how do you setup snmpd to send traps when /var has less then 10% capacity left

creatureofthedark · 02-02-2012, 09:43 PM

hey,

I originally posted this over in the server section however I think that was incorrect so I'm posting it here too..

iv been working on this for god knows how long and been googleing for the past few months now.... all i seem to come up with is how to setup snmp traps with IOS, snmpwalk info or cacti configs...

I am trying to make an automated monitoring system for my final year computer systems and networking project at university..

currently i have setup a small test bed consisting of a web-server and a monitoring server.. This is just a small setup of what I will need to do at the end of this project but for the time being I'm just trying to get the basics down...

on the web-server i have installed snmpd and used the following config file

Code:

com2sec local     127.0.0.1/32    public
com2sec local     192.168.2.0/24   public

trap2sink 192.168.2.51 public
trapsink 192.168.2.51 public

group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local

view all    included  .1                               80

access MyROGroup ""      any       noauth    exact  all    none   none

rocommunity  public
syslocation  "North"
syscontact  david@the-ward-network.co.uk

###############################################################################
#
#  SYSTEM INFORMATION
#

#  Note that setting these values here, results in the corresponding MIB objects being 're$
#  See snmpd.conf(5) for more details
sysLocation    Sitting on the Dock of the Bay
sysContact     Me <me@example.org>
                                                 # Application + End-to-End layers
sysServices    72


#
#  Process Monitoring
#
                               # At least one  'mountd' process
proc  mountd
                               # No more than 4 'ntalkd' processes - 0 is OK
proc  ntalkd    4
                               # At least one 'sendmail' process, but no more than 10
proc  sendmail 10 1

#  Walk the UCD-SNMP-MIB::prTable to see the resulting output
#  Note that this table will be empty if there are no "proc" entries in the snmpd.conf file


#
#  Disk Monitoring
#
                               # 10MBs required on root disk, 5% free on /var, 10% free on$
disk       /     10000
disk       /var  5%
includeAllDisks  10%

#  Walk the UCD-SNMP-MIB::dskTable to see the resulting output
#  Note that this table will be empty if there are no "disk" entries in the snmpd.conf file


#
#  System Load
#
                               # Unacceptable 1-, 5-, and 15-minute load averages
load   12 10 5

on the monitoring server i have setup snmptrapd below

Code:

authCommunity log,execute,net public
traphandle default python /home/creature/snmptest.py

snmptest.py looks like

Code:

def main():

        running = True
        output = open ('/tmp/traps', 'a')
        while running:
                try:
                        input = raw_input()
                        output.write(input + "\n")
                except EOFError:
                        running = False
        output.close()

if __name__ == '__main__':
        main()

this code was taken from http://www.youtube.com/watch?v=S0ibDVFnUws

the only issue is i only seem to be getting uptime alerts and not anything else..... i don't think iv even configured uptime traps in the snmpd.conf file....

can anyone tell me what im doing wrong?? or if what i am doing is even possible??

as far as i can tell no one seems to know.....

thanks in advance

creatureofthedark · 02-03-2012, 11:02 AM

Hey,

I'v been working non stop since I posted this thread [and allot longer before] and iv still got no where... well some where.. iv now got to the stage where i think its an authentication issue...

On the monitoring server I am currently recurving the bellow traps...

Code:

Fri Feb  3 16:35:09 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:34163->[192.168.2.51]
iso.3.6.1.2.1.1.3.0 0:12:44:14.57
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.5
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.4.1.8072.3.2.10
Fri Feb  3 16:35:14 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:34163->[192.168.2.51]
iso.3.6.1.2.1.1.3.0 0:12:44:14.57
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.5
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.4.1.8072.3.2.10
Fri Feb  3 16:35:25 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:51625->[192.168.2.51]
iso.3.6.1.2.1.1.3.0 0:12:44:16.62
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.5
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.4.1.8072.3.2.10
Fri Feb  3 16:35:30 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:51625->[192.168.2.51]
iso.3.6.1.2.1.1.3.0 0:12:44:16.62
iso.3.6.1.6.3.1.1.4.1.0 iso.3.6.1.6.3.1.1.5.5
iso.3.6.1.6.3.1.1.4.3.0 iso.3.6.1.4.1.8072.3.2.10

These basically translate into:

Code:

DISMAN-EVENT-MIB::sysUpTimeInstance 0:12:44:16.62
SNMPv2-MIB::snmpTrapOID.0 SNMPv2-MIB::authenticationFailure
SNMPv2-MIB::snmpTrapEnterprise.0 NET-SNMP-MIB::netSnmpAgentOIDs.10

Its the 'SNMPv2-MIB::snmpTrapOID.0 SNMPv2-MIB::authenticationFailure' bit that is giving it away for me :P

Dose anyone have any idea how to fix this???
My current train of thought is that its something to do with 'authCommunity log,execute,net public' in the snmptrapd.conf on the monitoring server..
or possibly the permissions on the snmpd.conf on the web-server

Code:

-rw------- 1 root root 4.9K 2012-02-03 03:36 snmpd.conf

if anyone can help here and stop me from going down the complete wrong track id be very grateful!!

Here is an update on what I currently have changed since my original post

On the web-server I have used 'sudo snmpconf -g basic_setup' again as I believe its the best chance of getting this thing working.
The output of this command is bellow

Code:

creature@newNode:/etc/snmp$ sudo cat snmpd.conf
[sudo] password for creature:

###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#
###########################################################################
# SECTION: Trap Destinations
#
#   Here we define who the agent will send traps to.

# trapsink: A SNMPv1 trap receiver
#   arguments: host [community] [portnum]

trapsink  192.168.2.51 public

# trap2sink: A SNMPv2c trap receiver
#   arguments: host [community] [portnum]

trap2sink  192.168.2.51 public

# informsink: A SNMPv2c inform (acknowledged trap) receiver
#   arguments: host [community] [portnum]

informsink  192.168.2.51 public

# trapcommunity: Default trap sink community to use
#   arguments: community-string

trapcommunity  public

# authtrapenable: Should we send traps when authentication failures occur
#   arguments: 1 | 2   (1 = yes, 2 = no)

authtrapenable  1






###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# rwuser: a SNMPv3 read-write user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rwuser  creature auth
rwuser  public auth

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rwcommunity  public 192.168.2.51



###########################################################################
# SECTION: System Information Setup
#
#   This section defines some of the information reported in
#   the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string

syslocation  project

# syscontact: The contact information for the administrator
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysContact.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  contact_string

syscontact  davd@the-ward-network.com






###########################################################################
# SECTION: Monitor Various Aspects of the Running Host
#
#   The following check up on various aspects of a host.

# proc: Check for processes that should be running.
#     proc NAME [MAX=0] [MIN=0]
#
#     NAME:  the name of the process to check for.  It must match
#            exactly (ie, http will not find httpd processes).
#     MAX:   the maximum number allowed to be running.  Defaults to 0.
#     MIN:   the minimum number to be running.  Defaults to 0.
#
#   The results are reported in the prTable section of the UCD-SNMP-MIB tree
#   Special Case:  When the min and max numbers are both 0, it assumes
#   you want a max of infinity and a min of 1.

proc  httpd 1 1
proc  ssh 1 5

# disk: Check for disk space usage of a partition.
#   The agent can check the amount of available disk space, and make
#   sure it is above a set limit.
#
#    disk PATH [MIN=100000]
#
#    PATH:  mount path to the disk in question.
#    MIN:   Disks with space below this value will have the Mib's errorFlag set.
#           Can be a raw integer value (units of kB) or a percentage followed by the %
#           symbol.  Default value = 100000.
#
#   The results are reported in the dskTable section of the UCD-SNMP-MIB tree

disk  /var 10%
disk  / 10%


# load: Check for unreasonable load average values.
#   Watch the load average levels on the machine.
#
#    load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
#    1MAX:   If the 1 minute load average is above this limit at query
#            time, the errorFlag will be set.
#    5MAX:   Similar, but for 5 min average.
#    15MAX:  Similar, but for 15 min average.
#
#   The results are reported in the laTable section of the UCD-SNMP-MIB tree

load  15 10 5

I have also dropped the firewall on both the monitoring server and web-server using

Code:

creature@newNode:/etc/snmp$ sudo ufw disable
Firewall stopped and disabled on system startup

creatureofthedark · 02-03-2012, 12:26 PM

for some reason snmp-get seems to work.....

Code:

creature@mon:~$ snmpget -v 1 -c public 192.168.2.13 .1.3.6.1.4.1.2021.9.1.7.1
UCD-SNMP-MIB::dskAvail.1 = INTEGER: 55712

this has confused me even more....

also I have stopped seeing the authentication errors.... pass on why or how.... iv not done anything to fix that...

here is a complete list of the current alerts i get after restarting snmpd on the web-server

Code:

Fri Feb  3 17:52:20 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:34163->[192.168.2.51]
DISMAN-EVENT-MIB::sysUpTimeInstance 0:14:16:01.45
SNMPv2-MIB::snmpTrapOID.0 NET-SNMP-AGENT-MIB::nsNotifyShutdown
SNMPv2-MIB::snmpTrapEnterprise.0 NET-SNMP-MIB::netSnmpNotificationPrefix

Fri Feb  3 17:53:00 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:46410->[192.168.2.51] 
DISMAN-EVENT-MIB::sysUpTimeInstance  0:0:00:00.16
SNMPv2-MIB::snmpTrapOID.0 SNMPv2-MIB::coldStart
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 192.168.2.13
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 "public"
SNMPv2-MIB::snmpTrapEnterprise.0 NET-SNMP-MIB::netSnmpNotificationPrefix

Fri Feb  3 17:56:52 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:46410->[192.168.2.51]
DISMAN-EVENT-MIB::sysUpTimeInstance 0:0:00:43.45
SNMPv2-MIB::snmpTrapOID.0 NET-SNMP-AGENT-MIB::nsNotifyShutdown
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 192.168.2.13
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 "public"
SNMPv2-MIB::snmpTrapEnterprise.0 NET-SNMP-MIB::netSnmpNotificationPrefix

Fri Feb  3 18:02:00 GMT 2012
192.168.2.13
UDP: [192.168.2.13]:51647->[192.168.2.51]
DISMAN-EVENT-MIB::sysUpTimeInstance  0:0:00:00.04
SNMPv2-MIB::snmpTrapOID.0 SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 NET-SNMP-MIB::netSnmpNotificationPrefix