Welcome to docs.opsview.com

SNMP Trap Processing Setup - Linux

Overview

Opsview supports SNMP Trap Processing using a perl-based rules engine, allowing you to match specific traps from devices on your network and generate appropriate alerts. In order to do this, SNMP traps must be passed from the operating system to Opsview - this page details how to set this up for Debian and RedHat GNU/Linux distributions.

From Opsview 3.9.1, you can integrate Opsview with Solarwinds' trap forwarding. Set Solarwinds to forward traps to an Opsview master or slave (depending on the host being monitored) and Opsview will automatically set the trap to be originating from the initial host.

Configuration

MIBs for specific devices should be put into /usr/local/nagios/snmp/load. The configuration steps below will reference this directory to load these MIBs.

Solarwinds Integration

You must add Solarwinds' MIBs into the Opsview master and any slave systems for the trap forwarding to work. If this MIB is loaded, traps received will contain the key SOLARWINDS-TRAPS::nodeIP. Future traps will then use the IP for this key as the host IP, rather than the IP address in the trap itself (which would be the Solarwinds server).

Implementation

Debian/Ubuntu

Firstly, install snmpd and snmptrapd using:

aptitude install snmpd

Edit /etc/snmp/snmpd.conf (or /etc/sma/snmp/snmp.conf on Solaris) and uncomment “master agentx”.

On Debian/Ubuntu also add in the following line:

mibdirs +/usr/local/nagios/snmp/load

On CentOS/RHEL the mibdirs change should be made in file /etc/snmp/snmp.conf instead.

Edit /etc/default/snmpd. Set:

TRAPDRUN=yes
TRAPDOPTS='-t -m ALL -M /usr/share/snmp/mibs:/usr/local/nagios/snmp/load -p /var/run/snmptrapd.pid'
SNMPDOPTS='-u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid'

Note: If you want to restrict the interface that the snmpd daemon binds to, add it to the end of the SNMPDOPTS line, eg to only listen on the loopback interface:

SNMPDOPTS='-u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid 127.0.0.1'

Edit /etc/snmp/snmptrapd.conf and ensure it contains only the following line:

traphandle default /usr/local/nagios/bin/snmptrap2nagios

Restart snmpd and snmptrapd:

/etc/init.d/snmpd restart

Add an entry into sudo to allow Opsview to restart snmpd and snmptrapd:

nagios ALL=NOPASSWD: /usr/local/nagios/bin/snmpd reload

Test with:

su - nagios
sudo /usr/local/nagios/bin/snmpd reload

You may get errors such as:

NET-SNMP version 5.2.3 AgentX subagent connected
registering pdu failed: 263!
registering pdu failed: 263!
registering pdu failed: 263!

These can be ignored (?).

If the test is successful, restart opsview as root using

/etc/init.d/opsview-web restart

Red Hat Enterprise Linux

Install the following RPMs:

  • lm_sensors
  • 2:net-snmp-libs
  • 3:net-snmp
  • 4:net-snmp-devel
  • 5:net-snmp-perl

Edit /etc/snmp/snmpd.conf and uncomment “master agentx”

Edit /etc/sysconfig/snmptrapd or /etc/init.d/snmptrapd:

OPTIONS="-t -m ALL -M /usr/share/snmp/mibs:/usr/local/nagios/snmp/load -p /var/run/snmptrapd.pid"

You can replace the -t option above with -Lsd and this will log to syslog with the contents of every trap.

Edit /etc/sysconfig/snmpd or /etc/init.d/snmpd:

OPTIONS="-u nagios -Lsd -Lf /dev/null -p /var/run/snmpd.pid"

Note: If you want to restrict the interface that the snmpd daemon binds to, add it to the end of the OPTIONS line, eg to only listen on the loopback interface:

OPTIONS='-u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid 127.0.0.1'

Edit /etc/snmp/snmptrapd.conf:

traphandle default /usr/local/nagios/bin/snmptrap2nagios
# Uncomment the line below on net-snmp 5.3.1 and above,
# e.g. Ubuntu Gutsy (or set up appropriate authorization)
# disableAuthorization yes

Start snmptrapd:

/etc/init.d/snmpd start
/etc/init.d/snmptrapd start

Add an entry into sudo to allow Opsview to restart snmpd and snmptrapd:

# Required for Opsview
nagios ALL=NOPASSWD:/etc/init.d/snmpd reload
nagios ALL=NOPASSWD:/etc/init.d/snmptrapd reload
nagios ALL=NOPASSWD:/etc/init.d/functions

Test with:

su - nagios
sudo /etc/init.d/snmpd reload
sudo /etc/init.d/snmptrapd reload

If the test is successful, restart opsview as root using

/etc/init.d/opsview-web restart

SLES

Firstly, install snmpd and snmptrapd using:

zypper install net-snmp

Append the following line to /etc/sysconfig/net-snmp:

SNMPD_OPTIONS="-t -m ALL -M /usr/share/snmp/mibs:/usr/local/nagios/snmp/load"

Copy the snmptrapd init script to /etc/init.d:

cp /usr/share/doc/packages/net-snmp/rc.snmptrapd /etc/init.d/snmptrapd

Open up /etc/init.d/snmptrapd and modify the following line:

 startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -LF ${SNMPD_LOGLEVEL:-d} $SNMPTRAPD_LOGFILE -p /var/run/snmptrapd.pid

Change to:

 startproc $SNMPTRAPD $SNMPTRAPD_CONF -A -LF ${SNMPD_LOGLEVEL:-d} $SNMPTRAPD_LOGFILE $SNMPD_OPTIONS -p /var/run/snmptrapd.pid
 

Edit /etc/snmp/snmptrapd.conf:

traphandle default /usr/local/nagios/bin/snmptrap2nagios
disableAuthorization yes

Start snmptrapd:

/etc/init.d/snmpd start
/etc/init.d/snmptrapd start
Navigation
Print/export
Toolbox