How to monitor SNMP Traps V3 on Icinga2

Hello everybody,

does anyone know a plugin with which I can monitor snmptraps with Icingaweb2 and Director.

From the VMs to be monitored, a message is sent via the trap if a program was executed successfully or not.

In use is SNMP V3

Thank you for your help

Patrick has created trapdirector and it looks promising.

1 Like

You could also take a look into logstash with the “snmptrap Input plugin” and the “icinga Output plugin”. But I’m not sure, if the input plugin in the current version can handle v3 traps. We use it for v2 traps and it works fine, but it’s a hard work to disassemble the trap with the logstash filters and prepare it for icinga.

But maybe there are better ways to check if a program is started sucessfully. Because I’m sure you know a trap is not a safe way to monitor hard-/Software (Traps can get lost in the Network). Possible Solutions are: send passive check results to icinga, icinga Agent etc…
We use traps only for hardware and software which have no rest api or they can’t send check results to the icinga api (e.g. curl) or there is no way to install a agent.

1 Like

Hi,

the classic way of doing this would be to setup snmptrapd and add snmptt to process the traps with rules.
As far as I can see, SNMPv3 adds INFORM next to TRAP which needs additional configuration and permissions.

Once the trap is handled by snmptrapd, this should be fine to just fowarded to snmptt. This may create rules to create a check result for Icinga then, e.g. sent via process-check-result action towards the REST API.

Cheers,
Michael

Hi,

Either you use trapdirector or not, have a look at this part of the doc - snmptrapd config - for snmptrapd configuration with snmpv3.

1 Like

Hi,

Hello everybody,

I have the following system configuration:

./icinga-diagnostics.sh

Icinga 2 Diagnostics

Version: 0.1.0

Run on localhost at Wed Aug 21 14:42:11 CEST 2019

Running as root

OS

OS Version: Red Hat Enterprise Linux Server release 7.6 (Maipo)
Hypervisor: Running virtually on a VMware hypervisor
CPU cores: 2
RAM: 7.6G

Top output

top - 14:42:11 up 7:07, 3 users, load average: 0.14, 0.12, 0.09
Tasks: 258 total, 1 running, 257 sleeping, 0 stopped, 0 zombie
%Cpu(s): 2.3 us, 13.6 sy, 0.0 ni, 84.1 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 8009504 total, 2677064 free, 1063332 used, 4269108 buff/cache
KiB Swap: 4194300 total, 4194300 free, 0 used. 6638888 avail Mem

SELinux: Permissive
Firewall: active

Icinga 2

Packages:

Icinga 2 Version : 2.10.5

Done checking packages. See Anomaly section if something odd was found.

Features:
Disabled features: compatlog elasticsearch gelf graphite opentsdb
Enabled features: api checker command debuglog ido-mysql influxdb livestatus mainlog notification perfdata statusdata syslog

Check intervals:
1 * check_interval = 30, Host

Used commands (numbers are relative to each other, not showing configured objects):
687 /usr/lib64/nagios/plugins/check_ping

[2019-08-21 14:42:14 +0200] information/cli: Icinga application loader (version: r2.10.5-1)
[2019-08-21 14:42:14 +0200] information/cli: Loading configuration file(s).
[2019-08-21 14:42:14 +0200] information/ConfigItem: Committing config item(s).
[2019-08-21 14:42:14 +0200] information/ApiListener: My API identity: localhost
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 InfluxdbWriter.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 LivestatusListener.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 SyslogLogger.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 IcingaApplication.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 Host.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 2 FileLoggers.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 2 NotificationCommands.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 NotificationComponent.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 ApiListener.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 PerfdataWriter.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 CheckerComponent.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 3 Zones.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 StatusDataWriter.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 ExternalCommandListener.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 Endpoint.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 3 ApiUsers.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 1 IdoMysqlConnection.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 218 CheckCommands.
[2019-08-21 14:42:14 +0200] information/ConfigItem: Instantiated 2 TimePeriods.
[2019-08-21 14:42:14 +0200] information/ScriptGlobal: Dumping variables to file ‘/var/cache/icinga2/icinga2.vars’
[2019-08-21 14:42:14 +0200] information/cli: Finished validating the configuration file(s).

Icinga Web 2

Packages:
icingaweb2-2.7.1-1.el7.icinga.noarch
package php is not installed
httpd-2.4.6-89.el7_6.1.x86_64

Icinga Web 2 Modules:
MODULE VERSION STATE DESCRIPTION
director master enabled Director - Config tool for Icinga 2
doc 2.7.1 enabled Documentation module
ipl v0.3.0 enabled The Icinga PHP library
monitoring 2.7.1 enabled Icinga monitoring module
reactbundle v0.6.0 enabled ReactPHP-based 3rd party libraries
translation 2.7.1 enabled Translation module
trapdirector 0.9.1 enabled SNMP traps configuration tool for Icinga 2

director via git - “3c5fa1610c598a9b4c657ad1fd54feb0699237ee”
doc via release archive/package
ipl via release archive/package
monitoring via release archive/package
reactbundle via release archive/package
translation via release archive/package
trapdirector via release archive/package

Icinga Web 2 commandtransport configuration:
[icinga2]
transport = “api”
host = “localhost”
port = “5665”
username = “root”
password = MASKED

Director is release master
0.9.1
Director was installed as a git clone

Anomalies found

  • Director is installed but no release archive was used for installation. (Please note that it still could the code of a release)
  • More than one php.ini file found
  • At least one php.ini file has no valid timezone setting

Total count of detected anomalies: 3

PHP Version:

PHP 7.1.8 (fpm-fcgi) (built: Aug 8 2017 09:02:40)
Copyright © 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright © 1998-2017 Zend Technologies
with Zend OPcache v7.1.8, Copyright © 1999-2017, by Zend Technologies

The following errors occur:

Under Traps -> Status & Mibs comes the following error message:

Uncaught ErrorException: Illegal string offset ‘attribs’ in /usr/share/php/Icinga/Web/Form.php:248
Stack trace:
#0 /usr/share/php/Icinga/Web/Form.php(248): Icinga\Application\ApplicationBootstrap->Icinga\Application{closure}(2, ‘Illegal string …’, ‘/usr/share/php/…’, 248, Array)
#1 /usr/share/icingaweb2/modules/trapdirector/application/controllers/StatusController.php(264): Icinga\Web\Form->__construct(‘upload-form’, Array)
#2 /usr/share/icingaweb2/modules/trapdirector/application/controllers/StatusController.php(200): Icinga\Module\Trapdirector\Controllers\UploadForm->__construct(‘upload-form’)
#3 /usr/share/icingaweb2/library/vendor/Zend/Controller/Action.php(507): Icinga\Module\Trapdirector\Controllers\StatusController->mibAction()
#4 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch(‘mibAction’)
#5 /usr/share/icingaweb2/library/vendor/Zend/Controller/Front.php(937): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Respons

#0 [internal function]: Icinga\Application\Web->Icinga\Application{closure}()
#1 {main}

When I execute the scripts under / usr / share / icingaweb2 / modules / trapdirector / bin, the Trapdirector under Received will not show anything:

./test_trap_v1.sh

./test_trap_v2.sh

./test_trap_v3.sh -> snmptrap:

Maybe somebody can help me …

Hello everybody,

I came a little closer to the problem.

The error was that is installed on the server rh-php71 -… and thus the port for php-fpm is occupied.

After the implementation of PHP 7.1 via the Epel repo and the exchange of data in snmptrapd.conf on / usr / bin / php, the traps are also displayed under Traps -> Received.

The only remaining error is Trabs -> Status & Mibs and there under Mib Management

Uncaught ErrorException: Illegal string offset ‘attribs’ in /usr/share/php/Icinga/Web/Form.php:248
Stack trace:

0 /usr/share/php/Icinga/Web/Form.php(248): Icinga \ Application \ ApplicationBootstrap-> Icinga \ Application \ {closure} (2, ‘Illegal string …’, '/ usr / share / php / … ', 248, array)

1 /usr/share/icingaweb2/modules/trapdirector/application/controllers/StatusController.php(264): Icinga \ Web \ Form -> __ construct (‘upload-form’, Array)

2 /usr/share/icingaweb2/modules/trapdirector/application/controllers/StatusController.php(200): Icinga \ Modules \ Trapdirector \ Controllers \ UploadForm -> __ construct (‘upload-form’)

3 /usr/share/icingaweb2/library/vendor/Zend/Controller/Action.php(507): Icinga \ Module \ Trapdirector \ Controllers \ StatusController-> mibAction ()

4 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action-> dispatch (‘mibAction’)

5 /usr/share/icingaweb2/library/vendor/Zend/Controller/Front.php(937): Icinga \ Web \ Controller \ Dispatcher-> dispatch (Object (Icinga \ Web \ Request), Object (Icinga \ Web \ respons

0 [internal function]: Icinga \ Application \ Web-> Icinga \ Application \ {closure} ()

1 {main}

But maybe that’s the RH-PHP71 version

Hi,

I’ll have a look at this and make updates on the case you opened (?)

HI,

@patrickpr just tested Your module. Looks like my traps hate is going down a little bit :slight_smile:

@xxandyxx : I updated the case and provided a bugfix. (https://github.com/patrickpr/trapdirector/issues/3 )

@unic : I hate them too, but as low level code is now stable, I won’t have to see them again except in a GUI :smile: