RECEIVED ZABBIX MONITORING SNMP TRAPS

http://lab4.org/wiki/Zabbix_Monitoring_SNMP_Traps_empfangen

The Zabbix server can process SNMP traps, but do not accept their own. This requires the help of Zabbix snmptrapd. If the numeric OIDs contained in the trap are converted into readable text, Zabbix need another external tool, the SNMP Trap Translator (SNMPTT).

Processing chain of SNMP traps.

snmptrapd and install SNMPTT

On Debian systems, you install the following packages

apt-get install snmpd snmp SNMPTT

Also, install the standard MIBs, as described in the chapter. By default, the start snmpd, so the daemon makes the system status via SNMP from externally interrogated. The snmptrapd is not enabled by default. This you have to adjust the file / etc / default / snmpd change.

TRAPDRUN = yes
SNMPDRUN = no

Open the configuration file of Trapper daemons and cause that the Trapper daemon forwards all received traps to the Trap Daemon Translate. In/etc/snmp/snmptrapd.conf enter following:

traphandle default / usr / sbin / SNMPTT
disableAuthorization yes

The Zabbix server expects the messages of the traps in a given format “enter” does not fit the standard. Open the file /etc/snmp/snmptt.ini and change the following settings:

mode = standalone
translate_log_trap_oid = 2
net_snmp_perl_enable = 1
DATE_TIME_FORMAT =% H:% M:% S% Y /% m /% d
log_file = /tmp/zabbix_traps.tmp
log_system_enable = 1
mibs_environment = ALL

Insert the backup file /etc/snmp/snmptt.conf to:

mv /etc/snmp/snmptt.conf /etc/snmp/snmptt.conf.orig

Now enter in a new blank file /etc/snmp/snmptt.conf only the following two lines.

EVENT general. * "General Event" Normal
FORMAT ZBXTRAP $ aA $ ar severity: $ s $ Fn + $ *

If you want to pass more information from an SNMP trap to Zabbix, add possibly more variable one. A list of all variables that can fill SNMPTT, see http://snmptt.sourceforge.net/docs/snmptt.shtml#Variable-substitutions.
Send a test trap and look at what SNMPTT writes to the file that will be read later by Zabbix server. The following example provides information via SNMP which a network link is no longer available.

snmptrap -v -c 1 public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.3' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.3 s "teststring000"
tail /tmp/zabbix_traps.tmp 
10/28/2013 16:31:18 IF-MIB :: linkDown.0.33 Normal "General Event" localhost - 127.0.0.1 127.0.0.1 ZBXTRAP

Configure Zabbix server and proxy

By default, Zabbix server receives no SNMP traps. Open the file zabbix_server.conf and change the following two lines. If you use proxies, need to receive traps analogous to the server in the file zabbix_proxy.conf activate. The file from the Zabbix server or proxy of the messages reads traps must exactly match the file in which the messages SNMPTT writes.

SNMPTrapperFile = / tmp / zabbix_traps.tmp
StartSNMPTrapper = 1

Start then the Zabbix server or Proxy again.

Setting up Items and Triggers

Once the snmpd and are SNMPTT furnished and forward the traps to the Zabbix server, you can set for a host or a template items of type “SNMP trap”. Ensure that post for the hosts, the SNMP traps, SNMP interface must be configured in Zabbix. The assignment of the receiving traps for the hosts is not via the IP address or DNS name of the agent interface.

To receive traps need hosts an SNMP interface.

Now place for a host or a template, a new item of type “SNMP trap” to. As Key select snmptrap [<regex>] from. Once Zabbix receives a trap, the entire contents of the traps with the specified regular expression is compared. If the expression is included in the Trap, Zabbix stores the entire trap from the Item Value. The type of information is at items on the type SNMP trap always text. Traps can sometimes be very long. With the data type character is not guaranteed that all the information is stored, since this type only stores a maximum of 255 characters.

SNMP Trap Item. Among issuing SMPTTT zabbix_traps.tmp in file.

In the event that you want to save all the traps that sends a device, there are the Item Key snmptrap.fallback. If you use this key for a host, Zabbix stores all traps that have not been “captured” by other items from this Item.

With the trigger function diff (0)} # 0 You can trigger an action when a new unknown trap is received. Note that SNMP traps are stateless usually. This means Report devices via SNMP trap only that an error has occurred. The normal state is however not regularly reported. Logs a device error, the return to normal but not, the trigger will remain permanently triggered in Zabbix. One possible solution is the function nodata () to be integrated into the trigger. The trigger then triggers only for a certain period of time and, after expiration of the time Panne, if the item does not provide any new data, again in the Satus OK back.

A trigger triggers for 5 minutes after enter unknown traps.