Is there any plugin to receive and display the snmp trap ?

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

Post Reply
hbtan
Posts: 10
Joined: Wed May 30, 2007 7:47 am

Is there any plugin to receive and display the snmp trap ?

Post by hbtan »

Is there any plugin to receive and display the snmp trap informations from the specified devices ?
Or any idea to fulfill this task ?
thx a lot!
apperrault
Cacti User
Posts: 379
Joined: Fri Feb 16, 2007 11:37 am
Location: Emeryville, CA
Contact:

Post by apperrault »

I believe that the closest thing you will find is the Syslog (Haloe) plugin. I could be wrong, but I haven't seen anything.

app
[b]Cacti Version[/b] - 0.8.7b
[b]Plugin Architecture[/b] - 2.2 Beta
[b]Poller Type[/b] - CMD.php
[b]Server Info[/b] - Linux 2.6.9-78.0.1.ELsmp
[b]Web Server[/b] - Apache/2.0.52 (Red Hat)
[b]PHP[/b] - 4.3.9
[b]MySQL[/b] - 4.1.22
[b]RRDTool[/b] - 1.2.23
[b]SNMP[/b] - 5.1.2
[b]Plugins[/b][list]Global Plugin Settings (settings - v0.5)
SuperLinks (superlinks - v0.72)
Host Info (hostinfo - v0.2)
Report Creator (reports - v0.3)
Update Checker (update - v0.4)
Realtime for Cacti (realtime - v0.35)
Cacti Log View (clog - v1.1)
RRD File Cleaner (rrdclean - v0.36)
Network Discovery (discovery - v0.9)
Uptime (uptime - v0.4)[/list]
warnesj
Cacti User
Posts: 173
Joined: Sun May 29, 2005 7:34 pm

Post by warnesj »

Yup haloe will do it. I'm doing it now. You'll want to make sure that you have your Cacti server setup as a SNMP trap reciever (with Linux this is done by using snmptrapd). You can even use haloe to email you alerts based on certain traps.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

So, are you forwarding snmptrapd messages to Syslog?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
warnesj
Cacti User
Posts: 173
Joined: Sun May 29, 2005 7:34 pm

Post by warnesj »

TheWitness wrote:So, are you forwarding snmptrapd messages to Syslog?

TheWitness
Sort of. :-? My Cacti server is my SNMP trap receiver and my syslog server. When I recieve a SNMP trap it throws an entry into it's own syslog. The entries would look similar to this,

Code: Select all

Jun 21 11:38:40 src@stu snmptrapd[2657]: 2007-06-21 11:38:38 ###.###.###.###(via UDP: [###.###.###.###]:1024) TRAP, SNMP v1, community XXXXXXX  SNMPv2-MIB::snmpTraps Link Up Trap (0) Uptime: 42 days, 17:16:18.04         IF-MIB::ifIndex.287 = INTEGER: 287      IF-MIB::ifAdminStatus.287 = INTEGER: up(1)  IF-MIB::ifOperStatus.287 = INTEGER: up(1)       SNMPv2-SMI::enterprises.45.1.6.15.1.1.1.2.287 = INTEGER: 5      SNMPv2-SMI::enterprises.45.1.6.15.1.1.1.3.287 = INTEGER: 31
That's a trap for an interface coming up. Kind of messy, but it is something that you could use haloe to alert off of.

So I don't forward them off to another syslog server (if that's what you mean), but I suppose I could if I wanted to. I'm using syslog-ng and it really lets you do whatever you want with syslog messages.

This is the method that works for me, but there could be another one that I don't know of that is way simpler.
User avatar
Howie
Cacti Guru User
Posts: 5508
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

Post by Howie »

Not sure about simpler, but I use snmptt to dump all our traps into a mysql database. It keeps a bunch of the info in seperate fields, so it's easy to filter on host, oid etc. I wrote my own viewer to slice and dice the resulting table. It wouldn't be too hard to make a Cacti plugin to do the same.

snmptt has some nice things generally for trap handling.
Weathermap 0.98a is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Two very nice approaches. Howie, I like the idea of a plugin, or a forwarder to an event handler that may be on the horizon.

Larry
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
Howie
Cacti Guru User
Posts: 5508
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

Post by Howie »

I meant a plugin for the database viewer part, but if there's a more comprehensive event viewer/handler on the horizon, then wouldn't this be redundant? It's snmptt that does the initial filtering and forwarding for me...

So that would handle alerting rather than everything else depending on thold? :-) (I like thold, so I don't mind either way, but some kind of 'message rules' list to send mail there most of the time, but send a page here if it's the SAN would be handy)
Weathermap 0.98a is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)
MagicOneXXX
Cacti User
Posts: 59
Joined: Tue Dec 19, 2006 4:35 pm

Interested as well

Post by MagicOneXXX »

I'm interested in this functionality as well. Currently we use HP Insight agents on all of our servers, which can generate snmp traps that are sent to our insight manager server. But, that's all that server does, and there is talk of consolidating the snmp traps into cacti.

I thought of writing something to have snmp alerts sent to nagios (lots of info on how to do this) and then working on something like NPC to view the snmp traps in cacti. I like handling event management in cacti natively alot more than using nagios + cacti. What i'm most interested in, is having a notification system like nagios. Is this a work-in-progress or something that's planned for 0.9?

Thanks!
eternal
Cacti User
Posts: 68
Joined: Thu Dec 14, 2006 4:38 pm
Location: Kingsport TN
Contact:

Post by eternal »

Using snmptt
Hope this helps, these are the files you gotta worry about.
This will putt the snmptt logs in /var/log/snmptt.log
syslog-ng will pull it from there. I had to touch a few of the log files, it didnt create them.

From haloe then you can create alerts for device up down etc.



more /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptthandler

Code: Select all

more /etc/syslog-ng/syslog-ng.conf
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options {
  sync(0);
  time_reopen(10);
  log_fifo_size(1024);
  long_hostnames(off);
  use_dns(no);
  use_fqdn(no);
  create_dirs(no);
  keep_hostname(yes);
  };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel  { file("/var/log/kern"); };
destination snmptt { file("/var/log/snmptt.log"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                         not (facility(mail)
                             or facility(authpriv)
#                             or facility(cron)
                             or program("kernel")); };

filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
filter f_kernel      { level(info) and program("kernel"); };
filter f_snmptt      { program(snmptt); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };
log { source(s_sys); filter(f_snmptt); destination(snmptt); };
source net {
        udp();
};


destination d_mysql {
        pipe("/tmp/mysql.pipe"
         template("INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, message) VALUES ( '$HOST', '$FACILITY', '
$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
         template-escape(yes));
 };
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };
log { source(s_sys); filter(f_snmptt); destination(d_mysql); };
# vim: syntax=syslog-ng

Code: Select all

[root@mints ~]# more /etc/syslog-ng/syslog-ng.conf
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options {
  sync(0);
  time_reopen(10);
  log_fifo_size(1024);
  long_hostnames(off);
  use_dns(no);
  use_fqdn(no);
  create_dirs(no);
  keep_hostname(yes);
  };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel  { file("/var/log/kern"); };
destination snmptt { file("/var/log/snmptt.log"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                         not (facility(mail)
                             or facility(authpriv)
#                             or facility(cron)
                             or program("kernel")); };

filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
filter f_kernel      { level(info) and program("kernel"); };
filter f_snmptt      { program(snmptt); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };
log { source(s_sys); filter(f_snmptt); destination(snmptt); };
source net {
        udp();
};


destination d_mysql {
        pipe("/tmp/mysql.pipe"
         template("INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, message) VALUES ( '$HOST', '$FACILITY', '
$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
         template-escape(yes));
 };
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };
log { source(s_sys); filter(f_snmptt); destination(d_mysql); };
# vim: syntax=syslog-ng
[root@mints ~]# more /etc/snmp/snmptt.ini
#
# SNMPTT v1.2beta2 Configuration File
#
# Linux / Unix
#

[General]
# Name of this system for $H variable.  If blank, system name will be the computer's
# hostname via Sys::Hostname.
snmptt_system_name =

# Set to either 'standalone' or 'daemon'
# standalone: snmptt called from snmptrapd.conf
# daemon: snmptrapd.conf calls snmptthandler
# Ignored by Windows.  See documentation
mode = daemon

# Set to 1 to allow multiple trap definitions to be executed for the same trap.
# Set to 0 to have it stop after the first match.
# This option should normally be set to 1.  See the section 'SNMPTT.CONF Configuration
# file Notes' in the SNMPTT documentation for more information.
# Note: Wildcard matches are only matched if there are NO exact matches.  This takes
#       into consideration the NODES list.  Therefore, if there is a matching trap, but
#       the NODES list prevents it from being considered a match, the wildcard entry will
#       only be used if there are no other exact matches.
multiple_event = 0

# SNMPTRAPD passes the IP address of device sending the trap, and the IP address of the
# actual SNMP agent.  These addresses could differ if the trap was sent on behalf of another
# device (relay, proxy etc).
# If DNS is enabled, the agent IP address is converted to a host name using a DNS lookup
# (which includes the local hosts file, depending on how the OS is configured).  This name
# will be used for: NODES entry matches, hostname field in logged traps (file / database),
# and the $A variable.  Host names on the NODES line will be resolved and the IP address
# will then be used for comparing.
# Set to 0 to disable DNS resolution
# Set to 1 to enable DNS resolution
dns_enable = 1

# Set to 0 to enable the use of FQDN (Fully Qualified Domain Names).  If a host name is
# passed to SNMPTT that contains a domain name, it will not be altered in any way by
# SNMPTT.  This also affects resolve_value_ip_addresses.
# Set to 1 to have SNMPTT strip the domain name from the host name passed to it.  For
# example, server01.domain.com would be changed to server01
# Set to 2 to have SNMPTT strip the domain name from the host name passed to it
# based on the list of domains in strip_domain_list
strip_domain = 0

# List of domain names that should be stripped when strip_domain is set to 2.
# List can contain one or more domains.  For example, if the FQDN of a host is
# server01.city.domain.com and the list contains domain.com, the 'host' will be
# set as server01.city.
strip_domain_list = <<END
domain.com
END

# Configures how IP addresses contained in the VALUE of the variable bindings are handled.
# This only applies to the values for $n, $+n, $-n, $vn, $+*, $-*.
# Set to 0 to disable resolving ip address to host names
# Set to 1 to enable resolving ip address to host names
# Note: net_snmp_perl_enable *must* be enabled.  The strip_domain settings influence the
# format of the resolved host name.  DNS must be enabled (dns_enable)
resolve_value_ip_addresses = 0

# Set to 1 to enable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# This is required for $v variable substitution to work, and also for some other options
# that are enabled in this .ini file.
# Set to 0 to disable the use of the Perl module from the UCD-SNMP / NET-SNMP package.
# Note: Enabling this with stand-alone mode can cause SNMPTT to run very slowly due to
#       the loading of the MIBS at startup.
net_snmp_perl_enable = 0

# This sets the best_guess parameter used by the UCD-SNMP / NET-SNMP Perl module for
# translating symbolic nams to OIDs and vice versa.
# For UCD-SNMP, and Net-SNMP 5.0.8 and previous versions, set this value to 0.
# For Net-SNMP 5.0.9, or any Net-SNMP with patch 722075 applied, set this value to 2.
# A value of 2 is equivalent to -IR on Net-SNMP command line utilities.
# UCD-SNMP and Net-SNMP 5.0.8 and previous may not be able to translate certain formats of
# symbolic names such as RFC1213-MIB::sysDescr.  Net-SNMP 5.0.9 or patch 722075 will allow
# all possibilities to be translated.  See the FAQ section in the README for more info
net_snmp_perl_best_guess = 0

# Configures how the OID of the received trap is handled when outputting to a log file /
# database.  It does NOT apply to the $O variable.
# Set to 0 to use the default of numerical OID
# Set to 1 to translate the trap OID to short text (symbolic form) (eg: linkUp)
# Set to 2 to translate the trap OID to short text with module name (eg: IF-MIB::linkUp)
# Set to 3 to translate the trap OID to long text (eg: iso...snmpTraps.linkUp)
# Set to 4 to translate the trap OID to long text with module name (eg:
# IF-MIB::iso...snmpTraps.linkUp)
# Note: -The output of the long format will vary depending on the version of Net-SNMP you
#        are using.
#       -net_snmp_perl_enable *must* be enabled
#       -If using database logging, ensure the trapoid column is large enough to hold the
#        entire line
translate_log_trap_oid = 1

# Configures how OIDs contained in the VALUE of the variable bindings are handled.
# This only applies to the values for $n, $+n, $-n, $vn, $+*, $-*.  For substitutions
# that include variable NAMES ($+n etc), only the variable VALUE is affected.
# Set to 0 to disable translating OID values to text (symbolic form)
# Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm)
# Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm)
# Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm)
# Set to 4 to translate OID values to long text with module name (eg:
# UPS-MIB::iso...upsAlarm.BuildingAlarm)
# For example, if the value contained: 'A UPS Alarm (.1.3.6.1.4.1.534.1.7.12) has cleared.',
# it could be translated to: 'A UPS Alarm (UPS-MIB::BuildingAlarm) has cleared.'
# Note: net_snmp_perl_enable *must* be enabled
translate_value_oids = 1

# Configures how the symbolic enterprise OID will be displayed for $E.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable *must* be enabled
translate_enterprise_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $O.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable *must* be enabled
translate_trap_oid_format = 1

# Configures how the symbolic trap OID will be displayed for $v, $-n, $+n, $-* and $+*.
# Set to 1, 2, 3 or 4.  See translate_value_oids options 1,2,3 and 4.
# Note: net_snmp_perl_enable *must* be enabled
translate_varname_oid_format = 1

# Set to 0 to disable converting INTEGER values to enumeration tags as defined in the
# MIB files
# Set to 1 to enable converting INTEGER values to enumeration tags as defined in the
# MIB files
# Example: moverDoorState:open instead of moverDoorState:2
# Note: net_snmp_perl_enable *must* be enabled
translate_integers = 1

# Allows you to set the MIBS environment variable used by SNMPTT
# Leave blank or comment out to have the systems enviroment settings used
# To have all MIBS processed, set to ALL
# See the snmp.conf manual page for more info
mibs_environment = ALL

# Set what is used to separate variables when wildcards are expanded on the FORMAT /
# EXEC line.  Defaults to a space.  Value MUST be within quotes.  Can contain 1 or
# more characters
wildcard_expansion_separator = " "

# Set to 1 to allow unsafe REGEX code to be executed.
# Set to 0 to prevent unsafe REGEX code from being executed (default).
# Enabling unsafe REGEX code will allow variable interopolation and the use of the e
# modifier to allow statements such as substitution with captures such
# as:            (one (two) three)(five $1 six)
# which outputs: five two six
# or:            (one (two) three)("five ".length($1)." six")e
# which outputs: five 3 six
#
# This is considered unsafe because the contents of the regular expression
# (right) is executed (eval) by Perl which *could contain unsafe code*.
# BE SURE THAT THE SNMPTT CONFIGURATION FILES ARE SECURE!
allow_unsafe_regex = 0

# Set to 1 to have the backslash (escape) removed from quotes passed from
# snmptrapd.  For example, \" would be changed to just "
# Set to 0 to disable
remove_backslash_from_quotes = 0

# Set to 1 to have NODES files loaded each time a trap is processed.
# Set to 0 to have all NODES files loaded when the snmptt.conf files are loaded.
# If NODES files are used (files that contain lists of NODES), then setting to 1
# will cause the list to be loaded each time an EVENT is processed that uses
# NODES files.  This will allow the NODES file to be modified while SNMPTT is
# running but can result in many file reads depending on the number of traps
# received.  Defaults to 0
dynamic_nodes = 0

# This option allows you to use the $D substitution variable to include the
# description text from the SNMPTT.CONF or MIB files.
# Set to 0 to disable the $D substitution variable.  If $D is used, nothing
#  will be outputted.
# Set to 1 to enable the $D substitution variable and have it use the
#  descriptions stored in the SNMPTT .conf files.  Enabling this option can
#  greatly increase the amount of memory used by SNMPTT.
# Set to 2 to enable the $D substitution variable and have it use the
#  description from the MIB files.  This enables the UCD-SNMP / NET-SNMP Perl
#  module save_descriptions variable.  Enabling this option can greatly
#  increase the amount of memory used by the Net-SNMP SNMP Perl module, which
#  will result in an increase of memory usage by SNMPTT.
description_mode = 0

# Set to 1 to remove any white space at the start of each line from the MIB
# or SNMPTT.CONF description when description_mode is set to 1 or 2.
description_clean = 1

# Set to 1 to enable threads (ithreads) in Perl 5.6.0 or higher.  If enabled,
# EXEC will launch in a thread to allow SNMPTT to continue processing other
# traps.  See also threads_max.
# Set to 0 to disable threads (ithreads).
# Defaults to 0
threads_enable = 0

# This option allows you to set the maximum number of threads that will
# execute at once.  Defaults to 10
threads_max = 10

# The date format for $x in strftime() format.  If not defined, defaults
# to %a %b %e %Y.
#date_format = %a %b %e %Y

# The time format for $X in strftime() format.  If not defined, defaults
# to %H:%M:%S.
#time_format = %H:%M:%S

# The date time format in strftime() format for the date/time when logging
# to standard output, snmptt log files (log_file) and the unknown log file
# (unknown_trap_log_file).  Defaults to localtime().  For SQL, see
# date_time_format_sql.
# Example:  %a %b %e %Y %H:%M:%S
#date_time_format =

[DaemonMode]
# Set to 1 to have snmptt fork to the background when run in daemon mode
# Ignored by Windows.  See documentation
daemon_fork = 1

# Set to the numerical user id (eg: 500) or textual user id (eg: snmptt)
# that snmptt should change to when running in daemon mode.  Leave blank
# to disable.  The user used should have read/write access to all log
# files, the spool folder, and read access to the configuration files.
daemon_uid = 500foo

# Directory to read received traps from.  Ex: /var/spool/snmptt/
# Don't forget the trailing slash!
spool_directory = /var/spool/snmptt/

# Amount of time in seconds to sleep between processing spool files
sleep = 5

# Set to 1 to have SNMPTT use the time that the trap was processed by SNMPTTHANDLER
# Set to 0 to have SNMPTT use the time the trap was processed.  Note:  Using 0 can
# result in the time being off by the number of seconds used for 'sleep'
use_trap_time = 1

# Set to 0 to have SNMPTT erase the spooled trap file after it attempts to process
# the trap even if it did not successfully log the trap to any of the log systems.
# Set to 1 to have SNMPTT erase the spooled trap file only after it successfully
# logs to at least ONE log system.
# Set to 2 to have SNMPTT erase the spooled trap file only after it successfully
# logs to ALL of the enabled log systems.  Warning:  If multiple log systems are
# enabled and only one fails, the other log system will continuously be logged to
# until ALL of the log systems function.
# The recommended setting is 1 with only one log system enabled.
keep_unlogged_traps = 1

[Logging]
# Set to 1 to enable messages to be sent to standard output, or 0 to disable.
# Would normally be disabled unless you are piping this program to another
stdout_enable = 0

# Set to 1 to enable text logging.  Make sure you specify a logfile location
log_enable = 1

# Log file location.  The COMPLETE path and filename.  Ex: '/var/log/snmptt.log'
log_file = /var/log/snmptt.log

# Set to 1 to enable logging of unknown traps.  This should normally be left off
# as the file could grow large quickly.  Used primarily for troubleshooting.  If
# you have defined a trap in snmptt.conf, but it is not executing, enable this to
# see if it is being considered an unknown trap due to an incorrect entry or
# simply missing from the snmptt.conf file.
# Unknown traps can be logged either a text file, a SQL table or both.
# See SQL section to define a SQL table to log unknown traps to.
unknown_trap_log_enable = 1

# Unknown trap log file location.  The COMPLETE path and filename.
# Ex: '/var/log/snmpttunknown.log'
# Leave blank to disable logging to text file if logging to SQL is enabled
# for unknown traps
unknown_trap_log_file = /var/log/snmpttunknown.log

# How often in seconds statistics should be logged to syslog or the event log.
# Set to 0 to disable
# 1 hour = 216000
# 12 hours = 2592000
# 24 hours = 5184000
statistics_interval = 0

# Set to 1 to enable logging of *TRAPS* to syslog.  If you do not have the Sys::Syslog
# module then disable this.  Windows users should disable this.
syslog_enable = 1

# Syslog facility to use for logging of *TRAPS*.  For example: 'local0'
syslog_facility = local0

# Set the syslog level for *TRAPS* based on the severity level of the trap
# as defined in the snmptt.conf file.  Values must be one per line between
# the syslog_level_* and END lines, and are not case sensitive.  For example:
#   Warning
#   Critical
# Duplicate definitions will use the definition with the higher severity.
syslog_level_debug = <<END
END
syslog_level_info = <<END
END
syslog_level_notice = <<END
END
syslog_level_warning = <<END
END
syslog_level_err = <<END
END
syslog_level_crit = <<END
END
syslog_level_alert = <<END
END

# Syslog default level to use for logging of *TRAPS*.  For example: warning
# Valid values: emerg, alert, crit, err, warning, notice, info, debug
syslog_level = info

# Set to 1 to enable logging of *SNMPTT system errors* to syslog.  If you do not have the
# Sys::Syslog module then disable this.  Windows users should disable this.
syslog_system_enable = 1

# Syslog facility to use for logging of *SNMPTT system errors*.  For example: 'local0'
syslog_system_facility = local0

# Syslog level to use for logging of *SNMPTT system errors*..  For example: 'warning'
# Valid values: emerg, alert, crit, err, warning, notice, info, debug
syslog_system_level = warning

[SQL]
# Determines if the enterprise column contains the numeric OID or symbolic OID
# Set to 0 for numeric OID
# Set to 1 for symbolic OID
# Uses translate_enterprise_oid_format to determine format
# Note: net_snmp_perl_enable *must* be enabled
db_translate_enterprise = 0

# FORMAT line to use for unknown traps.  If not defined, defaults to $-*.
db_unknown_trap_format = '$-*'

# List of custom SQL column names and values for the table of received traps
# (defined by *_table below).  The format is
#   column name
#   value
#
# For example:
#
#   binding_count
#   $#
#   uptime2
#   The agent has been up for $T.
sql_custom_columns = <<END
END

# List of custom SQL column names and values for the table of unknown traps
# (defined by *_table_unknown below).  See sql_custom_columns for the format.
sql_custom_columns_unknown = <<END
END

# MySQL: Set to 1 to enable logging to a MySQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::mysql
mysql_dbi_enable = 0

# MySQL: Hostname of database server (optional - default localhost)
mysql_dbi_host = localhost

# MySQL: Port number of database server (optional - default 3306)
mysql_dbi_port = 3306

# MySQL: Database to use
mysql_dbi_database = snmptt

# MySQL: Table to use
mysql_dbi_table = snmptt

# MySQL: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to MySQL
# Note: unknown_trap_log_enable must be enabled.
mysql_dbi_table_unknown = snmptt_unknown

# MySQL: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#mysql_dbi_table_statistics = snmptt_statistics
mysql_dbi_table_statistics =

# MySQL: Username to use
mysql_dbi_username = snmpttuser

# MySQL: Password to use
mysql_dbi_password = password

# MySQL: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on mysql_ping_interval.
mysql_ping_on_insert = 1

# MySQL: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on mysql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
mysql_ping_interval = 300

# PostgreSQL: Set to 1 to enable logging to a PostgreSQL database via DBI (Linux / Windows)
# This requires DBI:: and DBD::PgPP
postgresql_dbi_enable = 0

# Set to 0 to use the DBD::PgPP module
# Set to 1 to use the DBD::Pg module
postgresql_dbi_module = 0

# Set to 0 to disable host and port network support
# Set to 1 to enable host and port network support
# If set to 1, ensure PostgreSQL is configured to allow connections via TCPIP by setting
# tcpip_socket = true in the $PGDATA/postgresql.conf file, and adding the ip address of
# the SNMPTT server to $PGDATApg_hba.conf.  The common location for the config files for
# RPM installations of PostgreSQL is /var/lib/pgsql/data.
postgresql_dbi_hostport_enable = 0

# PostgreSQL: Hostname of database server (optional - default localhost)
postgresql_dbi_host = localhost

# PostgreSQL: Port number of database server (optional - default 5432)
postgresql_dbi_port = 5432

# PostgreSQL: Database to use
postgresql_dbi_database = snmptt

# PostgreSQL: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to PostgreSQL
# Note: unknown_trap_log_enable must be enabled.
postgresql_dbi_table_unknown = snmptt_unknown

# PostgreSQL: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#postgresql_dbi_table_statistics = snmptt_statistics
postgresql_dbi_table_statistics =

# PostgreSQL: Table to use
postgresql_dbi_table = snmptt

# PostgreSQL: Username to use
postgresql_dbi_username = snmpttuser

# PostgreSQL: Password to use
postgresql_dbi_password = password

# PostgreSQL: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on postgresqll_ping_interval.
postgresql_ping_on_insert = 1

# PostgreSQL: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on postgresql_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
postgresql_ping_interval = 300

# ODBC: Set to 1 to enable logging to a database via ODBC using DBD::ODBC.
# This requires both DBI:: and DBD::ODBC
dbd_odbc_enable = 0

# DBD:ODBC: Database to use
dbd_odbc_dsn = snmptt

# DBD:ODBC: Table to use
dbd_odbc_table = snmptt

# DBD:ODBC: Table to use for unknown traps
# Leave blank to disable logging of unknown traps to DBD:ODBC
# Note: unknown_trap_log_enable must be enabled.
dbd_odbc_table_unknown = snmptt_unknown

# DBD:ODBC: Table to use for statistics
# Note: statistics_interval must be set.  See also stat_time_format_sql.
#dbd_odbc_table_statistics = snmptt_statistics
dbd_odbc_table_statistics =

# DBD:ODBC: Username to use
dbd_odbc_username = snmptt

# DBD:DBC:: Password to use
dbd_odbc_password = password


# DBD:ODBC: Whether or not to 'ping' the database before attempting an INSERT
# to ensure the connection is still valid.  If *any* error is generate by
# the ping such as 'Unable to connect to database', it will attempt to
# re-create the database connection.
# Set to 0 to disable
# Set to 1 to enable
# Note:  This has no effect on dbd_odbc_ping_interval.
dbd_odbc_ping_on_insert = 1

# DBD:ODBC:: How often in seconds the database should be 'pinged' to ensure the
# connection is still valid.  If *any* error is generate by the ping such as
# 'Unable to connect to database', it will attempt to re-create the database
# connection.  Set to 0 to disable pinging.
# Note:  This has no effect on dbd_odbc_ping_on_insert.
# disabled = 0
# 5 minutes = 300
# 15 minutes = 900
# 30 minutes = 1800
dbd_odbc_ping_interval = 300

# The date time format for the traptime column in SQL.  Defaults to
# localtime().  When a date/time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example:  For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
#date_time_format_sql =

# The date time format for the stat_time column in SQL.  Defaults to
# localtime().  When a date/time field is used in SQL, this should
# be changed to follow a standard that is supported by the SQL server.
# Example:  For a MySQL DATETIME, use %Y-%m-%d %H:%M:%S.
#stat_time_format_sql =

[Exec]

# Set to 1 to allow EXEC statements to execute.  Should normally be left on unless you
# want to temporarily disable all EXEC commands
exec_enable = 1

# Set to 1 to allow PREEXEC statements to execute.  Should normally be left on unless you
# want to temporarily disable all PREEXEC commands
pre_exec_enable = 1

# If defined, the following command will be executed for ALL unknown traps.  Passed to the
# command will be all standard and enterprise variables, similar to unknown_trap_log_file
# but without the newlines.
unknown_trap_exec =

# FORMAT line that is passed to the unknown_trap_exec command.  If not defined, it
# defaults to what is described in the unknown_trap_exec setting.  The following
# would be *similar* to the default described in the unknown_trap_exec setting
# (all on one line):
# $x !! $X: Unknown trap ($o) received from $A at: Value 0: $A Value 1: $aR
# Value 2: $T Value 3: $o Value 4: $aA Value 5: $C Value 6: $e Ent Values: $+*
unknown_trap_exec_format =

# Set to 1 to escape wildards (* and ?) in EXEC, PREEXEC and the unknown_trap_exec
# commands.  Enable this to prevent the shell from expanding the wildcard
# characters.  The default is 1.
exec_escape = 1

[Debugging]
# 0 - do not output messages
# 1 - output some basic messages
# 2 - out all messages
DEBUGGING = 2

# Debugging file - SNMPTT
# Location of debugging output file.  Leave blank to default to STDOUT (good for
# standalone mode, or daemon mode without forking)
#DEBUGGING_FILE =
DEBUGGING_FILE = /var/log/snmptt.debug

# Debugging file - SNMPTTHANDLER
# Location of debugging output file.  Leave blank to default to STDOUT
#DEBUGGING_FILE_HANDLER =
DEBUGGING_FILE_HANDLER = /var/log/snmptthandler.debug

[TrapFiles]
# A list of snmptt.conf files (this is NOT the snmptrapd.conf file).  The COMPLETE path
# and filename.  Ex: '/etc/snmp/snmptt.conf'
snmptt_conf_files = <<END
/etc/snmp/snmptt.conf
/etc/snmp/snmptt-juniper.conf
/etc/snmp/snmptt-cisco.conf
/etc/snmp/snmptt-ons.conf
/etc/snmp/snmptt-extreme.conf
END
The code to convert mibs into conf files for snmptt
Thanks to people over at http://cactiusers.org/ for all of this

Code: Select all

#!/usr/bin/perl

sub getfiles {

opendir(DIR,"StandardMibs");

while($file = readdir(DIR)) {

if($file !~ /^\./) {

foreach $all ($file) {

system("./snmpttconvertmib --in=StandardMibs/$all --out=/etc/snmp/snmptt-extreme.conf");
print "$all\n";
}
}
}
closedir(DIR);
}

&getfiles;
cigamit
Developer
Posts: 3369
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

Post by cigamit »

I used to use snmptt but found it couldn't scale. I found it died at around 50 per second for me.

As a side note, windows (2000?) snmp trap event manager would sometimes re-send all the events (like on a reboot, it would resend all events currently in the event log, meaning everything for the last 30 days). Which just made using the traps a pain for me, which is why I switched to syslog. Searching the forums and you can probably find my trap viewer I had.

The same server under syslog-ng can handle 600/sec sustained without any issues. I have hit upwards of 2000/s with elevated server loads, but adding rules to remove the offending syslog message brought the load down to nothing.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Have you performed any optimization to the syslog tables? You should turn on slow logging in MySQL and also enable logging of queries without indexes and post your results. Jimmy would be very interested in your findings. You can look to Mysql.com for more information on setting such things up.

Just a note, my "brief" investigation found that the syslog tables are not optimal. If they were optimized, you could push even more out of this plugin.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
MSBS
Posts: 6
Joined: Mon Jul 09, 2007 4:57 am

Post by MSBS »

eternal wrote:Using snmptt
Hope this helps, these are the files you gotta worry about.
This will putt the snmptt logs in /var/log/snmptt.log
syslog-ng will pull it from there. I had to touch a few of the log files, it didnt create them.

From haloe then you can create alerts for device up down etc.



more /etc/snmp/snmptrapd.conf
traphandle default /usr/sbin/snmptthandler

Code: Select all

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

filter f_snmptt      { program(snmptt); };

source net {
        udp();
};


destination d_mysql {
        pipe("/tmp/mysql.pipe"
         template("INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, message) VALUES ( '$HOST', '$FACILITY', '
$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
         template-escape(yes));
 };
log { source(net); destination(d_mysql); };
log { source(s_sys); filter(f_snmptt); destination(d_mysql); };
Hi,

I'm using Syslog plugin (haloe), snmptt and syslog-ng with a configuration like yours. I can see all entries in syslog tab, but while all syslog entries have the correct host, trap entries have always the same host (localhost). Are you getting the same behaviour? or better... anyone know how to fix it?

Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests