Snmp-iwillfearnoevil: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 45: | Line 45: | ||
<pre> | <pre> | ||
SNMP v2 Trap | SNMP v2 Trap | ||
The command below takes the form of: | The command below takes the form of: | ||
snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | ||
Using a MIB: | Using a MIB: | ||
snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Shortening the MIB: | Shortening the MIB: | ||
snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Using OID's instead of MIB: | Using OID's instead of MIB: | ||
snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | ||
The commands above required the following settings in /etc/snmp/snmptrapd.conf | The commands above required the following settings in /etc/snmp/snmptrapd.conf | ||
disableAuthorization yes | disableAuthorization yes | ||
traphandle default /usr/sbin/snmptthandler | traphandle default /usr/sbin/snmptthandler | ||
SNMP v3 Trap | SNMP v3 Trap | ||
The command below takes the form of: | The command below takes the form of: | ||
snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> | ||
Using a MIB: | Using a MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Shortening the MIB: | Shortening the MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 | ||
Using OID's instead of MIB: | Using OID's instead of MIB: | ||
snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 | ||
The commands above required the following settings in /etc/snmp/snmptrapd.conf | The commands above required the following settings in /etc/snmp/snmptrapd.conf | ||
disableAuthorization yes | disableAuthorization yes | ||
traphandle default /usr/sbin/snmptthandler | traphandle default /usr/sbin/snmptthandler | ||
createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string | createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string | ||
authUser log,execute,net the_user_name | authUser log,execute,net the_user_name | ||
SNMP Trap Definition | SNMP Trap Definition | ||
The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: | The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: | ||
EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal | EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal | ||
FORMAT SNMP netSnmpExampleHeartbeatRate | FORMAT SNMP netSnmpExampleHeartbeatRate | ||
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" | EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" | ||
Trap vs Inform | Trap vs Inform | ||
From the net-snmp website: | From the net-snmp website: | ||
TRAP | TRAP: | ||
A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. | A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. | ||
INFORM: | |||
INFORM | |||
SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through. | SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through. | ||
</pre> | </pre> | ||
[[Category:SNMP]] | [[Category:SNMP]] | ||
Revision as of 17:15, 21 January 2022
Specific to IANA SNMP oid 30911
Everything dealing specifically with the IANA registered SNMP oid for iwillfearnoevil.com needs to go here.
Default path: 1.3.6.1.4.1.30911
Sooner or later a MIB will have to be written. However in the meantime some basic traps and values are considered "standard". Outside of these oid paths it is going to be the wild west. Document ALL OID standards that live under 30911
Existing Used
- 1.3.6.1.4.1.30911.100.X
- X=5 critical event
- X=4 major event
- X=3 minor event
- X=2 informational event
- X=1 debug event
- 1.3.6.1.4.1.30911.50.X
- X=1...? Drop oid system for adhoc SNMP OIDS read from a file
- 1.3.6.1.4.1.30911.4.X
- Unknown historical adhoc
- 1.3.6.1.4.1.30911.2.X
- Unknown historical adhoc
- 1.3.6.1.4.1.30911.0.X
- Keep the .0 range free for exotics
Standard ranges for additional information to append to trap OID above
- 1.3.6.1.4.1.30911.1.1.X
- X=1...? Each line can be appended and used as values for an SNMPTRAP
Example manual trap
export COMMSTRING=public
export NMSIP=127.0.0.1
export SOURCEIPADDRESS=127.0.1.1
snmptrap -v 1 -c ${COMMSTRING} ${NMSIP} \
1.3.6.1.4.1.30911.100.1 \
${SOURCEIPADDRESS} 6 1.3.6.1.2.1.1.5.0 s \
1.3.6.1.4.1.30911.1.1.7 s "Source host ${SOURCEIPADDRESS}" \
1.3.6.1.4.1.30911.1.1.6 s "Notify chubbard@iwillfearnoevil.com for ALL failures." \
1.3.6.1.4.1.30911.1.1.5 s "TEST 1/1" \
1.3.6.1.4.1.30911.1.1.4 s "Valid SNMP Event failure." \
1.3.6.1.4.1.30911.1.1.3 s "More event details" \
1.3.6.1.4.1.30911.1.1.2 s "Even more details here" \
1.3.6.1.4.1.30911.1.1.1 s "SNMP TRAP send failure occurred."
SNMP v2 Trap The command below takes the form of: snmptrap -v <snmp_version> -c <community> <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> Using a MIB: snmptrap -v 2c -c public localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Shortening the MIB: snmptrap -v 2c -c public localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Using OID's instead of MIB: snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 The commands above required the following settings in /etc/snmp/snmptrapd.conf disableAuthorization yes traphandle default /usr/sbin/snmptthandler SNMP v3 Trap The command below takes the form of: snmptrap -v <snmp_version> -e <engine_id> -u <security_username> -a <authentication_protocal> -A <authentication_protocal_pass_phrase> -x <privacy_protocol> -X <privacy_protocol_pass_phrase> -l authPriv <destination_host> <uptime> <OID_or_MIB> <object> <value_type> <value> Using a MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Shortening the MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 123456 Using OID's instead of MIB: snmptrap -v 3 -e 0x090807060504030201 -u the_user_name -a SHA -A the_SHA_string -x AES -X the_AES_string -l authPriv localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456 The commands above required the following settings in /etc/snmp/snmptrapd.conf disableAuthorization yes traphandle default /usr/sbin/snmptthandler createUser -e 0x090807060504030201 the_user_name SHA the_SHA_string AES the_AES_string authUser log,execute,net the_user_name SNMP Trap Definition The following trap definition can be placed in /etc/snmp/snmptt.conf which will allow the test traps sent above to be passed through to Nagios: EVENT netSnmpExampleHeartbeatRate .1.3.6.1.4.1.8072.2.3.0.1 "netSnmpExampleHeartbeatRate" Normal FORMAT SNMP netSnmpExampleHeartbeatRate EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "" "netSnmpExampleHeartbeatRate" Trap vs Inform From the net-snmp website: TRAP: A TRAP is a SNMP message sent from one application to another (which is typically on a remote host). Their purpose is merely to notify the other application that something has happened, has been noticed, etc. The big problem with TRAPs is that they're unacknowledged so you don't actually know if the remote application received your oh-so-important message to it. INFORM: SNMPv2 PDUs fixed this by introducing the notion of an INFORM, which is nothing more than an acknowledged TRAP. IE, when the remote application receives the INFORM it sends back a "I got it" message. This is nice because then the person sending the traps can keep trying until the trap gets through.