I am new to SNMP and to Kapacitor-InfluxDB. I have InfluxDB and Kapacitor installed on a server. Kapacitor is generating alarms using data pushed into InfluxDB. I was wondering if it is possible to consider the server on which Kapacitor and InfluxDB are installed an SNMP agent and use the alarms that Kapacitor generates as traps to be sent to an SNMP manager installed on a separate machine?
Please let me know if my question is not clear.
You could implement it as an Output Node in Kapacitor: https://docs.influxdata.com/kapacitor/v0.13/about_the_project/custom_output/
Kapacitor can not natively send SNMP traps out of the box (yet). That functionality will likely require adding an SNMP trap event handler to the alert node.
Kapacitor's alert node exec event handler can be set to trigger a SNMP trap via snmptrap or another SNMP command line agent.
Related
About 5 days ago, OpenNMS Horizon 22.02 on Ubuntu 18.04.1 LTS stopped accepting traps from network elements. No changes were made to configuration or underlying operating system to my knowledge.
There are about 125 network elements, all Cisco, sending traps.
So far I have checked the following:
tcpdump shows the traps coming into the interface on port 162
Turned on Debug for trapd.log and incoming traps from network elements do not create any log entries
Traps sent with send-trap.pl from the localhost create traps that flow all the way to events
Traps sent with snmptrap either on localhost or another host create log entries that flow all the way to events. The other host is using the same interface that the network elements are using.
ss -lnpu sport = :162 shows an open UPD "UNCONN"
sudo lsof -i :162 shows a single listener java process
Startup of trapd does not seem to show any warnings in the log
I have verified that the ufw and iptables are off
I have updated OpenNMS to 22.04 and updated Ubunutu with no relief
Restarted OpenNMS many many times...
I moved Trapd startup after Asterisk in service-configuration.xml based on this
All of this seems similar to this. I think the last commenter on that thread asked about comparing the successful and unsuccessful traps in Wireshark which I have not done but all of the traps that are being sent have worked hundreds if not thousands of times until November 6th.
Is there anywhere else to look for errors as to why Trapd is not accepting traps? I think I have ruled out network issues.
I created a new Ubuntu 18.04 VM, updated it and then installed Horizon 23.01 fresh. I pointed my stream of traps at it and it behaves the exactly the same way, none of the traps create any log entries on the trapd.log with the level set to debug. Tcpdump shows the traps coming to the interface.
Issue Resolved.
The underlying operating system lost its static route for the subnet that the traps were coming from. OpenNMS had a route back to the subnet but not via the path that the traps were coming in from. Once the static route was restored, traps started working again and were flowing all the way to events.
My OpenNMS system is running on Windows Server 2012 and I am doing most of my configurations through the web interface.
I have configured an SNMP community associated with a range of ip addresses for the node I want to monitor. I have specified a string for this community. I have added the node (which contains multiple ip addresses) for provisioning. I have added the node to the default data collection group. However, when I try to navigate to the node, rescan it, and manage data collection per interface, I cannot view the node as an option from which to collect data. I also do not see SNMP data on the node availability graphs, only ICMP data. How should I approach this problem. Are there any additional files I need to edit?
If any of you have some knowledge of OpenNMS, I would appreciate the help. I have only been using OpenNMS for 2 weeks now, and I have very little knowledge of SNMP or networking, though I am learning more every day.
First of all, it is important to ensure your OpenNMS as SNMP access to your Device you want to monitor. You can verify this by running the following command from the CLI off your OpenNMS server:
snmpwalk -v 2c -c <your-community-string> <your-ip-interface>
If you don't see any output or a timeout, you have connectivity issues which can be firewalls between your OpenNMS and the device you want to monitor. It can also be the SNMP Agent on your Device does not allow access from your OpenNMS servers IP address.
As I'm reading your Node has multiple IP interfaces you have provisioned. You can define an attribute "SNMP Primary" which means:
P: It is the primary interface and when it is reachable, OpenNMS will try to fetch all SNMP performance data from this interface
S: It is set as secondary, it means SNMP is available but will only be used to fetch SNMP performance data if the primary interface is down
N: Not used for SNMP performance data collection
By default OpenNMS detects also services like SNMP. The SNMP service is assigned to the interface when it is possible to fetch the System Object ID (sysoid) .1.3.6.1.2.1.1.2.0 from the given IP interface using the SNMP community you have configured by the IP address in the WebUI. You can troubleshoot this on the CLI using the snmpget command from your OpenNMS server like this:
snmpget -v 2c -c <your-community-string> <your-ip-interface> .1.3.6.1.2.1.1.2.0
If you don't get a result, OpenNMS will not detect the SNMP service. OpenNMS will only try to collect SNMP performance data from an IP interface when the SNMP service is associated.
Hope this helps for further troubleshooting.
In Zabbix Server 3, I have a linux host monitored through SNMP.
The SNMP OID of the monitored MIB is as below:
SNMPv2-SMI::enterprises.94.7.1.4.2.1.5.1 = STRING: "CLUSTER STARTED (RESTARTED)"
I have configured this SNMP OID to be monitored for every 10 minutes. The Zabbix server is sending a SNMP get-request and the linux host replies back. The timestamp is updated in this case in Zabix>Monitoring>Latest Data section of Zabbix dashboard
I also have an SNMP trap defined for this event.
I restarted the cluster in the linux host, which triggered an SNMP trap message to zabbix and the event is captured in /var/log/zabbix/snmptrapfmt.log of zabbix server. But the Zabix>Monitoring>Latest Data section of Zabbix dashboard still has old timestamp for latest data. The new value is not updated from SNMP trap.
Is there any separate configuration needed for this?
I am using zabbix appliance 3 as zabbix server
The first item you showed, the one that polls SNMP, should not be relevant for trap processing.
Regarding the second item (snmptrap), make sure you have started SNMP trapper (StartSNMPTrapper parameter in the server configuration file).
Also check that Zabbix server points at the location where you traps are written with the parameter SNMPTrapperFile.
If all that is configured, check the server log - if a trap is written there, it was not matched to your item - in that case, check your regexp against the trap data and make sure the IP address Zabbix sees the trap from matches the SNMP interface address for that item.
I want to monitor some servers in a cluster with Zabbix. if it is feasible to use "snmp agent" instead of "zabbix agent" to monitoring the servers, I will not install zabbix agent in every server.
So what is the advantage of zabbix agent than the snmp agent?
It depends on which parameters would you like to monitor. We are using SNMP monitoring on hosts (clusters and standalones) where vendor does not allow installation any other application except from himself.
Even in case of SNMP you need to modify configuration of your SNMP daemon on monitored host. But in some cases default configuration is sufficient to monitor at least some values without any installation/configuration/modification on monitored host. Be advised that the network must allow SNMP traffic (161/udp). I don't need to mention that SNMP v1 and v2c can be seen by somebody listening on the network. Values which can be monitored by SNMP daemon are listed in OID list http://www.alvestrand.no/objectid/top.html.
On the other hand Zabbix agent can monitor similar values like SNMP daemon. Additionaly there are some parameters which are more complex (like DNS response etc.). The list of values which can be monitored by Zabbix agent is on https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/zabbix_agent
I want to configure SNMP traps on PFsense, to do it I have done below things.
Enable SNMP Demon (Without doing it it is not allowing to enable traps)
A. Given poling port number (161)
B. Given Read community string. (mypfsense)
Enable SNMP Traps
A. Given Trap Server IP. (192.168.0.100)
B. Given poling port number (162)
C. Given Read community string. (mypfsense)
On windows 2008 server I have install Ireasoning MIB Browser.
Turn on Trap receiver on port number 162.
But at here I was not getting any update on trap receiver so I have check through....
send test trap using ireasoning trap sender, and i got trap in trap receiver.
I was not getting PFSense traps, so then after I have
Add feature in server 2008 snmp service, and configure it as below.
A. services.msn > snmp service property > Security tab > accept community name -> added the community "mypfsense" as Read Only.
Then after I repeat the steps 4 and 5, both are behaving as it is.
So after all I am not getting traps of PFSense.
I am requesting you to please help me to configure it.
Note: I have check through MIB Browser that poling is working from the 2008 server it gives output of get next, walk, get bulk etc. etc...
Thanks and Regards,
Harshit Choksi.