Linux

snmptt 不翻譯陷阱,即使 translate_log_trap_oid=1

  • March 28, 2015

我在配置snmptt正確翻譯 snmp 陷阱時遇到了一些問題。

以下是一個問題:

/etc/snmp/snmptt.conf 反映:

EVENT fgFmTrapIfChange .1.3.6.1.4.1.12356.101.6.0.1004 "Status Events" Critical
FORMAT $*
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r "snmp_traps" 2 "$O: $+*" "$*"
SDESC

Trap is sent to the managing FortiManager if an interface IP is changed
Variables:
 1: fnSysSerial
 2: ifName
 3: fgManIfIp
 4: fgManIfMask
EDESC

當收到陷阱時,/var/log/messages 反映:

Sep  6 12:07:32 SNMPMANAGERHOST snmptrapd[15385]:
2012-09-06 12:07:32 <UNKNOWN>
[UDP:
[192.168.100.2]:162->[192.168.100.31]]:
#012.1.3.6.1.2.1.1.3.0 = Timeticks: (707253943) 81 days, 20:35:39.43
#011.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.12356.101.6.0.1004
#011.1.3.6.1.4.1.12356.100.1.1.1.0 = STRING: FGTNNNNNNNNN
#011.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: internal4
#011.1.3.6.1.4.1.12356.101.6.2.1.0 = IpAddress: 192.168.65.100
#011.1.3.6.1.4.1.12356.101.6.2.2.0 = IpAddress: 255.255.255.0

Sep  6 12:07:37 SNMPMANAGERHOST icinga:
EXTERNAL COMMAND:
PROCESS_SERVICE_CHECK_RESULT;
192.168.100.2;
snmp_traps;
2;
enterprises.12356.101.6.0.1004: enterprises.12356.100.1.1.1.0:FGTNNNNNNNNN ifName.10:internal4 enterprises.12356.101.6.2.1.0:192.168.65.100 enterprises.12356.101.6.2.2.0:255.255.255.0

由於該icinga條目反映了EXEC,很明顯沒有發生翻譯snmptt

我已經驗證translate_log_trap_oidnet_snmp_perl_enablesnmptt.ini

使用--debug=1to start 時snmptt,我看到以下內容--debugfile

********** Net-SNMP version 5.05 Perl module enabled **********

主要 NET-SNMP 版本報告為NET-SNMP version: 5.5.

還可以做些什麼來驗證是否snmptt已正確配置以翻譯陷阱?

我已經執行snmptt-net-snmp-test以驗證我已正確安裝的任何 net-snmp-perl 版本是否支持翻譯。輸出表明確實如此。

/root/snmptt_1.3/snmptt-net-snmp-test --best_guess=2

SNMPTT Net-SNMP Test v1.0
(c) 2003 Alex Burger
http://snmptt.sourceforge.net

MIBS:RFC1213-MIB
best_guess: 2


Testing translateObj
********************

Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=disabled
Test passed.  Result: sysDescr

Testing: .1.3.6.1.2.1.1.1, long_names=disabled, include_module=enabled
Test passed.  Result: RFC1213-MIB::sysDescr

Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=disabled
Test passed.  Result: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr

Testing: .1.3.6.1.2.1.1.1, long_names=enabled, include_module=enabled
Test passed.  Result: RFC1213-MIB::.iso.org.dod.internet.mgmt.mib-2.system.sysDescr

Testing: sysDescr, long_names=disabled, include_module=disabled
Test passed.  Result: .1.3.6.1.2.1.1.1

Testing: RFC1213-MIB::sysDescr, long_names=disabled, include_module=disabled
Test passed.  Result: .1.3.6.1.2.1.1.1

Testing: system.sysDescr, long_names=disabled, include_module=disabled
Test passed.  Result: .1.3.6.1.2.1.1.1

Testing: RFC1213-MIB::system.sysDescr, long_names=disabled, include_module=disabled
Test passed.  Result: .1.3.6.1.2.1.1.1

Testing: .iso.org.dod.internet.mgmt.mib-2.system.sysDescr, long_names=disabled, include_module=disabled
Test passed.  Result: .1.3.6.1.2.1.1.1


Testing getType
***************

Testing: .1.3.6.1.2.1.4.1
Test passed.  Result: INTEGER

Testing: ipForwarding
Test passed.  Result: INTEGER


Testing Description
*******************
Test passed.  Result:
-------------------------------------------------
The indication of whether this entity is acting
as an IP gateway in respect to the forwarding of
datagrams received by, but not addressed to, this
entity.  IP gateways forward datagrams.  IP hosts
do not (except those source-routed via the host).
Note that for some managed nodes, this object may
take on only a subset of the values possible.
Accordingly, it is appropriate for an agent to
return a `badValue' response if a management
station attempts to change this object to an
inappropriate value.
-------------------------------------------------

我已經手動檢查了 MIB 中沒有解析的定義,並驗證了它是否正確連結回正確解析的定義。這是:

FORTINET-FORTIGATE-MIB.txt contains:

fgFmTrapIfChange NOTIFICATION-TYPE
   OBJECTS     { fnSysSerial, ifName, fgManIfIp, fgManIfMask }
   STATUS      current
   DESCRIPTION
       "Trap is sent to the managing FortiManager if an interface IP is changed"
   ::= { fgFmTrapPrefix 1004 }


fgFmTrapPrefix OBJECT IDENTIFIER
   ::= { fgMgmt 0 }

fgMgmt OBJECT IDENTIFIER
   ::= { fnFortiGateMib 6 }

fnFortiGateMib
   ::= { fortinet 101 }

IMPORTS
   FnBoolState, FnIndex, fnAdminEntry, fnSysSerial, fortinet
       FROM FORTINET-CORE-MIB

fortinet MODULE-IDENTITY
   ::= { enterprises 12356 }

LOOKS GOOD!!!!!
1.3.6.1.4.1.12356.101.6.0.1004

我已經用盡了所有的文件,甚至在snmptt-users 郵件列表中毫無結果地發布。

我無法證明它是 MIB。

為什麼snmptt翻譯陷阱會失敗?

簡單地:

  • $O = 企業.12356.101.6.0.1004
  • 當 $O 應該 = fgFmTrapIfChange

謝謝,

馬特

$$ UPDATE $$

snmptt.ini

snmptrapd.conf:

authCommunity log,execute,net communitystr
traphandle default /usr/bin/snmptthandler

snmptt.conf

MIB 沒有被翻譯的陷阱存在(並且它被引用 MIB)。

請注意,linkUp 和 linkDown 正在正確翻譯。

$$ UPDATE 2 $$

我還測試了另一個不是包含在 net-snmp 包中的預設 MIB 的 MIB,並且這個 MIB 也無法解析。

$$ UPDATE 3 $$

如果我在 snmptt.ini 中設置以下內容:

mode = standalone

我在 snmptrapd.conf 中設置了以下內容:

traphandle default /usr/sbin/snmptt --ini=/etc/snmp/snmptt.ini

我能夠按預期翻譯陷阱。

這意味著/usr/sbin/snmptt用於守護程序的任何方法都可能無法訪問 MIB,或者可能正在做與描述不同的事情。其中包含的文件snmptt.ini可能會包含我尋求的答案。

$$ [ SOLUTION $$]

設置mibs_environment = ALLsnmptt.ini

描述:

# Allows you to set the MIBS environment variable used by SNMPTT
# Leave blank or comment out to have the systems enviroment settings used
# To have all MIBS processed, set to ALL
# See the snmp.conf manual page for more info.

mibs_environment = ALL``snmptt.ini即使 snmptrapd 以開頭-m ALL(其中ALL是一個包含所有 MIB 的萬用字元語句)也必須設置為

$$ defined within the files $$). \這。

不久前我在聊天視窗中發布了這個,但看起來你可能已經離開了。您的 snmptt.ini 文件具有以下翻譯選項集:

translate_log_trap_oid = 1
translate_value_oids = 1
translate_enterprise_oid_format = 1
translate_trap_oid_format = 0
translate_varname_oid_format = 0
translate_integers = 1

有趣的是“translate_trap_oid_format”,它會影響 $O 的值。有效值為 0 - 4,其中 0 關閉翻譯,其餘在 snmptt.ini 中列出 –

Set to 0 to disable translating OID values to text (symbolic form)
Set to 1 to translate OID values to short text (symbolic form) (eg: BuildingAlarm)
Set to 2 to translate OID values to short text with module name (eg: UPS-MIB::BuildingAlarm)
Set to 3 to translate OID values to long text (eg: iso...upsAlarm.BuildingAlarm)
Set to 4 to translate OID values to long text with module name (eg:UPS-MIB::iso...upsAlarm.BuildingAlarm)

引用自:https://serverfault.com/questions/425077