@ip-10-30-2-10:/usr/local/groundwork/common/etc/snmp# ls
apctraps367.conf          generic_snmp.conf  snmptrapd.conf  snmptt.ini
CISCO-C2900-MIB.conf      mib_ii.mib.conf    snmptt.conf
CISCO-GENERAL-TRAPS.conf  mibs               snmpttd.init
root@ip-10-30-2-10:/usr/local/groundwork/common/etc/snmp#
  • Then, in the same directory edit the snmptt.ini file, and include the new file with the appropriate path, at the bottom of the file. Don't forget to save the file.
  • Example: 
    vi snmptt.ini
[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/usr/local/groundwork/common/etc/snmp/snmptt.conf
/usr/local/groundwork/common/etc/snmp/CISCO-C2900-MIB.conf
/usr/local/groundwork/common/etc/snmp/CISCO-GENERAL-TRAPS.conf
/usr/local/groundwork/common/etc/snmp/apctraps367.conf
/usr/local/groundwork/common/etc/snmp/mib_ii.mib.conf
END
-- INSERT --                            636,54        99%
Viewing the MIB .conf file
  • You may want to view the MIB .conf file. It has an entry for each kind of trap that might be sent. If you open the .conf file with an editor you can see the structure of each section, which is really a block of directions for the translator.
  • Do you see the string at the end of each EVENT line? It serves two purposes, it shows up as the Severity code in the Event Console, and it informs Nagios of the State to be assigned to the snmptraps_last service. For the console the string is used as is, and for Nagios the string is translated as follows:
    • NORMAL, OK, or INFORMATIONAL becomes OK
    • MINOR or WARNING becomes WARNING
    • MAJOR or CRITICAL becomes CRITICAL
  • Any edits would require you to save the file and restart the snmptt service.
  • Example: 
    #
#
#
MIB: RFC1213-MIB (file:./mib_ii.mib) converted on Wed Aug  8 11:55:32 2018 using snmpttconvertmib v1.2
#
#
#
EVENT coldStart .1.3.6.1.2.1.11.0.0 "Status Events" Normal
FORMAT A coldStart trap signifies that the sending protocol entity is reinitializing itself such that the
agent's configuration or the protocol entity implementation may be altered. $*
SOCKET localhost:4913;localhost:5667;$x;$X;$aA;$A;$o;$O;$s;$N;$c;$+*;$Fz
SDESC
A coldStart trap signifies that the sending
protocol entity is reinitializing itself such
that the agent's configuration or the protocol
entity implementation may be altered.
Variables:
EDESC
#
#
#
EVENT warmStart .1.3.6.1.2.1.11.0.1 "Status Events" Normal
FORMAT A warmStart trap signifies that the sending protocol entity is reinitializing itself such that
neither the agent configuration nor the protocol entity implementation is altered. $*
SOCKET localhost:4913;localhost:5667;$x;$X;$aA;$A;$o;$O;$s;$N;$c;$+*;$Fz
SDESC
A warmStart trap signifies that the sending
protocol entity is reinitializing itself such
that neither the agent configuration nor the
protocol entity implementation is altered.
Variables:
EDESC
#
#
#
EVENT linkDown .1.3.6.1.2.1.11.0.2 "Status Events" Normal
FORMAT A linkDown trap signifies that the sending protocol entity recognizes a failure in one of the
communication links represented in the agent's configuration. $*
SOCKET localhost:4913;localhost:5667;$x;$X;$aA;$A;$o;$O;$s;$N;$c;$+*;$Fz
SDESC
A linkDown trap signifies that the sending
protocol entity recognizes a failure in one of
the communication links represented in the
agent's configuration.
Variables:
  1: ifIndex
EDESC
Configuring host and service definitions for notifications

In this section we focus on Nagios and Foundation and how to show the originating host correctly in Status and in notifications. You'll need to import the SNMP Trap Receiver profile, add a host definition for the host sending the traps, and add the appropriate service to the host.

  • Import the SNMP Trap Receiver service profile making the snmptraps_last service available for use:
    • Go to Configuration > Profiles > Profile importer > Import > SNMP, and check the box for the SNMP Trap Receiver service profile and import.
  • Create a new host:
    • Add a host definition for the originating host adding the host vitals and the service-ping host profile. Make your way to the Host Properties 3 screen and select and add the snmptraps_last service to the host using Add to list, you'll see it displayed.
    • Click Next and Continue, then click Cancel. And go ahead and commit these changes to the running Nagios and to Foundation, (Configuration > Control > Pre flight test > Commit). A pre-flight and annotation should always be a part of a commit process.
Viewing SNMP Trap events and Nagios events
  • To generate the traps you may need to stop and restart the SNMP Service on your monitored machine.
  • Then within Event Console under Applications, select the SNMPTRAP filter. After a bit of time passes, you should see events listed with the Application Type SNMPTRAP. You should also see NAGIOS events, under the host for the snmptraps_last service. The state will reflect any changes you previously made in the .conf file.
  • Also, if you go to the Status viewer and drill down to the monitored host service snmptraps_last, as the traps come in the detail on this will change. If you had set up notifications you'd be getting them as well.

Labels

snmp snmp Delete
traps traps Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.