Solved - 2.0.0b4.cee.demo - SNMP Trap Monitoring

Troubleshooting
1

Hello,

I’m new and first install, so please provide lots of direction if anything I’m missing is needed.

OMD - Open Monitoring Distribution Version 2.0.0b4.cee.demo
RedHat - Red Hat Enterprise Linux release 8.3 (Ootpa)

I’m trying to setup SNMP Trap monitoring.

Following:

Troubleshooting:

  • Read wiki, read form ports… Information is old or does not apply?

  • Enabled "omd config " Enabled SNMP TRAP monitoring.

  • netstat -nalp shows port 162 open and managed by python as would be expected.

  • TCP Dump shows inbound SNMP on port 162

    20:20:35.077131 IP (tos 0x0, ttl 64, id 42126, offset 0, flags [DF], proto UDP (17), length 217)
    192.168.110.97.47541 > 192.168.110.5.162: [bad udp cksum 0x5e8e -> 0xcfd0!] { SNMPv2c { V2Trap(172) R=2003202976 .1.3.6.1.2.1.1.3.0=648 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.11610.1.7.1.4.1.2.0.4 .1.3.6.1.4.1.11610.435.5213.1.2.1.0=“sde-cluster” .1.3.6.1.2.1.1.5.0=“sde1.ultra.sandvine.com” .1.3.6.1.4.1.11610.6799.1.10.0=1 .1.3.6.1.4.1.11610.1.7.1.2.1.1.2.0=0 } }
    20:20:35.077644 IP (tos 0x0, ttl 64, id 42127, offset 0, flags [DF], proto UDP (17), length 217)
    192.168.110.97.47541 > 192.168.110.5.162: [bad udp cksum 0x5e8e -> 0xd1d0!] { SNMPv2c { V2Trap(172) R=2003202977 .1.3.6.1.2.1.1.3.0=648 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.11610.1.7.1.4.1.2.0.2 .1.3.6.1.4.1.11610.435.5213.1.2.1.0=“sde-cluster” .1.3.6.1.2.1.1.5.0=“sde1.ultra.sandvine.com” .1.3.6.1.4.1.11610.6799.1.10.0=1 .1.3.6.1.4.1.11610.1.7.1.2.1.1.1.0=0 } }

  • I see from the wiki it seems i may need to add a filter to catch “ALL” to ensure the messaging is collected but i don’t see where or how to do this?

Issue(s)

  1. I don’t see the “Console” as referenced? As document suggests I should be monitor the inbound snmp events this way?

  2. While monitoring logs ( tail -F /omd/sites//var/log/*.log There are no logged events as expected.

Any help is welcome.

Thank you.
MR.D

2

First check if the “mkeventd” service is running with “omd status”.
The documentation shows the screenshots and steps for the current production version 1.6
With your beta of 2.0 it is a little bit different.

On the left side go to “Monitor” and there to “Event Console” - “Events”
You should see an empty view. If this is there then your “Event Console” is working.

Now you can use the “Setup” button and use the search field there with “event” as search term. On the top should be “Setup” - “Event Console”.
From there you can use the manual to setup some rules.

3

Hello @andreas-doehler

OMD[ultra]:~/share/snmp/mibs$ omd status
mkeventd:       running
liveproxyd:     running
mknotifyd:      running
rrdcached:      running
cmc:            running
apache:         running
dcd:            running
redis:          running
crontab:        running
-----------------------
Overall state:  running
  1. Sorry I don’t see “Setup” in the “Monitor -> Event Console -> Events” to add rules?

image
image1688×1043 27.6 KB

Thank you.

4

Ok, So you mean the “General” “Setup”, sorry I was looking for a Events Setup or something specific

image
image831×1110 67.5 KB

I’ve tried my best and spend 2 hours reading most of each heading and can’t find one related to SNMP traps? if you mean under SNMP Rules, can you share the next step as nothing jumps out for setting rules for what should be monitored?

image
image1521×320 17.9 KB

5

No problem i will try with some small screenshots.

image
image659×534 49.7 KB

will result in
image
image1120×811 71.9 KB

Inside the rule pack you can define some rule for the events processed.
For the system it is no difference if it is a SNMP trap or some other event received.
The “Default rule pack” is empty at the start.
If you insert there only one rule with “Text to match” set to “.*” then it will catch all events received. With this rule you can inspect if there are some events or traps are received.
Will look like this.
image
image1785×694 62.4 KB

1 Like
6

Hi Andreas,

  1. Thank you very much, it’s odd i can only see the “Event Console” when searching, when clicking on just “Setup” it’s not listed?

image

vs

image

  1. Can you share an example for setting up with SNMP Traps? I’ve added a .* text match yet i still don’t seem to get events?

Should the State be syslog?

image
image1478×222 10.5 KB

Here is the full “Rule” with options available. I’m missing where to configure the SNMP, I would expect to see the OID / MIB relation or what may be called " Service " to associate?

Guessing here, i would suspect the “SNMP TRAP listener is writing to syslog”? then we use this to parse the syslog? <-- Am i in the ballpark for understanding?

Thank you.
Derek

7

image
image1332×1417 80.1 KB

image
image1272×696 38.2 KB

8

AAA …
image

There’s a show less and show more button :laughing:

9

AAA …

Needed to publish rules … Not just save them …

No the “Hits” is increasing …
image

10

YESSSS… :grin:

image
image1455×406 30 KB

Thank you so much for answering this question. I will open a new thread to help associate this data with the MIB already installed.

Thank you!
MrD

1 Like
11

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.