HowToUseSNMPTraps

From Wiki Centreon

Jump to: navigation, search

SNMP traps are alerts issued by the network hardware or client / server from the moment they support SNMP. There are two families of traps: generic traps (traps that exist for all materials included) and specific traps (specific to a manufacturer). This tutorial explains the management of traps in Centreon. You will not find any information on the highly technical SNMP management, only a functional HowTo.

Contents

Prerequisites:

Some things to check before using the Centreon interface:

  • the snmpd and snmptrapd daemons are running. (Snmptrapd daemons must be started with options "-On" to not convert the OID)
  • the Net-SNMP package installed
  • SNMPTT must be installed depending on configurations provided by the Centreon install.
  • centreon plugins "centTrapHandler*", "centGenSnmpttConfFile" and "centFillTrapDB" must be present in bin directory of Centreon.

Processing order of incoming traps

trap -> snmptrapd -> snmptt -> centTrapHandler-2.x -> a) local nagios.cmd for services on central poller -> b) centcore.cmd for services on satellite nodes

Centreon Interface

A section in Centreon is reserved for the management of traps.: Configuration > Services.

  • Manufacturers: List of manufacturers.
  • Load MIBs: loading the MIB translation files.
  • SNMP Traps: This section lists all the traps that you know the definitions. Each trap returns only information, so a single status. Take the example of Dell traps:
  alertCoolingDeviceFailure: indicates that the system is cooling down.
  alertCoolingDeviceNormal: indicates that the cooling system is OK.
  alertCoolingDeviceWarning: indicates that the cooling system is in a warning state.

A trap therefore defer any information on a material or service, a state, a message will be displayed on the monitoring of Centreon. Moreover, it is connected to a manufacturer.

Translation of MIBs

The advantage is that this part is no longer necessary to return the OIDs of traps one by one in the database. The translation of all the traps that lie in the MIB file is directly entered in the database. Once the translation is complete, it must generate the configuration files for SNMPTT (Configuration> Nagios> Export configuration files). No need to restart Nagios to that. Dependency Management: Sometimes you can not translate a MIB for a given manufacturer. This may be due to a problem of dependency MIB files. Two solutions to this problem:

  • copy all the mibs that you downloaded to the manufacturer in the default directory of SNMP MIBs on the Nagios server (/usr/share/snmp/mibs).
  • Or create a directory where you copy these files and add the path of the directory /etc/snmp/snmpd.conf like this:
  MIBDIRS = /dir/of/new/mibs

Creating a service Centreon

Now how do we provide feedback to Centreon?

Simply create a service with volatile flag set. This will cause that each time a non-OK hard state is found:

  • The non-OK service state is logged
  • Contacts are notified about the problem (if that's what should be done). Note: Notification intervals are ignored for volatile services.
  • The event handler for the service is run (if one has been defined)

Additionally set the check command to check_dummy with the parameter '0'. Regarding the service relations to be set, there are two cases:

  • multiple traps return all the states of an equipment or a service (such as traps that returns the status of Dell coolingDevice from the example above). In this case, we will connect all these traps to the same service. The service will be able to change the state to warning, critical and OK for the monitored equipment.
  • one single trap indicates a warning or critical condition. In this case, you must configure a "freshness check" which will check that information is received every X periods of time. If no trap is received within ten minutes, for example, the service will revert to an OK state.

Advice: Be careful with setting max check attempts > 1 for services, which do receive traps. Most devices do send exactly one traps for each change, which would result in a soft state change where no nagios handlers and notifications are triggered!

Important: Make sure the information entered in "Options> General Options> SNMP" are correct.

Schedules

Here is a link where you can find a lot of MIBs: http://www.oidview.com/mibs/detail.html Good introduction to configuring NetSNMP: http://www.net-snmp.org/wiki/index.php/Tutorials


Example Discussion related to Version 2 of Centreon

 [12:24] <mbrownnyc> hello all, how do i perform a mass import of MIBs into centreon?
 [12:27] <Tensibai> Good question
 [12:27] <Tensibai> and I'm still searching where to import mibs, can't find it again :/
 [12:28] <Tensibai> got it
 [12:29] <mbrownnyc> configuration>services>SNMP traps (sub) MIBs on left menu
 [12:29] <mbrownnyc> it only allows you to import a single file, I have 276
 [12:29] <Tensibai> under services, but I don't know of any method to mass import mibs :( maybe looking on how it is done
 [12:30] *** kilgour quit (Ping timeout: 250 seconds)
 [12:30] <mbrownnyc> how do i associate a trap to a device, or is that even necessary?
 [12:31] <mbrownnyc> the write up on the wiki confused me a bit http://en.doc.centreon.com/HowToUseSNMPTraps#Creating_a_service_Centreon
 [12:32] *** Agassi76600 (~Agassi@AVelizy-155-1-49-209.w86-217.abo.wanadoo.fr) left ()
 [12:32] <mbrownnyc> so the back end uses smtptt, so i'll look into that a bit more
 [12:32] <mbrownnyc> maybe that will revea
 [12:32] <mbrownnyc> l
 [12:32] *** vincenth quit (Quit: Page closed)
 [12:34] <Tensibai> mbrownnyc
 [12:34] <mbrownnyc> yessir
 [12:34] <Tensibai> what it does when you add a mib file is:
 [12:35] <Tensibai> 1) convert it with snmpttconvertmib
 [12:35] <Tensibai> 2) integrate it with bin/centFillTrapDB ...
 [12:35] <Tensibai> to use a trap you have to create a service check on a host and associate a trap to this service
 [12:36] <Tensibai> the service could be active or passive
 [12:36] <mbrownnyc> can it be an existing service (for instance check cpu)?
 [12:36] <mbrownnyc> or should it be a new service (per trap or one service for many traps)?
 [12:37] <mbrownnyc> and... finally... what is the difference between the active or passive service?
 [12:37] <Tensibai> you can use one service for many traps
 [12:37] <Tensibai> an active service is 'launched' by nagios on it's schedule (every 5 mins usually)
 [12:37] <Tensibai> a passive service accept status from outside (by the mean of nsca)
 [12:38] <mbrownnyc> so, in essence, a trap should be a passive service?
 [12:38] <Tensibai> an active only service, accept status from its run only and not from any other way
 [12:38] <Tensibai> yes, but it could be associated to an active service
 [12:38] <Tensibai> to have a status change more 'realtime'
 [12:39] <Tensibai> for example a spanning tree change
 [12:39] <Tensibai> wich could be associated to an interface spanning tree state
 [12:39] <Tensibai> but generally the active check will overwrite the trap sent status
 [12:39] <Tensibai> so you could miss it
 [12:40] <Tensibai> as with a passive service just waiting, you can know it has changed and when
 [12:40] <mbrownnyc> understood, in this case, it would seem to make more sense to have multiple passive services set up for each interface and parse the traps this way ?
 [12:40] <Tensibai> (and see it in tactical overview when you're back from lunch)
 [12:41] <Tensibai> you can have a passive check for the switch, and active checks for each interface
 [12:42] *** el_yeti quit (Quit: Bye :-))
 [12:42] <Tensibai> so if STP flaps over and get back, you'll have the passive check trigerred and the actual status of the interfaces
 [12:42] <Tensibai> that's my point of view that's said
 [12:42] <mbrownnyc> yes, /a/ strategy :) i understand
 [12:42] <mbrownnyc> thanks
 [12:42] <mbrownnyc> lastly, how do I configure a passive service to execute something?  For instance, I am receiving high CPU utilization traps from my firewall, and I want to write a scrip that performs a top on the firewall at this instant, how do i configure that?
 [12:44] <Tensibai> could be a notification action for exemple
 [12:45] <mbrownnyc> okay, that makes sense
 [12:45] <mbrownnyc> thanks :)
 [12:45] <Tensibai> which do the top and send a mail after
 [12:45] <Tensibai> (with the result)
 [12:45] <mbrownnyc> yes, excellent
 [12:45] <Tensibai> Duplicating the notify-by-mail script should do the trick I think
 [12:46] <mbrownnyc> yes, and if not, i'll whip something together
 [12:46] <mbrownnyc> this is more of a linux question, but how do i configure /bin/mail to send using an smtp server?
 [12:47] <mbrownnyc> this is more of a life question, but does orange provide an email address for SMS? (I have an office in geneva for which they have orange mobile phones and I want to send them alerts via SMS)
 [12:47] <mbrownnyc> :)
 [12:47] <Tensibai> Hum just checked for the traps, you can create a trap with a program execution (script)
 [12:48] <krion> FYI a trap can only be used on the central poller
 [12:48] <krion> not on a satellites
 [12:50] <mbrownnyc> thanks krion
 [12:50] <Tensibai> mbrownnyc for the mail sending, depend on wich MTA you're using locally, refer to postfix, exim or sendmail depending on wich you rely
 [12:50] <mbrownnyc> Tensibai, what do you mean you can create a trap with a program execution?
 [12:51] <Tensibai> when you define a trap, you have 3 actions configurable
 [12:51] <mbrownnyc> when you create a trap, in the configured passive service, in Centreon?
 [12:51] <Tensibai> the third one allow to execute something
 [12:51] <mbrownnyc> cool
 [12:52] <Tensibai> in configuration => services = >snmp traps
 [12:52] <Tensibai> choose a trap an edit it, you'll see what I mean
 [12:52] <mbrownnyc> excellent thanks
 [12:52] <Tensibai> but I've no idea on what is passed as variable to this command
 [12:53] <mbrownnyc> okay, i will test

Also refer to...

Personal tools