Nagios Support Forum

I have been given the MIB for an application to monitor interfaces on it. After uploading it to Nagios I decided to try and process it but apparently processing it does nothing? I'm attaching the mib here.

I am receiving traps from the server in my logs snmptt.log example below and I have defined the trap - Assuming I am doing this correctly.

Openlink_Interface_Event .1.3.6.1.4.1.4184.2.0.2 Interface_Not_Operational Error Interface_Not_Operational1


But the SNMP Trap Interface doesn't show any captured traps.


/var/log/snmptt/snmptt.log:
Thu Sep 10 15:48:50 2020 .1.3.6.1.4.1.4184.2.0.2 ALARM "Openlink Interface Event" <IP of server> - Received trap "Interface_Not_Operational" with variables "enterprises.4184.2.1.2.1.2.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:Cerner OPENLink 24.1-05 enterprises.4184.2.1.2.1.5.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:1
enterprises.4184.2.2.2.1.1.13.73.67.79.84.50.52.49.53.72.48.65.72.70:ICOT2415H0AHF <-- Design Name
enterprises.4184.2.3.2.1.1.13.73.67.79.84.50.52.49.53.72.48.65.72.70.11.80.82.69.67.89.83.69.95.51.77.50:PRECYSE_3M2 <-- Connection Name
enterprises.4184.2.5.1.0:IN13 <-- Interface Alert Identifier
enterprises.4184.2.5.2.0:4 <-- Severity of the Alert
enterprises.4184.2.5.3.0:DOWN, Interface is not operational- ERROR status for Connection. <-- Error Text
enterprises.4184.2.5.4.0:2020-09-10 15:48:50
enterprises.4184.2.5.8.0:0 enterprises.4184.2.5.9.0:0"


Am I doing something wrong here?

For some reason the MIB file did not get added to the post, can you add it again?

The first time a trap is received, it has to be configured in the Admin > Unconfigured Objects menu. After that, it will be received automatically and show up in the SNMP Traps service.

Go and configure the trap from the Admin > Unconfigured Objects menu to create the Service Check in the xi interface.

Then send a trap to the xi server and see if the status for the service updates with the data.

If not, we would need to see the SNMP configuration files and the MIB files from the server so can you run the following 3 commands as root. Then post these 3 files so we can check the settings and the MIB files for any errors.

Attached the mib as a txt file and I have also taken a screen shot of the traps I have defined. I believe i've done this correctly? I don't see the traps received in the received traps tab.

Thanks for the MIB file. I took a look at it and it has some syntax errors in it.

In some of the object definitions, they are using underscores "_" and that is not a valid characters for the MIB file.
If you replace all of them with a minus sign "-" then replace the existing file on the server.

After replacing the file and go to the Admin > Manage MIBs menu and click on the blue arrow for that MIB to import the Trap definitions.
That should create the definitions and allow the system to process the traps that are received.

You should delete the existing trap to use the ones from the file.

After doing the replacement from _ to - then removing the old file and uploading the new one I am receiving normal traps in Nagios(Screenshot attached)


We tried getting the Error to show up in the nagios received traps interface but it does not. The logs show they are received along with a second normal alert. Any idea why?

tail -f /var/log/snmptt/snmptt.log /var/log/snmptt/snmpttunknown.log

Mon Sep 21 10:42:58 2020 .1.3.6.1.4.1.4184.2.0.2 Error "Interface_Not_Operational" <SERVER IP> - Received trap "Openlink_Interface_Event" with variables
"enterprises.4184.2.1.2.1.2.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:Cerner OPENLink 24.1-05
enterprises.4184.2.1.2.1.5.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:1
enterprises.4184.2.2.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72:ICOT2415H0AH
enterprises.4184.2.3.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72.7.51.77.95.83.70.51.51:3M_SF33 enterprises.4184.2.5.1.0:IN13
enterprises.4184.2.5.2.0:4 enterprises.4184.2.5.3.0:DOWN, Interface is not operational- ERROR status for Connection.
enterprises.4184.2.5.4.0:2020-09-21 10:42:57
enterprises.4184.2.5.8.0:0 e
nterprises.4184.2.5.9.0:0"




Mon Sep 21 10:42:58 2020 .1.3.6.1.4.1.4184.2.0.2 Normal "Status Events" <SERVER IP> - Received trap "oplGenericV2Trap" with variables
"enterprises.4184.2.1.2.1.2.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:Cerner OPENLink 24.1-05
enterprises.4184.2.1.2.1.5.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:1
enterprises.4184.2.2.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72:ICOT2415H0AH
enterprises.4184.2.3.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72.7.51.77.95.83.70.51.51:3M_SF33
enterprises.4184.2.5.1.0:IN13
enterprises.4184.2.5.2.0:4
enterprises.4184.2.5.3.0:DOWN, Interface is not operational- ERROR status for Connection.
enterprises.4184.2.5.4.0:2020-09-21 10:42:57
enterprises.4184.2.5.8.0:0
enterprises.4184.2.5.9.0:0"

By default, when a MIB is added to the xi server, all of the OID's are setup with the Normal state so if a good or bad trap is received with the same OID, it will always show up in xi with an OK state.

To get a bad trap to show up, you will have to create a copy of the TRAP in the SNMP Trap Interface and use a MATCH command to get it to trigger with a Non-OK state.

Until you add a MATCH statement to the file, all of the traps will come in as a normal status and will not generate a Warning or Critical


Create a copy of the oplGenericV2Trap trap in the Admin > SNMP Trap interface menu.
Go to the Defined Trap TAB to see the existing trap and use the Add a Trap Definition TAB to create the new one.

Setup the Trap to be the same except for the following.
Severity: should be Critical

And in the Additional Raw Data: section, put in the following.

Save the new trap.

I selected 2 from the severity levels that are defined in the MIB file. See below. You may need to adjust the match to use a different level.

"The severity of the alert condition. The values are:
info(1) Informational
warn(2) Warning
error(3) Error
fatal(4) Fatal"

Or use the following to match if the severity is greater than 1.
Then, if the trap is received and it has a severity level larger than 1, it will generate a critical in xi.

I created the trap details screenshot attached. Would this be accurate? If I am using this OID and they are all coming in the same how does it know to distinguish these?



Right now I get

2020-09-21 16:54:43 oplGenericV2Trap enterprises.4184.2.0.2 <server ip> Status Events Normal


The Trap is


Mon Sep 21 10:42:58 2020 .1.3.6.1.4.1.4184.2.0.2 Error "Interface_Not_Operational" <SERVER IP> - Received trap "Openlink_Interface_Event" with variables
"enterprises.4184.2.1.2.1.2.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:Cerner OPENLink 24.1-05
enterprises.4184.2.1.2.1.5.23.67.101.114.110.101.114.95.79.80.69.78.76.105.110.107.95.50.52.46.49.45.48.53:1
enterprises.4184.2.2.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72:ICOT2415H0AH
enterprises.4184.2.3.2.1.1.12.73.67.79.84.50.52.49.53.72.48.65.72.7.51.77.95.83.70.51.51:3M_SF33
enterprises.4184.2.5.1.0:IN13
enterprises.4184.2.5.2.0:4
enterprises.4184.2.5.3.0:DOWN, Interface is not operational- ERROR status for Connection.
enterprises.4184.2.5.4.0:2020-09-21 10:42:57
enterprises.4184.2.5.8.0:0
enterprises.4184.2.5.9.0:0"

Should I be using enterprises.4184.2.5.1.0 or enterprises.4184.2.5.1.0:IN13 as the OID? or .1.3.6.1.4.1.4184.2.0.2 ?

.1.3.6.1.4.1.4184.2.0.2 seem to be a generic one for all of the ones being received. Is my scrrenshot accurate?

Most devices use the same OID to send the errors that occurred and also for when they clear, the only difference is what they send for the Alert condition.

If there is an error or something informational, the value in the Alert condition will be greater than zero. If the issue recovers, it will send a zero for the Alert condition which should clear it.

In your screen capture, you need to enable and fill in the Passive Service Section, this is used to send the trap status to Nagios xi.

See page 9 of this document or just look at the existing trap for the
https://assets.nagios.com/downloads/nag ... h-NXTI.pdf


This is the correct OID to use .1.3.6.1.4.1.4184.2.0.2 for the 2 trap definitions. (Normal and Critical)

One thing that I forgot, the Normal trap has to have a Match added to it so it can reset the SNMP Trap alert.

Put the following in the Raw Data section.

New screenshot attached. I modified the trap details to reflect what we have discussed.
When this goes critical I want it to send an e-mail out to the ticketing system which will generate one ticket for the resulting team. Because of that I don't want it to send multiple emails to one specific address but I do want that for others. Is that possible to do without creating a second check?

If the same trap Trap is coming in from the same host and you want to have it send notifications at different intervals, then you would have to create 2 separate trap entries and 2 separate services.
Copy the existing Trap definition and change the Service Description field to create a different name.

After the traps are received and setup in xi, you can edit them in the Core Config Manager and change the Notification settings to what you want.