SNMP traps not trapped

dnLL · July 27, 2022, 3:26am

mkeventd is running and looking for snmp traps. It’s also listening on port 162 as you’d expect.

vm-admin:~ # omd restart home mkeventd
Temporary filesystem already mounted
Stopping mkeventd...killing 20701...OK
Starting mkeventd (builtin: snmptrap)...OK

vm-admin:~ # ss -nalp | grep 162
udp    UNCONN  0        0                                               0.0.0.0:162                                             0.0.0.0:*                        users:(("python3",pid=20701,fd=6))

tcpdump does show my tests going through…


vm-admin:~ # tcpdump port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:16:15.715867 IP server-ipmi.56589 > vm-admin.snmptrap:  Trap(103)  E:3183.1.1 10.1.1.10 enterpriseSpecific s=0 1658873773 E:3183.1.1.1=34_31_30_31_4d_53_3c_ec_ef_43_76_2e_00_00_00_00_00_13_2e_35_8b_2d_ff_ff_20_20_02_00_00_00_00_00_00_00_00_00_00_00_00_19_7c_2a_00_00_11_1b_80_00_01_00_c1
23:16:18.531993 IP pdu.42187 > vm-admin.snmptrap:  Trap(77)  E:318 10.1.1.3 enterpriseSpecific s=636 452720 system.sysUpTime.0=452720 S:1.1.4.1.0=E:318.0.636

So far so good. mkeventd.log however? nothing. Only got one rule:

What more can I do to debug this?

ChristianM · July 27, 2022, 7:25am

Hi.

Please activate the debug level for snmp event-and rule processing in event console and check that port 162 from mkeventd is bind to “0.0.0.0” or the needed interface.

Regards, Christian

Elena.Dzhordzhilova · July 27, 2022, 1:22pm

Hello,

Check if you set your SNMP version and credentials in WATO > Event Console > Settings > Credentials for processing SNMP traps. Also, if you are using SNMPv3, you must add engine ID. Otherwise, the alarms will not appear on CheckMK’s interface only with credentials and version.

Best Regards,
Elena

dnLL · July 27, 2022, 6:13pm

Port 162 is bind to 0.0.0.0 as shown above. I just enabled debug but still don’t see anything in mkeventd.log other than the configuration reloading?

dnLL · July 27, 2022, 6:14pm

I’m using the default SNMP credentials (v1 and v2c, not v3). Using tcpdump (shown above) I don’t see any credentials sent by the PDU or the IPMI interface.

dnLL · July 27, 2022, 7:10pm

When using the Event generator, I can generate syslog events but if I try simulating a SNMP event I get HTTP 500 error. From Apache’s error_log:

[Wed Jul 27 15:09:28.489045 2022] [wsgi:error] [pid 16113] [client 127.0.0.1:43954] AttributeError: 'SyslogMessage' object has no attribute '_priority', referer: http://vm-admin/home/check_mk/wato.py?mode=mkeventd_rules&rule_pack=default

system · July 27, 2023, 7:10pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.