我有一些麻烦configurationsnmptt正确翻译snmp陷阱。
以下是一个问题:
/etc/snmp/snmptt.conf反映:
EVENT fgFmTrapIfChange .1.3.6.1.4.1.12356.101.6.0.1004 "Status Events" Critical FORMAT $* EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r "snmp_traps" 2 "$O: $+*" "$*" SDESC Trap is sent to the managing FortiManager if an interface IP is changed Variables: 1: fnSysSerial 2: ifName 3: fgManIfIp 4: fgManIfMask EDESC
当收到一个陷阱时,/ var / log / messages反映:
Sep 6 12:07:32 SNMPMANAGERHOST snmptrapd[15385]: 2012-09-06 12:07:32 <UNKNOWN> [UDP: [192.168.100.2]:162->[192.168.100.31]]: #012.1.3.6.1.2.1.1.3.0 = Timeticks: (707253943) 81 days, 20:35:39.43 #011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.12356.101.6.0.1004 #011.1.3.6.1.4.1.12356.100.1.1.1.0 = STRING: FGTNNNNNNNNN #011.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: internal4 #011.1.3.6.1.4.1.12356.101.6.2.1.0 = IpAddress: 192.168.65.100 #011.1.3.6.1.4.1.12356.101.6.2.2.0 = IpAddress: 255.255.255.0 Sep 6 12:07:37 SNMPMANAGERHOST icinga: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT; 192.168.100.2; snmp_traps; 2; enterprises.12356.101.6.0.1004: enterprises.12356.100.1.1.1.0:FGTNNNNNNNNN ifName.10:internal4 enterprises.12356.101.6.2.1.0:192.168.65.100 enterprises.12356.101.6.2.2.0:255.255.255.0
由于icinga条目反映了EXEC ,显然snmptt没有发生翻译。
我已经validation在snmptt.ini启用了translate_log_trap_oid和snmptt.ini
当使用--debug=1启动snmptt ,我在--debugfile看到以下--debugfile :
********** Net-SNMP version 5.05 Perl module enabled **********
主要的NET-SNMP版本被报告为NET-SNMP version: 5.5 。
还有什么可以做的,以validationsnmpttconfiguration正确,翻译陷阱?
我已经运行snmptt-net-snmp-test来validation我安装的net-snmp-perl版本是否正确支持翻译。 输出表示它。
/root/snmptt_1.3/snmptt-net-snmp-test --best_guess=2 SNMPTT Net-SNMP Test v1.0 (c) 2003 Alex Burger http://snmptt.sourceforge.net MIBS:RFC1213-MIB best_guess: 2 Testing translateObj ******************** Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=disabled Test passed. Result: sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=enabled Test passed. Result: RFC1213-MIB::sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=disabled Test passed. Result: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=enabled Test passed. Result: RFC1213-MIB::.iso.org.dod.internet.mgmt.mib-2.system.sysDescr Testing: sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: RFC1213-MIB::sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: RFC1213-MIB::system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing getType *************** Testing: .1.3.6.1.2.1.4.1 Test passed. Result: INTEGER Testing: ipForwarding Test passed. Result: INTEGER Testing Description ******************* Test passed. Result: ------------------------------------------------- The indication of whether this entity is acting as an IP gateway in respect to the forwarding of datagrams received by, but not addressed to, this entity. IP gateways forward datagrams. IP hosts do not (except those source-routed via the host). Note that for some managed nodes, this object may take on only a subset of the values possible. Accordingly, it is appropriate for an agent to return a `badValue' response if a management station attempts to change this object to an inappropriate value. -------------------------------------------------
我已经手动通过MIB的定义,不解决,并validation它正确地链接回适当的解决的定义。 它是:
FORTINET-FORTIGATE-MIB.txt contains: fgFmTrapIfChange NOTIFICATION-TYPE OBJECTS { fnSysSerial, ifName, fgManIfIp, fgManIfMask } STATUS current DESCRIPTION "Trap is sent to the managing FortiManager if an interface IP is changed" ::= { fgFmTrapPrefix 1004 } fgFmTrapPrefix OBJECT IDENTIFIER ::= { fgMgmt 0 } fgMgmt OBJECT IDENTIFIER ::= { fnFortiGateMib 6 } fnFortiGateMib ::= { fortinet 101 } IMPORTS FnBoolState, FnIndex, fnAdminEntry, fnSysSerial, fortinet FROM FORTINET-CORE-MIB fortinet MODULE-IDENTITY ::= { enterprises 12356 } LOOKS GOOD!!!!! 1.3.6.1.4.1.12356.101.6.0.1004
我已经用尽了所有的文档,甚至在snmptt-users邮件列表中无果而终。
我无法certificate这是MIB。
为什么snmptt无法翻译陷阱?
只是:
谢谢,
马特
[UPDATE]
snmptt.ini
snmptrapd.conf:
authCommunity log,execute,net communitystr traphandle default /usr/bin/snmptthandler
snmptt.conf
MIB没有被翻译的陷阱生活 (并且它被引用的MIB )。
请注意,linkUp和linkDown正在正确翻译。
[更新2]
我还testing了另一个不是包含在net-snmp包中的默认MIB的MIB,而且这个MIB也无法parsing。
[更新3]
如果我在snmptt.ini中设置了以下内容:
mode = standalone
我在snmptrapd.conf中设置了以下内容:
traphandle default /usr/sbin/snmptt --ini=/etc/snmp/snmptt.ini
我能够按预期翻译陷阱。
这意味着/usr/sbin/snmptt用于守护进程的任何方法都可能无法访问MIB,或者可能正在执行除描述之外的其他操作。 snmptt.ini包含的文档可能会包含我所寻求的答案。
在snmptt.ini设置mibs_environment = ALL
描述:
# Allows you to set the MIBS environment variable used by SNMPTT # Leave blank or comment out to have the systems enviroment settings used # To have all MIBS processed, set to ALL # See the snmp.conf manual page for more info.
mibs_environment = ALL必须在snmptt.ini中设置,即使是以-m ALL开始的snmptrapd(其中ALL是包括所有MIB(在文件中定义)的通配符语句)。
\ o。
我在后面的聊天窗口中发布了这个消息,但看起来你可能已经离开了。 您的snmptt.ini文件具有以下翻译选项集:
translate_log_trap_oid = 1 translate_value_oids = 1 translate_enterprise_oid_format = 1 translate_trap_oid_format = 0 translate_varname_oid_format = 0 translate_integers = 1
有趣的是影响$ O值的'translate_trap_oid_format'。 有效值为0 – 4,其中0closures翻译,其余列在snmptt.ini中 –
Set to 0 to disable translating OID values to text (symbolic form) Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm) Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm) Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm) Set to 4 to translate OID values to long text with module name (eg:UPS-MIB::iso...upsAlarm.BuildingAlarm)