snmptt 不翻譯陷阱,即使 translate_log_trap_oid=1
我在配置
snmptt
正確翻譯 snmp 陷阱時遇到了一些問題。以下是一個問題:
/etc/snmp/snmptt.conf 反映:
EVENT fgFmTrapIfChange .1.3.6.1.4.1.12356.101.6.0.1004 "Status Events" Critical FORMAT $* EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r "snmp_traps" 2 "$O: $+*" "$*" SDESC Trap is sent to the managing FortiManager if an interface IP is changed Variables: 1: fnSysSerial 2: ifName 3: fgManIfIp 4: fgManIfMask EDESC
當收到陷阱時,/var/log/messages 反映:
Sep 6 12:07:32 SNMPMANAGERHOST snmptrapd[15385]: 2012-09-06 12:07:32 <UNKNOWN> [UDP: [192.168.100.2]:162->[192.168.100.31]]: #012.1.3.6.1.2.1.1.3.0 = Timeticks: (707253943) 81 days, 20:35:39.43 #011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.12356.101.6.0.1004 #011.1.3.6.1.4.1.12356.100.1.1.1.0 = STRING: FGTNNNNNNNNN #011.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: internal4 #011.1.3.6.1.4.1.12356.101.6.2.1.0 = IpAddress: 192.168.65.100 #011.1.3.6.1.4.1.12356.101.6.2.2.0 = IpAddress: 255.255.255.0 Sep 6 12:07:37 SNMPMANAGERHOST icinga: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT; 192.168.100.2; snmp_traps; 2; enterprises.12356.101.6.0.1004: enterprises.12356.100.1.1.1.0:FGTNNNNNNNNN ifName.10:internal4 enterprises.12356.101.6.2.1.0:192.168.65.100 enterprises.12356.101.6.2.2.0:255.255.255.0
由於該
icinga
條目反映了EXEC
,很明顯沒有發生翻譯snmptt
。我已經驗證
translate_log_trap_oid
並net_snmp_perl_enable
在snmptt.ini
使用
--debug=1
to start 時snmptt
,我看到以下內容--debugfile
:********** Net-SNMP version 5.05 Perl module enabled **********
主要 NET-SNMP 版本報告為
NET-SNMP version: 5.5
.還可以做些什麼來驗證是否
snmptt
已正確配置以翻譯陷阱?我已經執行
snmptt-net-snmp-test
以驗證我已正確安裝的任何 net-snmp-perl 版本是否支持翻譯。輸出表明確實如此。/root/snmptt_1.3/snmptt-net-snmp-test --best_guess=2 SNMPTT Net-SNMP Test v1.0 (c) 2003 Alex Burger http://snmptt.sourceforge.net MIBS:RFC1213-MIB best_guess: 2 Testing translateObj ******************** Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=disabled Test passed. Result: sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=enabled Test passed. Result: RFC1213-MIB::sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=disabled Test passed. Result: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=enabled Test passed. Result: RFC1213-MIB::.iso.org.dod.internet.mgmt.mib-2.system.sysDescr Testing: sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: RFC1213-MIB::sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: RFC1213-MIB::system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr, long_names=disabled, include_module=disabled Test passed. Result: .1.3.6.1.2.1.1.1 Testing getType *************** Testing: .1.3.6.1.2.1.4.1 Test passed. Result: INTEGER Testing: ipForwarding Test passed. Result: INTEGER Testing Description ******************* Test passed. Result: ------------------------------------------------- The indication of whether this entity is acting as an IP gateway in respect to the forwarding of datagrams received by, but not addressed to, this entity. IP gateways forward datagrams. IP hosts do not (except those source-routed via the host). Note that for some managed nodes, this object may take on only a subset of the values possible. Accordingly, it is appropriate for an agent to return a `badValue' response if a management station attempts to change this object to an inappropriate value. -------------------------------------------------
我已經手動檢查了 MIB 中沒有解析的定義,並驗證了它是否正確連結回正確解析的定義。這是:
FORTINET-FORTIGATE-MIB.txt contains: fgFmTrapIfChange NOTIFICATION-TYPE OBJECTS { fnSysSerial, ifName, fgManIfIp, fgManIfMask } STATUS current DESCRIPTION "Trap is sent to the managing FortiManager if an interface IP is changed" ::= { fgFmTrapPrefix 1004 } fgFmTrapPrefix OBJECT IDENTIFIER ::= { fgMgmt 0 } fgMgmt OBJECT IDENTIFIER ::= { fnFortiGateMib 6 } fnFortiGateMib ::= { fortinet 101 } IMPORTS FnBoolState, FnIndex, fnAdminEntry, fnSysSerial, fortinet FROM FORTINET-CORE-MIB fortinet MODULE-IDENTITY ::= { enterprises 12356 } LOOKS GOOD!!!!! 1.3.6.1.4.1.12356.101.6.0.1004
我已經用盡了所有的文件,甚至在snmptt-users 郵件列表中毫無結果地發布。
我無法證明它是 MIB。
為什麼
snmptt
翻譯陷阱會失敗?簡單地:
- $O = 企業.12356.101.6.0.1004
- 當 $O 應該 = fgFmTrapIfChange
謝謝,
馬特
$$ UPDATE $$
snmptrapd.conf:
authCommunity log,execute,net communitystr traphandle default /usr/bin/snmptthandler
MIB 沒有被翻譯的陷阱存在(並且它被引用 MIB)。
請注意,linkUp 和 linkDown 正在正確翻譯。
$$ UPDATE 2 $$
我還測試了另一個不是包含在 net-snmp 包中的預設 MIB 的 MIB,並且這個 MIB 也無法解析。
$$ UPDATE 3 $$
如果我在 snmptt.ini 中設置以下內容:
mode = standalone
我在 snmptrapd.conf 中設置了以下內容:
traphandle default /usr/sbin/snmptt --ini=/etc/snmp/snmptt.ini
我能夠按預期翻譯陷阱。
這意味著
/usr/sbin/snmptt
用於守護程序的任何方法都可能無法訪問 MIB,或者可能正在做與描述不同的事情。其中包含的文件snmptt.ini
可能會包含我尋求的答案。$$ [ SOLUTION $$]
設置
mibs_environment = ALL
在snmptt.ini
描述:
# Allows you to set the MIBS environment variable used by SNMPTT # Leave blank or comment out to have the systems enviroment settings used # To have all MIBS processed, set to ALL # See the snmp.conf manual page for more info.
mibs_environment = ALL``snmptt.ini
即使 snmptrapd 以開頭-m ALL
(其中ALL
是一個包含所有 MIB 的萬用字元語句)也必須設置為$$ defined within the files $$). \這。
不久前我在聊天視窗中發布了這個,但看起來你可能已經離開了。您的 snmptt.ini 文件具有以下翻譯選項集:
translate_log_trap_oid = 1 translate_value_oids = 1 translate_enterprise_oid_format = 1 translate_trap_oid_format = 0 translate_varname_oid_format = 0 translate_integers = 1
有趣的是“translate_trap_oid_format”,它會影響 $O 的值。有效值為 0 - 4,其中 0 關閉翻譯,其餘在 snmptt.ini 中列出 –
Set to 0 to disable translating OID values to text (symbolic form) Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm) Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm) Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm) Set to 4 to translate OID values to long text with module name (eg:UPS-MIB::iso...upsAlarm.BuildingAlarm)