Hello everybody!
I’ve been trying to get a Windows 2016 to generate a trap from an event log entry and I have some issues (It isn’t working), let me pick up your collective mind.
I installed TrapDirector (1.0.6), all checks are green and test traps from localhost work OK. I copied some Windows mibs
Folder listing
$ ls -l /usr/share/icingaweb2/modules/trapdirector/mibs
total 212
6179 nov 30 10:45 ftp.mib
48593 nov 30 10:45 hostmib.mib
59909 dic 3 09:36 HOST-RESOURCES-V2-MIB.mib
698 jun 18 2013 inetsrv.mib
6100 nov 30 10:45 lmmib2.mib
581 jul 16 2016 msft.mib
22462 nov 30 10:45 rfc2571.mib
4411 nov 30 10:45 smi.mib
26236 nov 30 10:45 wins.mib
Updating the MIBS returned a lot of “Unlinked OIDs” and “Did not find X in Y”. Is this normal?
Windows AFAIK refuses to send any traps for the service start/stop event but every time I restart the machine it will generate a bunch of traps received by TrapDirector of “linkUp” type.Why are these traps being sent?
Finally if someone does know what I could be missing for W2016 to not generate the traps I setup (the events do keep appearing in the log) that would be quite welcome.
Versions
Program Version 2.11.3-1
Icinga web 2.8.2
PHP Version 7.3.11
trapdirector 1.0.6
director 1.7.2
Windows 2016 configured to send traps from specific Event Log entries (evntwin / evntcmd).
CentOS 7.7 with snmpd *receiving* traps
with the trapdirector I can’t help. But with sendung from windows and eventlogs. Sadly it’s a little bit complicated or better let’s say: very awkward in my opinion.
The second entry is for Event ID 7036 (Service Start/Stop) so I can generate events at will. I installed the traps with evntcmd but I can’t get any traps to Icinga. It’s only on server reboot that I get unrelated traps. I even tried with the Windows Firewall totally disabled and no change.
Next I’m thinking of checking with Wireshark if Windows is actually sending out the traps and perhaps snmptrapd drops them for …reasons.
Ideas are welcome
I do have it, when the Windows system starts it sends some traps to Icinga with the community name I setup: “trapdirector” (screenshot in my 1st msg) so it is picking up the destination server and the community name.
I confirmed with tcpdump that only these traps are arriving and nothing from the eventlog. Somehow there’s something wrong on the Windows side so I’ll have to go through it again even though it seems I have gone through the steps dozens of times now.
It is so amazing to be able to discuss these issues with other people, it helps me a lot to get new ideas and to get a fresh perspective.
Traps are being received now!
In evntwin I had selected “apply throttle” with what I thought was a rather generous margin but the moment I decided to switch to “Do not apply throttle” traps started to flow to trapdirector. Now the handling wars can begin!
I find puzzling that the “throttling” applied by Windows consist in sending 0 traps. It was driving me nuts.
Thank you @stevie-sy for all your ideas and your input.
