Dear Team,
I would like to monitor the events from our fortigate firewall in checkmk via the SNMP traps.
I already did every necessary config on the firewall and I can see that events are being sent to checmk but I get no events in the checkmk event console.
I already configured the rule in the Event console and setup “credentials for processing snmp traps”.
However, I still get nothing. What could be the issue here?
Thanks in anticipation of your response.
Best regards,
Fikayo
Hi,
did you switch on all ES setting to receive traps, syslog and so on? If yes, please set the log level of EC to debug and look at ~var/log/mkeventd.log. In the logfile you will see if events received and whick rule will handle it. Please check also if port for receiving traps is open.
Best regards,
Christian
Thanks so much for your feedback.
I already switched on all settings. The port for receiving traps is open as well.
I did as you said and the image below shows what is in the mkeventd.log.
I really do not understand what to do with the information here.
Hi, normally you wil see here th incomming traps on mkeventd. in your picture, no traps are received after restart. So, please check if mkeventd is able to receive traps. With a netstat you have to look if port 162 is bound to mkeventd.
Alright.
Thanks
I will check this out.
mkeventd is able to receive traps because anytime I run “omd restart” I get:
I also get the following meaning checkmk is using the port 162
However using the netstat command, I do not see port 162 listening or being binded to mkeventd. I already tried so many steps but to no avail.
Any hint you can provide towards the right direction?
Thanks.
Did you run an other trap receiver on your system which will block the port?
I did not.
I only started looking into snmp trapping when I wanted to configure this rule for the firewall events
Did you try to simulate a trap on the local system to check if the traps can handled by mkeventd and no firewall or something else is involved?
So I disconnected the checkmk event console from port 162 by using the command
Then I simulated snmptraps on the local system and I was able to receive the traps.
I then restarted the checkmk site so it can reconnect the event console to the port 162 but I still receive no traps in the event console.
Hi,
is a local firewall involved? Did you try without started firewall? When I look at your netstat, the binding is on all interfaces. When I look a my system, a result of lsof -i:162 schows “snmptrap”, but in your case “snmp-traps”. The sam by FD (my : 4u, yours 3u). Please have a look at “netstat -tulpen” and check if port 162 used by python3.
Best regards,
Christian
Hello.
Sorry, I have been out of office since Thursday.
There is actually no Firewall setup on the Linux system.
Events sent from the company Firewalls we are monitoring can be seen on the local system (once Event console is disconnected from port 162). However, nothing gets to the Event console after restarting.
“netstat -tulpen” also shows that port 162 is used by Python3
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
