Snmp-iwillfearnoevil: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 21: | Line 21: | ||
; 1.3.6.1.4.1.30911.0.X | ; 1.3.6.1.4.1.30911.0.X | ||
: Keep the .0 range free for exotics | : Keep the .0 range free for exotics | ||
=== NMS testing using new OID traps === | |||
; 1.3.6.1.4.1.30911.200.200.1 (this is the trap OID that gets displayed or mapped) | |||
; 1.3.6.1.4.1.30911.1.200.200.1.9 : String proposed fix | |||
; 1.3.6.1.4.1.30911.1.200.200.1.8 : Integer 0 = fix, 1 = no fix | |||
; 1.3.6.1.4.1.30911.1.200.200.1.7 : String Child hosts of alarming hosts | |||
; 1.3.6.1.4.1.30911.1.200.200.1.6 : String Event Details | |||
; 1.3.6.1.4.1.30911.1.200.200.1.5 : String Event Summary | |||
; 1.3.6.1.4.1.30911.1.200.200.1.4 : String alarm severity | |||
; 1.3.6.1.4.1.30911.1.200.200.1.3 : Integer alarm severity | |||
; 1.3.6.1.4.1.30911.1.200.200.1.2 : string alarm name | |||
; 1.3.6.1.4.1.30911.1.200.200.1.1 : Integer index number | |||
<pre> | |||
PTH=200 # test oid | |||
#PTH=100 # live oid | |||
snmptrap -v1 -c public 192.168.15.65 \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1 192.168.15.74 6 \ | |||
1.3.6.1.2.1.1.5.0 s \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.9 s 'testErrFixCommand' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.8 i 0 \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.7 s 'Testing child declarations' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.6 s 'These are some random alarm details. Use caution with reserved chars.' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.5 s 'This is some random summary' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.4 s 'WARNING' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.3 i 3 \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.2 s 'testName think Alarm Name' \ | |||
1.3.6.1.4.1.30911.1.$PTH.$PTH.1.1 i 6 | |||
</pre> | |||
=== Standard ranges for additional information to append to trap OID above === | === Standard ranges for additional information to append to trap OID above === | ||
Line 44: | Line 73: | ||
</pre> | </pre> | ||
=== SNMP v2 and V3 traps and informs === | |||
[https://support.nagios.com/kb/article/snmp-trap-how-to-send-a-test-trap-493.html| Original source from Nagios support] | |||
<pre> | <pre> | ||
SNMP v2 Trap | SNMP v2 Trap | ||
The command below takes the form of: | The command below takes the form of: | ||
snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | ||
Using a MIB: | Using a MIB: | ||
snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Shortening the MIB: | Shortening the MIB: | ||
snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Using OID's instead of MIB: | Using OID's instead of MIB: | ||
snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | ||
The commands above required the following settings in /etc/snmp/snmptrapd.conf | The commands above required the following settings in /etc/snmp/snmptrapd.conf | ||
disableAuthorization yes | disableAuthorization yes | ||
traphandle default /usr/sbin/snmptthandler | traphandle default /usr/sbin/snmptthandler | ||
SNMP v3 Trap | SNMP v3 Trap | ||
The command below takes the form of: | The command below takes the form of: | ||
snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | ||
Using a MIB: | Using a MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Shortening the MIB: | Shortening the MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Using OID's instead of MIB: | Using OID's instead of MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | ||
The commands above required the following settings in /etc/snmp/snmptrapd.conf | The commands above required the following settings in /etc/snmp/snmptrapd.conf | ||
disableAuthorization yes | disableAuthorization yes | ||
traphandle default /usr/sbin/snmptthandler | traphandle default /usr/sbin/snmptthandler | ||
createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string | createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string | ||
authUser log,execute,net the_user_name | authUser log,execute,net the_user_name | ||
SNMP Trap Definition | SNMP Trap Definition | ||
The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: | The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: | ||
EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal | EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal | ||
FORMAT SNMP netSnmpExampleHeartbeatRate | FORMAT SNMP netSnmpExampleHeartbeatRate | ||
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" | EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" | ||
Trap vs Inform | Trap vs Inform | ||
From the net-snmp website: | From the net-snmp website: | ||
TRAP | TRAP: | ||
A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. | A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. | ||
INFORM: | |||
INFORM | |||
SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through. | SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through. | ||
</pre> | </pre> | ||
[[Category:SNMP]] | [[Category:SNMP]] |
Latest revision as of 16:28, 21 January 2022
Specific to IANA SNMP oid 30911
Everything dealing specifically with the IANA registered SNMP oid for iwillfearnoevil.com needs to go here.
Default path: 1.3.6.1.4.1.30911
Sooner or later a MIB will have to be written. However in the meantime some basic traps and values are considered "standard". Outside of these oid paths it is going to be the wild west. Document ALL OID standards that live under 30911
Existing Used
- 1.3.6.1.4.1.30911.100.X
- X=5 critical event
- X=4 major event
- X=3 minor event
- X=2 informational event
- X=1 debug event
- 1.3.6.1.4.1.30911.50.X
- X=1...? Drop oid system for adhoc SNMP OIDS read from a file
- 1.3.6.1.4.1.30911.4.X
- Unknown historical adhoc
- 1.3.6.1.4.1.30911.2.X
- Unknown historical adhoc
- 1.3.6.1.4.1.30911.0.X
- Keep the .0 range free for exotics
NMS testing using new OID traps
- 1.3.6.1.4.1.30911.200.200.1 (this is the trap OID that gets displayed or mapped)
- 1.3.6.1.4.1.30911.1.200.200.1.9
- String proposed fix
- 1.3.6.1.4.1.30911.1.200.200.1.8
- Integer 0 = fix, 1 = no fix
- 1.3.6.1.4.1.30911.1.200.200.1.7
- String Child hosts of alarming hosts
- 1.3.6.1.4.1.30911.1.200.200.1.6
- String Event Details
- 1.3.6.1.4.1.30911.1.200.200.1.5
- String Event Summary
- 1.3.6.1.4.1.30911.1.200.200.1.4
- String alarm severity
- 1.3.6.1.4.1.30911.1.200.200.1.3
- Integer alarm severity
- 1.3.6.1.4.1.30911.1.200.200.1.2
- string alarm name
- 1.3.6.1.4.1.30911.1.200.200.1.1
- Integer index number
PTH=200 # test oid #PTH=100 # live oid snmptrap -v1 -c public 192.168.15.65 \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1 192.168.15.74 6 \ 1.3.6.1.2.1.1.5.0 s \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.9 s 'testErrFixCommand' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.8 i 0 \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.7 s 'Testing child declarations' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.6 s 'These are some random alarm details. Use caution with reserved chars.' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.5 s 'This is some random summary' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.4 s 'WARNING' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.3 i 3 \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.2 s 'testName think Alarm Name' \ 1.3.6.1.4.1.30911.1.$PTH.$PTH.1.1 i 6
Standard ranges for additional information to append to trap OID above
- 1.3.6.1.4.1.30911.1.1.X
- X=1...? Each line can be appended and used as values for an SNMPTRAP
Example manual trap
export COMMSTRING=public export NMSIP=127.0.0.1 export SOURCEIPADDRESS=127.0.1.1 snmptrap -v 1 -c ${COMMSTRING} ${NMSIP} \ 1.3.6.1.4.1.30911.100.1 \ ${SOURCEIPADDRESS} 6 1.3.6.1.2.1.1.5.0 s \ 1.3.6.1.4.1.30911.1.1.7 s "Source host ${SOURCEIPADDRESS}" \ 1.3.6.1.4.1.30911.1.1.6 s "Notify chubbard@iwillfearnoevil.com for ALL failures." \ 1.3.6.1.4.1.30911.1.1.5 s "TEST 1/1" \ 1.3.6.1.4.1.30911.1.1.4 s "Valid SNMP Event failure." \ 1.3.6.1.4.1.30911.1.1.3 s "More event details" \ 1.3.6.1.4.1.30911.1.1.2 s "Even more details here" \ 1.3.6.1.4.1.30911.1.1.1 s "SNMP TRAP send failure occurred."
SNMP v2 and V3 traps and informs
Original source from Nagios support
SNMP v2 Trap The command below takes the form of: snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> Using a MIB: snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Shortening the MIB: snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Using OID's instead of MIB: snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 The commands above required the following settings in /etc/snmp/snmptrapd.conf disableAuthorization yes traphandle default /usr/sbin/snmptthandler SNMP v3 Trap The command below takes the form of: snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> Using a MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Shortening the MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Using OID's instead of MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 The commands above required the following settings in /etc/snmp/snmptrapd.conf disableAuthorization yes traphandle default /usr/sbin/snmptthandler createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string authUser log,execute,net the_user_name SNMP Trap Definition The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal FORMAT SNMP netSnmpExampleHeartbeatRate EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" Trap vs Inform From the net-snmp website: TRAP: A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. INFORM: SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through.