Help with SNMP Traps to Alarm Browser

Started by Victor Wiebe, May 23, 2014, 04:56:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Victor Wiebe

May 23, 2014, 04:56:00 PM
Hello everyone. I am in need of some help placing SNMP Traps onto the Alarm Browser. I've browsed through the documentation and the forums and am still struggling.

I have configured an external NMS system to send traps to NetXMS. The traps are being received: they appear in the SNMP Trap Log and the SNMP Trap Monitor.

I've followed the instructions at another post - https://www.netxms.org/forum/configuration/snmp-trap-configuration/msg13657/#msg13657 - but haven't had any luck with it. I have created five Event Configuration items:

TRAP_RAW
TRAP_INFO
TRAP_EMERGENCY
TRAP_CRITICAL
TRAP_CLOSE

The trap OID is .1.3.6.1.4.1.27207.2.2.1.0.1. I've configured the SNMP Trap Configuration to use event "TRAP_RAW" upon receiving an trap with this OID.

I have an Event Processing Policy which calls this script when a TRAP_RAW trap is received:

if ($event->parameters[3] == alert)
{
   switch($event->parameters[2])
   {
      case 1:
         evt = "TRAP_CRITICAL";
         break;
      case 2:
         evt = "TRAP_EMERGENCY";
         break;
      case 3:
         evt = "TRAP_EMERGENCY";
         break;
      case 4:
         evt = "TRAP_EMERGENCY";
         break;
      case 5:
         evt = "TRAP_EMERGENCY";
         break;
      case 6:
         evt = "TRAP_INFO";
         break;
      case 7:
         evt = "TRAP_INFO";
         break;
      case 8:
         evt = "TRAP_INFO";
         break;
   }

   PostEvent($node,evt,null,$event->parameters[7]);
}
else
{
   PostEvent($node, "TRAP_CLOSE");
}

I also have two additional Event Processing Policies for creating the alarm and clearing it. However, no alarms are ever created in the Alarm Browser.

In summary:

I see the traps coming in via tcpdump.
The traps appear in the SNMP Trap Log
The traps appear in the SNMP Trap Monitor
Nothing appears in the Event Monitor
Nothing appears in the Event Log
Alarms are not generated

I'm at a loss as to how to troubleshoot at this point. Would anyone be able to lend a hand?

Just to cover as many bases as I can think of, here is a copy of the incoming trap from tcpdump

09:44:53.154160 IP itbox.49128 > event.snmp-trap:  C= V2Trap(1134)  system.sysUpTime.0=3322126 S:1.1.4.1.0=E:27207.2.2.1.0.1 E:27207.2.1.1.1.1.2=0 E:27207.2.1.1.1.1.3="alert" E:27207.2.1.1.1.1.4=0 E:27207.2.1.1.1.1.5=1400852702 E:27207.2.1.1.1.1.6="" E:27207.2.1.1.1.1.7="Threshold triggered -- switch0.fl2-closet0.wilm's Gi2/0/1's Availability: 0.00 Percent < 100 Percent averaged over 10.00 minutes" E:27207.2.1.1.1.1.8="ITBOX" E:27207.2.1.1.1.1.9=1 E:27207.2.1.1.1.1.10=192.168.10.40 E:27207.2.1.1.1.1.11="switch0.fl2-closet0.wilm" E:27207.2.1.1.1.1.12=1453 E:27207.2.1.1.1.1.13=192.168.10.18 E:27207.2.1.1.2.1.1="Critical Uplinks Availability - switch0.fl2-closet0.wilm - Gi2/0/1" E:27207.2.1.1.2.1.2="" E:27207.2.1.1.2.1.3=0 E:27207.2.1.1.2.1.4="" E:27207.2.1.1.2.1.5=23 E:27207.2.1.1.2.1.6="Uplink ports" E:27207.2.1.1.2.1.7="" E:27207.2.1.1.1.1.14="SNMP" E:27207.2.1.1.1.1.15=1 E:27207.2.1.1.1.1.16="SNMP Poller" E:27207.2.1.1.1.1.17="Gi2/0/1" E:27207.2.1.1.1.1.18=17716 E:27207.2.1.1.1.1.19="core0.wilm gi6/1" E:27207.2.1.1.1.1.20="s1_interfaceavailability" E:27207.2.1.1.1.1.21=120537 E:27207.2.1.1.1.1.22="Availability" E:27207.2.1.1.2.1.8=213743 E:27207.2.1.1.2.1.9=0 E:27207.2.1.1.2.1.10="0.00" E:27207.2.1.1.2.1.11="100" E:27207.2.1.1.2.1.12="Percent" E:27207.2.1.1.2.1.13=2 E:27207.2.1.1.2.1.14="10.00"

Victor Kirhenshtein

#1
May 23, 2014, 06:49:45 PM
Hi!

Is trap sender added as a node object in NetXMS?

Best regards,
Victor

Victor Wiebe

#2
May 23, 2014, 08:26:35 PM
Hi Victor!

Yes, that fixed my immediate issue. The traps are certainly creating alarms now.

My trap sender is an NMS that will send traps on behalf of other devices; ultimately, it is the 'remote device' that I'd like to have referenced as "$node". I've been digging through the documentation and what I think I need to do is create a node on the fly upon trap reception based on one of the OID value's. I think the workflow would work like this:

1) Receive Trap
2) Identify Remote Node from MIB
3) Use FindNodeObject to see if the proper node exists
4) If yes, script a finagling and use PostEvent
5) If no, create a new object using CreateNode, and then modify the new alarm

Does this sound feasible to you? Would you be able to provide me with a one-liner as to how CreateNode works and the parameters it needs?

Thanks again!

Victor W

Victor Kirhenshtein

#3
May 24, 2014, 08:18:17 PM
Hi!

Proposed workflow looks correct. I've added description for CreateNode function to our wiki :)

Best regards,
Victor

Victor Wiebe

#4
May 27, 2014, 10:44:05 PM
Booya! That did it. I now have a series of auto-created node's based on trap. Sweet!

After creating the node using CreateNode, is there a way to programatically disable polling? I won't have direct access from my netxms platform to the devices sending traps.

Thanks again! My event browser is looking awesome.

Victor Wiebe

#5
May 27, 2014, 10:46:22 PM
And I think I just found my own answer with the UnmanageObject function.

Thanks for the help Victor! Great product.
Print
Go Up Pages1
User actions