SNMPTT/SYSLOG viewer Plugin for Cacti. v 1.4.3 (2009/02/06)

[xminos]

After reading this I am a little confused. It appears that this will take SNMP traps and reformat them before sending them on to say HP openview?

Is there anyway to combine this with say a Theshold plugin and have SNMP traps generated from the events trigged by Thold?

[eternal]

I haven't noticed till now that my graphing stats do not work.

Imported the templates, If i run php ss_snmpttpoller.php ss_snmpttpoller
I get data back

on SNMPTT Poller Time Statistics It wont generate a rrd file
ERROR: opening '/var/www/html/rra/localhost_treetime_1411.rrd': No such file or directory

[cosminutz1977]

hello,

excelent job with this plugin ... congrats
overall i have a problem with Trap Time field, 1970-01-01 03:00:00 all over.

in snmptrapd.log time it's OK:

Code: Select all

2008-09-10 11:41:50 IP [UDP: [IP]:51966]:
.1.3.6.1.2.1.1.3.0 = Timeticks: (2524045698) 292        .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.0.1        .1.3.6.1.4.1.9.2.9.3.1.1.1.1 = INTEGER:5
       .1.3.6.1.2.1.6.13.1.1.IP.23.otherIP.2303 = INTEGER: synReceived(4) .1.3.6.1.4.1.9.2.6.1.1.5.IP.23.otherIP.2303 = INTEGER: 798      .1.3.6.1.4.1.9.2.6.1.1.1.IP.23.otherIP.2303 = INTEGER: 1105        .1.3.6.1.4.1.9.2.6.1.1.2.IP.23.otherIP.2303 = INTEGER: 38075    .1.3.6.1.4.1.9.2.9.2.1.18.1 = ""

same in snmpttunknown.log:

Code: Select all

2008-09-10 11:56:42: Unknown trap (.1.3.6.1.4.1.9.0.1) received from IP at: 
Value 0: IP
Value 1: IP
Value 2: 292
Value 3: .1.3.6.1.4.1.9.0.1
Value 4: IP
Value 5: 
Value 6: 
Ent Value 0: .1.3.6.1.4.1.9.2.9.3.1.1.1.1=5
Ent Value 1: .1.3.6.1.2.1.6.13.1.1.IP.23.otherIP.23220=synReceived
Ent Value 2: .1.3.6.1.4.1.9.2.6.1.1.5.IP.23.otherIP.23220=796
Ent Value 3: .1.3.6.1.4.1.9.2.6.1.1.1.IP.23.otherIP.23220=1105
Ent Value 4: .1.3.6.1.4.1.9.2.6.1.1.2.IP.23.otherIP.23220=38075
Ent Value 5: .1.3.6.1.4.1.9.2.9.2.1.18.1=

where can be the problem?

thx.

[gthe]

And what date in a database?

[gthe]

After reading this I am a little confused. It appears that this will take SNMP traps and reformat them before sending them on to say HP openview?

Is there anyway to combine this with say a Theshold plugin and have SNMP traps generated from the events trigged by Thold?

Snmptt cacti plugin only show traps info from DB.
Snmptt programm receive traps from net and store it in DB (and may be reSend it)

[cosminutz1977]

In database I have: 0000-00-00 00:00:00 on traptime.

Thanx for the answer.

[gthe]

Check snmptt.ini.
From my:

Code: Select all

date_time_format = %Y-%m-%d %H:%M:%S
date_time_format_sql = %Y-%m-%d %H:%M:%S
stat_time_format_sql = %Y-%m-%d %H:%M:%S
use_trap_time = 1

And, may be, enable logging mysqld queries and look in it.

[cosminutz1977]

I've solved my problem:
date_time_format_sql in snmptt.ini


Thanx for the good plugin.

[radiumfu]

Code: Select all

# Configuration File
# /etc/snmp/snmptrapd.conf
# last change: Mon Oct 26 19:44:36 1998
# This file is used to set the configuration for logging on
# Flash Disk, RAM Disk and external System via Traps
# Log Levels for Flash Disk and RAM Disk
authCommunity log public
traphandle default /usr/sbin/snmptthandler
LogFlash 1 1000
LogRAM 10 32768
# Trap Sink addresses
TrapSink 0 5 public 192.168.100.29
# Generic Traps
Generic 0 1 ColdStart
Generic 1 10 WarmStart
Generic 2 10 IFDown
Generic 3 10 IFUp
Generic 4 10 InvalidCommunity
Generic 5 10 EGPdown
# Enterprises Traps
Enterprise 1 4 passwordFail
Enterprise 2 4 switchWarning
Enterprise 3 4 switchLOS
Enterprise 4 4 switchErrorLock
Enterprise 5 4 switchBackupLineFail
Enterprise 6 4 switchChangedLine
Enterprise 7 4 snmpFail
Enterprise 8 4 chanFail
Enterprise 9 4 chanLasLocCurrOOR
Enterprise 10 4 chanLasRemCurrOOR
Enterprise 11 4 chanTempOOR
Enterprise 12 4 chanClockrecFail
Enterprise 13 4 chanCommunicationWar
Enterprise 14 4 chanRecremLOS
Enterprise 15 4 chanReclocLOS
Enterprise 16 4 fanFail
Enterprise 17 4 edfaFail
Enterprise 18 4 psFail
Enterprise 19 4 psOK
Enterprise 20 4 chanRecremNoLOS
Enterprise 21 4 chanReclocNoLOS
Enterprise 22 4 chanHardwareAdd
Enterprise 23 4 chanHardwareDel
Enterprise 24 4 chanClockrecNoFail

I try this, but when I restart snmptrapd service, I got many warning message in /etc/snmp/snmptrapd.conf
like below

Code: Select all

/etc/snmp/snmptrapd.conf: line 1: Warning: Unknown token: authCommunity.
/etc/snmp/snmptrapd.conf: line 3: Warning: Unknown token: LogFlash.
/etc/snmp/snmptrapd.conf: line 4: Warning: Unknown token: LogRAM.
/etc/snmp/snmptrapd.conf: line 6: Warning: Unknown token: TrapSink.
/etc/snmp/snmptrapd.conf: line 8: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 9: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 10: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 11: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 12: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 13: Warning: Unknown token: Generic.
/etc/snmp/snmptrapd.conf: line 15: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 16: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 17: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 18: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 19: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 20: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 21: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 22: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 23: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 24: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 25: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 26: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 27: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 28: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 29: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 30: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 31: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 32: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 33: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 34: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 35: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 36: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 37: Warning: Unknown token: Enterprise.
/etc/snmp/snmptrapd.conf: line 38: Warning: Unknown token: Enterprise.
2008-09-23 12:38:21 NET-SNMP version 5.1.2 Started.

My kernel version, and snmp, snmp effected application version like below

Code: Select all

[root@]# uname -a
Linux S7ITM08 2.6.9-78.0.1.plus.c4smp #1 SMP Tue Aug 5 11:18:41 EDT 2008 i686 i686 i386 GNU/Linux
[root@]# rpm -qa | grep snmp
net-snmp-libs-5.1.2-13.el4
net-snmp-perl-5.1.2-13.el4
php-snmp-5.1.6-3.el4s1.10
net-snmp-devel-5.1.2-13.el4
net-snmp-5.1.2-13.el4
net-snmp-utils-5.1.2-13.el4

[gthe]

Try just simple config (my):
# cat /etc/snmp/snmptrapd.conf

Code: Select all

authCommunity log,execute,net public
authCommunity log,execute,net myown_community
#.... and all communitys in yous net .......#
traphandle default /usr/sbin/snmptthandler

# uname -a
Linux sys.kinel 2.6.18-92.1.10.el5.centos.plus #1 SMP Thu Aug 7 12:19:36 EDT 2008 i686 i686 i386 GNU/Linux
# rpm -qa | grep snmp
net-snmp-libs-5.3.1-24.el5_2.1
net-snmp-utils-5.3.1-24.el5_2.1
php-snmp-5.1.6-20.el5_2.1
net-snmp-5.3.1-24.el5_2.1
net-snmp-perl-5.3.1-24.el5_2.1
net-snmp-devel-5.3.1-24.el5_2.1

[radiumfu]

I'm very expectancy for SNMPTT - View , the major reason is it can send alert base on customized rules, but when I try this function, sounds like it not work, should I check something?

By the way, this cacti server monitor & threshold plugins can send out alert mail normally.

I installed SNMPTT view version: 1.0.23b

I received below trap message from a Libert Air Conditional

Want send out alert base on below rule settings, but not work.

[gthe]

But in screens I see that eventname do not coincide.

[radiumfu]

But in screens I see that eventname do not coincide.

Thank you reply, and yes, you are right, but even I change eventname to "HighTemplate_issued", then try issued a snmp trap message again, still not get e-mail alert.

[gthe]

radiumfu, can you send to me mysql row with this alert(alerts) and rule ?

[radiumfu]

Message:

Code: Select all

plugin_snmptt
*************************** 1. row ***************************
        id: 3155122
 eventname: HighTemplate_Issued
   eventid: .1.3.6.1.4.1.476.1.42.3.3.0.1
   trapoid: enterprises.476.1.42.3.3.0.1
enterprise: 
 community: piblic
  hostname: 10.1.10.19
   agentip: 10.1.10.19
  category: Status Events
  severity: Warning
    uptime: 9:6:30:00.03
  traptime: 2008-10-02 17:57:33
formatline: Liebert Unit Sensor (HighTemplate)
    status: 2
     alert: 0

Alert

Code: Select all

plugin_snmptt_alert
*************************** 1. row ***********************
       id: 6
     name:Libert
     type: Contains
     mode: 1
 hostname: 10.1.10.19
eventname: HighTemplate_Issued
  message: Data Center (South) Air conditioner High Temperature Alert issued, Call U.S Server/Network team.
     user: 
     date: NULL
    email: noc@domain.com<sample, not ture>
    notes: !!!!!