http://lab4.org/wiki/Zabbix_Monitoring_SNMP_Traps_empfangen
The Zabbix server can process SNMP traps, but do not accept their own. This requires the help of Zabbix snmptrapd. If the numeric OIDs contained in the trap are converted into readable text, Zabbix need another external tool, the SNMP Trap Translator (SNMPTT).
snmptrapd and install SNMPTT
On Debian systems, you install the following packages
apt-get install snmpd snmp SNMPTT
Also, install the standard MIBs, as described in the chapter. By default, the start snmpd, so the daemon makes the system status via SNMP from externally interrogated. The snmptrapd is not enabled by default. This you have to adjust the file / etc / default / snmpd change.
TRAPDRUN = yes SNMPDRUN = no
Open the configuration file of Trapper daemons and cause that the Trapper daemon forwards all received traps to the Trap Daemon Translate. In/etc/snmp/snmptrapd.conf enter following:
traphandle default / usr / sbin / SNMPTT disableAuthorization yes
The Zabbix server expects the messages of the traps in a given format “enter” does not fit the standard. Open the file /etc/snmp/snmptt.ini and change the following settings:
mode = standalone translate_log_trap_oid = 2 net_snmp_perl_enable = 1 DATE_TIME_FORMAT =% H:% M:% S% Y /% m /% d log_file = /tmp/zabbix_traps.tmp log_system_enable = 1 mibs_environment = ALL
Insert the backup file /etc/snmp/snmptt.conf to:
mv /etc/snmp/snmptt.conf /etc/snmp/snmptt.conf.orig
Now enter in a new blank file /etc/snmp/snmptt.conf only the following two lines.
EVENT general. * "General Event" Normal FORMAT ZBXTRAP $ aA $ ar severity: $ s $ Fn + $ *
If you want to pass more information from an SNMP trap to Zabbix, add possibly more variable one. A list of all variables that can fill SNMPTT, see http://snmptt.sourceforge.net/docs/snmptt.shtml#Variable-substitutions.
Send a test trap and look at what SNMPTT writes to the file that will be read later by Zabbix server. The following example provides information via SNMP which a network link is no longer available.
snmptrap -v -c 1 public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.3' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.3 s "teststring000" tail /tmp/zabbix_traps.tmp 10/28/2013 16:31:18 IF-MIB :: linkDown.0.33 Normal "General Event" localhost - 127.0.0.1 127.0.0.1 ZBXTRAP
Configure Zabbix server and proxy
By default, Zabbix server receives no SNMP traps. Open the file zabbix_server.conf and change the following two lines. If you use proxies, need to receive traps analogous to the server in the file zabbix_proxy.conf activate. The file from the Zabbix server or proxy of the messages reads traps must exactly match the file in which the messages SNMPTT writes.
SNMPTrapperFile = / tmp / zabbix_traps.tmp StartSNMPTrapper = 1
Start then the Zabbix server or Proxy again.
Setting up Items and Triggers
Once the snmpd and are SNMPTT furnished and forward the traps to the Zabbix server, you can set for a host or a template items of type “SNMP trap”. Ensure that post for the hosts, the SNMP traps, SNMP interface must be configured in Zabbix. The assignment of the receiving traps for the hosts is not via the IP address or DNS name of the agent interface.
Now place for a host or a template, a new item of type “SNMP trap” to. As Key select snmptrap [<regex>] from. Once Zabbix receives a trap, the entire contents of the traps with the specified regular expression is compared. If the expression is included in the Trap, Zabbix stores the entire trap from the Item Value. The type of information is at items on the type SNMP trap always text. Traps can sometimes be very long. With the data type character is not guaranteed that all the information is stored, since this type only stores a maximum of 255 characters.
In the event that you want to save all the traps that sends a device, there are the Item Key snmptrap.fallback. If you use this key for a host, Zabbix stores all traps that have not been “captured” by other items from this Item.
With the trigger function diff (0)} # 0 You can trigger an action when a new unknown trap is received. Note that SNMP traps are stateless usually. This means Report devices via SNMP trap only that an error has occurred. The normal state is however not regularly reported. Logs a device error, the return to normal but not, the trigger will remain permanently triggered in Zabbix. One possible solution is the function nodata () to be integrated into the trigger. The trigger then triggers only for a certain period of time and, after expiration of the time Panne, if the item does not provide any new data, again in the Satus OK back.