Snmp-iwillfearnoevil

Specific to IANA SNMP oid 30911

Everything dealing specifically with the IANA registered SNMP oid for iwillfearnoevil.com needs to go here.

Default path: 1.3.6.1.4.1.30911

Sooner or later a MIB will have to be written. However in the meantime some basic traps and values are considered "standard". Outside of these oid paths it is going to be the wild west. Document ALL OID standards that live under 30911

Existing Used

1.3.6.1.4.1.30911.100.X

X=5 critical event

X=4 major event

X=3 minor event

X=2 informational event

X=1 debug event

1.3.6.1.4.1.30911.50.X

X=1...? Drop oid system for adhoc SNMP OIDS read from a file

1.3.6.1.4.1.30911.4.X

Unknown historical adhoc

1.3.6.1.4.1.30911.2.X

Unknown historical adhoc

1.3.6.1.4.1.30911.0.X

Keep the .0 range free for exotics

NMS testing using new OID traps

1.3.6.1.4.1.30911.200.200.1 (this is the trap OID that gets displayed or mapped)

1.3.6.1.4.1.30911.1.200.200.1.9

String proposed fix

1.3.6.1.4.1.30911.1.200.200.1.8

Integer 0 = fix, 1 = no fix

1.3.6.1.4.1.30911.1.200.200.1.7

String Child hosts of alarming hosts

1.3.6.1.4.1.30911.1.200.200.1.6

String Event Details

1.3.6.1.4.1.30911.1.200.200.1.5

String Event Summary

1.3.6.1.4.1.30911.1.200.200.1.4

String alarm severity

1.3.6.1.4.1.30911.1.200.200.1.3

Integer alarm severity

1.3.6.1.4.1.30911.1.200.200.1.2

string alarm name

1.3.6.1.4.1.30911.1.200.200.1.1

Integer index number

PTH=200 # test oid
#PTH=100 # live oid
snmptrap -v1 -c public 192.168.15.65 \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1 192.168.15.74 6 \
1.3.6.1.2.1.1.5.0 s \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.9 s 'testErrFixCommand' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.8 i 0 \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.7 s 'Testing child declarations' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.6 s 'These are some random alarm details.  Use caution with reserved chars.' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.5 s 'This is some random summary' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.4 s 'WARNING' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.3 i 3 \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.2 s 'testName think Alarm Name' \
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.1 i 6

Standard ranges for additional information to append to trap OID above

1.3.6.1.4.1.30911.1.1.X

X=1...? Each line can be appended and used as values for an SNMPTRAP

Example manual trap

export COMMSTRING=public 
export NMSIP=127.0.0.1 
export SOURCEIPADDRESS=127.0.1.1

snmptrap -v 1 -c ${COMMSTRING} ${NMSIP} \
1.3.6.1.4.1.30911.100.1 \
${SOURCEIPADDRESS} 6 1.3.6.1.2.1.1.5.0 s \
1.3.6.1.4.1.30911.1.1.7 s "Source host ${SOURCEIPADDRESS}" \
1.3.6.1.4.1.30911.1.1.6 s "Notify chubbard@iwillfearnoevil.com for ALL failures." \
1.3.6.1.4.1.30911.1.1.5 s "TEST 1/1" \
1.3.6.1.4.1.30911.1.1.4 s "Valid SNMP Event failure." \
1.3.6.1.4.1.30911.1.1.3 s "More event details" \
1.3.6.1.4.1.30911.1.1.2 s "Even more details here" \
1.3.6.1.4.1.30911.1.1.1 s "SNMP TRAP send failure occurred."

SNMP v2 and V3 traps and informs

Original source from Nagios support

SNMP v2 Trap
The command below takes the form of:
snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value>

Using a MIB:
snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

Shortening the MIB:
snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

Using OID's instead of MIB:
snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456

The commands above required the following settings in /etc/snmp/snmptrapd.conf
disableAuthorization yes
traphandle default /usr/sbin/snmptthandler
 
SNMP v3 Trap
The command below takes the form of:
snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value>

Using a MIB:
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

Shortening the MIB:
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456

Using OID's instead of MIB:
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456

The commands above required the following settings in /etc/snmp/snmptrapd.conf
disableAuthorization yes
traphandle default /usr/sbin/snmptthandler
createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string
authUser log,execute,net the_user_name
 
SNMP Trap Definition
The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios:
EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal
FORMAT SNMP netSnmpExampleHeartbeatRate
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate"

Trap vs Inform
From the net-snmp website:

TRAP:
A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it.

INFORM:
SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through.