Giter Site home page Giter Site logo

alexb7 / snmptt Goto Github PK

View Code? Open in Web Editor NEW
2.0 4.0 2.0 9.95 MB

SNMP Trap Translator - git mirror of the upstream repository (see http://snmptt.sourceforge.net/ and https://github.com/snmptt/snmptt)

HTML 46.36% CSS 1.72% Shell 0.52% Perl 50.98% Python 0.41%

snmptt's Introduction

SNMPTT

SNMPTT (SNMP Trap Translator) is an SNMP trap handler written in Perl for use with the Net-SNMP snmptrapd program (www.net-snmp.org). SNMPTT supports Linux, Unix and Windows.

Many network devices including but not limited to network switches, routers, remote access servers, UPSs, printers and operating systems such as Unix and Windows have the ability to send notifications to an SNMP manager running on a network management station. The notifications can be either SNMP Traps, or SNMP Inform messages.

The notifications can contain a wide array of information such as port failures, link failures, access violations, power outages, paper jams, hard drive failures etc. The MIB (Management Information Base) available from the vendor determines the notifications supported by each device.

The MIB file contains TRAP-TYPE (SMIv1) or NOTIFICATION-TYPE (SMIv2) definitions, which define the variables that are passed to the management station when a particular event occurs.

The Net-SNMP program snmptrapd is an application that receives and logs SNMP trap and inform messages via TCP/IP. Following is a sample syslog entry for a Compaq cpqDa3LogDrvStatusChange trap that notifies that the drive array is rebuilding using numeric OIDs:

Feb 12 13:37:10 server11 snmptrapd[25409]: 192.168.110.192: Enterprise Specific Trap (3008) Uptime: 306 days, 23:13:24.29, .1.3.6.1.2.1.1.5.0 = SERVER08, .1.3.6.1.4.1.232.11.2.11.1.0 = 0, .1.3.6.1.4.1.232.3.2.3.1.1.4.8.1 = rebuilding(7)

Here is the same trap using symbolic OIDs.

Feb 12 13:37:10 server11 snmptrapd[25409]: 192.168.110.192: Enterprise Specific Trap (3008) Uptime: 306 days, 23:13:24.29, sysName.0 = SERVER08, cpqHoTrapFlags.0 = 0, cpqDaLogDrvStatus.8.1 = rebuilding(7)

The output from snmptrapd can be changed via the -O option to display numeric or symbolic OIDs and other display options, but it generally follows the format of variable name = value, variable name = value etc.

A more descriptive / friendly trap message can be created using SNMPTT's variable substitution. Following is the same trap, logged with SNMPTT:

Feb 12 13:37:13 server11 TRAPD: .1.3.6.1.4.1.232.0.3008 Normal "LOGONLY" server08 - Logical Drive Status Change: Status is now rebuilding

The definition for the cpqDa3LogDrvStatusChange trap in the SNMPTT configuration file would be defined as follows:

FORMAT Logical Drive Status Change: Status is now $3.

The $3 represents the third variable as defined in the MIB file, which for this particular trap, is the cpqDaLogDrvStatus variable.

Another example of an SNMPTT configuration entry is:

FORMAT Compaq Drive Array Spare Drive on controller $4, bus $5, bay $6 status is $3.

Which could result in the following output:

"Compaq Drive Array Spare Drive on controller 3, bus 0, bay 3 status is Failed."

SNMPTT can log to any of the following destinations: text log, syslog, Windows Event log or a SQL database such as MySQL, PostreSQL or an ODBC accessible database such as Microsoft SQL. External programs can also be run to pass th e translated trap to an email client, paging software, Nagios, Icinga etc.

In addition to variable substitution, SNMPTT allows complex configurations allowing:

  • the ability to accept or reject a trap based on the host name, ip address, network range, or variable values inside of the trap enterprise variables
  • execute external programs to send pages, emails etc
  • perform regular expression search and replace on the translated message such as translating the variable value "Building alarm 4" to "Moisture detection alarm"

See snmptt/docs/snmptt.MD for more information.

snmptt's People

Contributors

alexb7 avatar bmfmancini avatar kaz0225 avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

vonage hardyvala

snmptt's Issues

[Feature request] Variable to switch dates to UNC in the database

Used version: 1.5 in Windows

We have multiple instances of snmptt in multiple sites storing data in SQL and even though we found a way to get the correct date across multiple time zones, it would be easier to have snmptt store those date in UNC before sending then to the three supported tables (snmptt, snmptt_unknown and snmptt_statistics)

"Use of uninitialized value" in stdout since Perl warnings is used

Hello,
We have moved to snmptt version 1.5 and I noticed several "Use of uninitialized value" messages due to the use of Perl warnings.

Use of uninitialized value $variable_fix in numeric eq (==) at /usr/bin/snmptt line 3625, <STDIN> line 4.
Use of uninitialized value $variable_fix in numeric eq (==) at /usr/bin/snmptt line 3625, <STDIN> line 5.
Use of uninitialized value $variable_fix in numeric eq (==) at /usr/bin/snmptt line 3625, <STDIN> line 6.
Use of uninitialized value $temp_wildcard1 in concatenation (.) or string at /usr/bin/snmptt line 2374.
Use of uninitialized value $temp_wildcard2 in concatenation (.) or string at /usr/bin/snmptt line 2375.
Use of uninitialized value $temp_wildcard3 in concatenation (.) or string at /usr/bin/snmptt line 2376.
Use of uninitialized value $right in reverse at /usr/bin/snmptt line 2968.
Use of uninitialized value $format_line in string at /usr/bin/snmptt line 2766.
Use of uninitialized value $temp_wildcard1 in concatenation (.) or string at /usr/bin/snmptt line 2374.
Use of uninitialized value $temp_wildcard2 in concatenation (.) or string at /usr/bin/snmptt line 2375.
Use of uninitialized value $temp_wildcard3 in concatenation (.) or string at /usr/bin/snmptt line 2376.
Use of uninitialized value $right in reverse at /usr/bin/snmptt line 2968.

I would suggest to initialise the variables with a default value, in order to avoid these anoying messages. (or disables Perl warnings).
Best regards

snmptthandler-embedded is changing hex engine ID value

When using snmptthandler-embedded to read an engine ID from the snmp trap received from snmptrapd snmptt handler is changing hex value of the engine ID ever so slightly, so it won't be converted to a meaningful text.
And example
createUser -e "800099ee0474657874" ciena-community MD5 "Benunets#1"
But the translated engine id would look like this
0x080099ee4047568747

snmptrapd.conf: |

    createUser -e "800099ee0474657874" test-community MD5 "testpass"
    authCommunity log,execute,net ciena-community
    authUser log,execute,net ciena-community noauth
    disableAuthorization no
      perl do "/usr/lib/snmptt/snmptthandler-embedded"
    agentAddress 127.0.0.1:162

snmptt.ini: |

    [General]
    mode = "daemon"
    dns_enable = 1
    multiple_event = 1
    syslog_enable = 1
    # date_time_format = %Y-%m-%d %H:%M:%S %E
    [Logging]
    log_enable = 1
    log_file = /var/log/snmptt/snmptt.log
    log_system_enable = 1
    log_system_file = /var/log/snmptt/snmpttsystem.log
    unknown_trap_log_enable = 1
    unknown_trap_log_file = /var/log/snmptt/snmpttunknown.log
    [DaemonMode]
    spool_directory = /var/spool/snmptt/
    [Debugging]
    DEBUGGING = 2

    DEBUGGING_FILE = /var/log/snmptt/snmptt.debug
    [TrapFiles]
    snmptt_conf_files = <<END
    /etc/snmp/snmptt.conf
    END

snmptt.conf: |


    EVENT linkDown .1.3.6.1.6.3.1.1.5.3 "Status Events" Normal
    FORMAT A linkDown trap signifies that the SNMP entity, $BE, $Be, $Bu, $Bn acting in $* 
    SDESC
    A linkDown trap signifies that the SNMP entity, acting in
    an agent role, has detected that the ifOperStatus object for
    one of its communication links is about to enter the down
    state from some other state (but not from the notPresent
    state).  This other state is indicated by the included value
    of ifOperStatus.
    Variables:
      1: ifIndex
      2: ifAdminStatus
      3: ifOperStatus
    EDESC

  snmptrapd.conf: |
    createUser -e "800099ee0474657874" test MD5 testtest
    authCommunity log,execute,net test
    authUser log,execute,net test noauth
    disableAuthorization no
      perl do "/usr/lib/snmptt/snmptthandler-embedded"
    agentAddress 127.0.0.1:162

Trap packet capture

    18:31:38.454202 IP 172.x.x.x.53790 > portal.snmp-trap:  F=a U="test" E=_80_00_99_ee_04_74_65_78_74 C="" V2Trap(155)  system.sysUpTime.0=315872 S:1.1.4.1.0=E:39406.1.1.0.3 interfaces.ifTable.ifEntry.ifIndex.1=1 interfaces.ifTable.ifEntry.ifDescr.1="ethernet0/0" interfaces.ifTable.ifEntry.ifType.1=6 interfaces.ifTable.ifEntry.ifAdminStatus.1=1 interfaces.ifTable.ifEntry.ifOperStatus.1=1
    18:31:38.875519 IP 172.x.x.x.53790 > portal.snmp-trap:  F=a U="test" E=_80_00_99_ee_04_74_65_78_74 C="" V2Trap(155)  system.sysUpTime.0=315915 S:1.1.4.1.0=E:39406.1.1.0.4 interfaces.ifTable.ifEntry.ifIndex.1=1 interfaces.ifTable.ifEntry.ifDescr.1="ethernet0/0" interfaces.ifTable.ifEntry.ifType.1=6 interfaces.ifTable.ifEntry.ifAdminStatus.1=2 interfaces.ifTable.ifEntry.ifOperStatus.1=1
    18:31:41.357327 IP 172.x.x.x.53790 > portal.snmp-trap:  F=a U="test" E=_80_00_99_ee_04_74_65_78_74 C="" V2Trap(135)  system.sysUpTime.0=316163 S:1.1.4.1.0=S:1.1.5.3 interfaces.ifTable.ifEntry.ifIndex.1=1 interfaces.ifTable.ifEntry.ifAdminStatus.1=2 interfaces.ifTable.ifEntry.ifOperStatus.1=1 S:1.1.4.3.0=E:39406.1.2.1.19

/var/log/snmptt/snmptt.debug

    Trap defined, processing...
    PREEXEC line(s):

    FORMAT line:
    Variable .1.3.6.1.2.1.2.2.1.8.1 with value 1
    Variable .1.3.6.1.2.1.2.2.1.7.1 with value 2
    Variable .1.3.6.1.2.1.2.2.1.1.1 with value 1
     Interface Down: The 2 interface on host oper-portal.benunets.com is down. IfIndex: 1
    .1.3.6.1.6.3.1.1.5.3 Critical "Status Events" 172.x.x.x -  Interface Down: The 2 interface on host oper-portal.benunets.com is down. IfIndex: 1
    
    EXEC line(s):
      EXEC line not defined
    Working with EVENT entry: .1.3.6.1.6.3.1.1.5.3 => linkDown,Status Events,Normal,
      No nodes defined for this entry so all nodes will match
      No MATCH entries defined for this entry

    Trap defined, processing...

    PREEXEC line(s):
    FORMAT line:
    Variable .1.3.6.1.2.1.2.2.1.8.1 with value 1
    Variable .1.3.6.1.2.1.2.2.1.7.1 with value 2
    Variable .1.3.6.1.2.1.2.2.1.1.1 with value 1
    A linkDown trap signifies that the SNMP entity, 0x080099ee4047568747, 0x080099ee4047568747, test, unknown acting in 1 2 1
    .1.3.6.1.6.3.1.1.5.3 Normal "Status Events" 172.x.x.x - A linkDown trap signifies that the SNMP entity, 0x080099ee4047568747, 0x080099ee4047568747, test, unknown acting in 1 2 1


    EXEC line(s):
      EXEC line not defined

snmptrapd logs

        2023-07-11 18:31:38 <UNKNOWN> [UDP: [172.x.x.x]:53790->[172.n.n.n]:162]:
        .1.3.6.1.2.1.1.3.0 = Timeticks: (315872) 0:52:38.72     .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.39406.1.1.0.3        .1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1     .1.3.6.1.2.1.2.2.1.2.1 = STRING: ethernet0/0    .1.3.6.1.2.1.2.2.1.3.1 = INTEGER: ethernetCsmacd(6)   .1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1) .1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1) 
        2023-07-11 18:31:38 <UNKNOWN> [UDP: [172.x.x.x]:53790->[172.n.n.n]:162]:
        .1.3.6.1.2.1.1.3.0 = Timeticks: (315863) 0:52:38.63     .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4      .1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1     .1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1) .1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1) .1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.39406.1.2.1.19 
        2023-07-11 18:31:41 <UNKNOWN> [UDP: [172.x.x.x]:53790->[172.n.n.n]:162]:
        .1.3.6.1.2.1.1.3.0 = Timeticks: (316163) 0:52:41.63     .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3      .1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1     .1.3.6.1.2.1.2.2.1.7.1 = INTEGER: down(2)       .1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1)       .1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.39406.1.2.1.19

Traps are always logged into Application event log

Used version: 1.5 in Windows
Expected behavior: eventlog_enable is at 0 so I expected the traps to not be logged into the Application event log

Behavior: I don’t seen any difference in trap login no matter the value of eventlog_enable

Am i missing something? The doc state : "# Set to 1 to enable logging of TRAPS to the event log."

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.