mbr*_*nyc 7 networking linux snmp net-snmp
我在配置snmptt以正确转换 snmp 陷阱时遇到了一些麻烦。
下面是一个问题:
/etc/snmp/snmptt.conf 反映:
EVENT fgFmTrapIfChange .1.3.6.1.4.1.12356.101.6.0.1004 "Status Events" Critical
FORMAT $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r "snmp_traps" 2 "$O: $+*" "$*"
SDESC
Trap is sent to the managing FortiManager if an interface IP is changed
Variables:
1: fnSysSerial
2: ifName
3: fgManIfIp
4: fgManIfMask
EDESC
当收到陷阱时,/var/log/messages 反映:
Sep 6 12:07:32 SNMPMANAGERHOST snmptrapd[15385]:
2012-09-06 12:07:32 <UNKNOWN>
[UDP:
[192.168.100.2]:162->[192.168.100.31]]:
#012.1.3.6.1.2.1.1.3.0 = Timeticks: (707253943) 81 days, 20:35:39.43
#011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.12356.101.6.0.1004
#011.1.3.6.1.4.1.12356.100.1.1.1.0 = STRING: FGTNNNNNNNNN
#011.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: internal4
#011.1.3.6.1.4.1.12356.101.6.2.1.0 = IpAddress: 192.168.65.100
#011.1.3.6.1.4.1.12356.101.6.2.2.0 = IpAddress: 255.255.255.0
Sep 6 12:07:37 SNMPMANAGERHOST icinga:
EXTERNAL COMMAND:
PROCESS_SERVICE_CHECK_RESULT;
192.168.100.2;
snmp_traps;
2;
enterprises.12356.101.6.0.1004: enterprises.12356.100.1.1.1.0:FGTNNNNNNNNN ifName.10:internal4 enterprises.12356.101.6.2.1.0:192.168.65.100 enterprises.12356.101.6.2.2.0:255.255.255.0
由于icinga条目反映了EXEC,很明显没有发生由 的翻译snmptt。
我已经验证translate_log_trap_oid并net_snmp_perl_enable在snmptt.ini
使用--debug=1to start 时snmptt,我在以下内容中看到--debugfile:
********** Net-SNMP version 5.05 Perl module enabled **********
主要的 NET-SNMP 版本报告为NET-SNMP version: 5.5.
还可以做些什么来验证是否snmptt已正确配置以转换陷阱?
我已经运行snmptt-net-snmp-test以验证我正确安装的任何 net-snmp-perl 版本是否支持翻译。输出表明确实如此。
/root/snmptt_1.3/snmptt-net-snmp-test --best_guess=2
SNMPTT Net-SNMP Test v1.0
(c) 2003 Alex Burger
http://snmptt.sourceforge.net
MIBS:RFC1213-MIB
best_guess: 2
Testing translateObj
********************
Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=disabled
Test passed. Result: sysDescr
Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=enabled
Test passed. Result: RFC1213-MIB::sysDescr
Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=disabled
Test passed. Result: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr
Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=enabled
Test passed. Result: RFC1213-MIB::.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
Testing: sysDescr, long_names=disabled, include_module=disabled
Test passed. Result: .1.3.6.1.2.1.1.1
Testing: RFC1213-MIB::sysDescr, long_names=disabled, include_module=disabled
Test passed. Result: .1.3.6.1.2.1.1.1
Testing: system.sysDescr, long_names=disabled, include_module=disabled
Test passed. Result: .1.3.6.1.2.1.1.1
Testing: RFC1213-MIB::system.sysDescr, long_names=disabled, include_module=disabled
Test passed. Result: .1.3.6.1.2.1.1.1
Testing: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr, long_names=disabled, include_module=disabled
Test passed. Result: .1.3.6.1.2.1.1.1
Testing getType
***************
Testing: .1.3.6.1.2.1.4.1
Test passed. Result: INTEGER
Testing: ipForwarding
Test passed. Result: INTEGER
Testing Description
*******************
Test passed. Result:
-------------------------------------------------
The indication of whether this entity is acting
as an IP gateway in respect to the forwarding of
datagrams received by, but not addressed to, this
entity. IP gateways forward datagrams. IP hosts
do not (except those source-routed via the host).
Note that for some managed nodes, this object may
take on only a subset of the values possible.
Accordingly, it is appropriate for an agent to
return a `badValue' response if a management
station attempts to change this object to an
inappropriate value.
-------------------------------------------------
我已经手动检查了未解析定义的 MIB,并验证它是否正确链接回正确解析的定义。这是:
FORTINET-FORTIGATE-MIB.txt contains:
fgFmTrapIfChange NOTIFICATION-TYPE
OBJECTS { fnSysSerial, ifName, fgManIfIp, fgManIfMask }
STATUS current
DESCRIPTION
"Trap is sent to the managing FortiManager if an interface IP is changed"
::= { fgFmTrapPrefix 1004 }
fgFmTrapPrefix OBJECT IDENTIFIER
::= { fgMgmt 0 }
fgMgmt OBJECT IDENTIFIER
::= { fnFortiGateMib 6 }
fnFortiGateMib
::= { fortinet 101 }
IMPORTS
FnBoolState, FnIndex, fnAdminEntry, fnSysSerial, fortinet
FROM FORTINET-CORE-MIB
fortinet MODULE-IDENTITY
::= { enterprises 12356 }
LOOKS GOOD!!!!!
1.3.6.1.4.1.12356.101.6.0.1004
我已经用尽了所有文档,甚至在snmptt-users 邮件列表中也毫无结果地张贴。
我无法证明它是 MIB。
为什么会snmptt失败翻译陷阱?
简单地:
谢谢,
马特
[更新]
snmptrapd.conf:
authCommunity log,execute,net communitystr
traphandle default /usr/bin/snmptthandler
MIB 没有被翻译的陷阱所在的位置(并且它被引用为 MIB)。
请注意, linkUp 和 linkDown 正在正确翻译。
[更新 2]
我还使用另一个 MIB 进行了测试,该 MIB 不是 net-snmp 包中包含的默认 MIB,并且该 MIB 也无法解析。
[更新 3]
如果我在 snmptt.ini 中设置以下内容:
mode = standalone
我在 snmptrapd.conf 中设置了以下内容:
traphandle default /usr/sbin/snmptt --ini=/etc/snmp/snmptt.ini
我能够按预期翻译陷阱。
这意味着/usr/sbin/snmptt用于守护进程的任何方法都可能无法访问 MIB,或者可能正在执行描述之外的操作。其中包含的文档snmptt.ini可能包含我寻求的答案。
设置mibs_environment = ALL在snmptt.ini
描述:
# Allows you to set the MIBS environment variable used by SNMPTT
# Leave blank or comment out to have the systems enviroment settings used
# To have all MIBS processed, set to ALL
# See the snmp.conf manual page for more info.
mibs_environment = ALLsnmptt.ini即使使用 snmptrapd 开头,也必须设置为-m ALL(whereALL是包含所有 MIB [在文件中定义] 的通配符语句)。
\o。
我不久前在聊天窗口中发布了此内容,但看起来您可能已经离开了。您的 snmptt.ini 文件设置了以下翻译选项:
translate_log_trap_oid = 1
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 0
translate_varname_oid_format = 0
translate_integers = 1
有趣的是“translate_trap_oid_format”,它影响 $O 的值。有效值为 0 - 4,其中 0 关闭翻译,其余的在 snmptt.ini 中列出 --
Set to 0 to disable translating OID values to text (symbolic form)
Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm)
Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm)
Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm)
Set to 4 to translate OID values to long text with module name (eg:UPS-MIB::iso...upsAlarm.BuildingAlarm)