Help with SNMP TRAP Handler

jozefrebjak · 13 May 2019 11:39

Please help,

i am trying to add auth snmp trap handler for edge-core L2 switch, here is what i added

in /librenms/Librenms/Snmptrap/

i added

<?php
/**
 * EdgeCosSuccessUserLogin.php
 *
 * -Description-
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @package    LibreNMS
 * @link       http://librenms.org
 */
namespace LibreNMS\Snmptrap\Handlers;

use App\Models\Device;
use LibreNMS\Interfaces\SnmptrapHandler;
use LibreNMS\Snmptrap\Trap;
use Log;

class EdgeCosSuccessUserLogin implements SnmptrapHandler
{
    /**
     * Handle snmptrap.
     * Data is pre-parsed and delivered as a Trap.
     *
     * @param Device $device
     * @param Trap $trap
     * @return void
     */
    public function handle(Device $device, Trap $trap)
    {
        Log::event('SNMP Trap: Success User Login: ' . $device->displayName(), $device->device_id, 'auth', 3);
    }
}

and in /librenms/config/snmptraps.php i added

'ES3528MO-MIB::swAuthenticationSuccess' => \LibreNMS\Snmptrap\Handlers\EdgeCosSuccessUserLogin::class,

And here is OID from that MIB,

swAuthenticationSuccess NOTIFICATION-TYPE
        OBJECTS     { trapVarLoginUserName, trapVarLoginMethod, trapVarLoginIPAddress, trapVarLoginTime }
        STATUS      current
        DESCRIPTION "This trap will be triggered if authentication is successful."
        ::= { es3528moTrapsPrefix 67 }

but i still getting in eventlog of device this message, what i am missing ?

SNMP trap received: SNMPv2-SMI::enterprises.259.6.10.94.2.1.0.67

Thanks

TheGreatDoc · 13 May 2019 12:18

You must configure your snmptrapd (daemon) to read the correct mibs.

At the startup line of the snmptrapd, add the dir where that mibs resides (along with the ones that are already added)

So your startup options should look like
...-M /opt/librenms/mibs:/opt/librenms/mibs/cisco:/opt/librenms/mibs/CHANGETHIS...

Of course, you must CHANGETHIS to the correct dir.

jozefrebjak · 13 May 2019 12:38

So when I have

ExecStart=/usr/sbin/snmptrapd -f -M /opt/librenms/mibs -m ALL

its wrong ?

jozefrebjak · 13 May 2019 12:41

Because I am getting correct TRAP about Port Down,UP for edgecos devices, also for STP what is new,

TheGreatDoc · 13 May 2019 12:54

Its not wrong, its just incomplete. If you check the /opt/librenms/mibsdir, you will see there are some mibs files directly there, and then sub-directories.

snmptrapd -M option is not recursive, so you need to specify each directory individually.

jozefrebjak · 13 May 2019 13:30

I changed it and now I am getting just in eventlog

SNMP trap received:

Here is a TRAP message from syslog

uz7-8.gecom.sk [UDP: [10.0.58.30]:1042->[10.0.1.21]:162]: Trap , iso.3.6.1.2.1.1.3.0 = Timeticks: (952171000) 110 days, 4:55:10.00, iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.4.1.259.6.10.94.2.1.0.67, iso.3.6.1.4.1.259.6.10.94.1.14.2.11 = Hex-STRING: 61 64 6D 69 6E 00 00 00 00 00 00 00 00 00 00 00 \01200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \01200 , iso.3.6.1.4.1.259.6.10.94.1.14.2.12 = INTEGER: 1, iso.3.6.1.4.1.259.6.10.94.1.14.2.13 = IpAddress: 46.150.192.145, iso.3.6.1.4.1.259.6.10.94.1.14.2.14 = Hex-STRING: 32 30 31 39 2D 35 2D 31 33 2C 31 35 3A 32 31 3A \01235 30 00 00 00

and i know that oid .1.3.6.1.4.1.259.6.10.94.2.1.0.67 is for Auth success, so i just want simple mesasge in eventlog about that, also for auth failed what is oid .66, but it is still not working for me, can somebody helpt with that ?

Heath_Barnhart · 13 May 2019 13:50

Could you copy paste what your the mibs directory line in the snmptrapd config file currently looks like?

jozefrebjak · 13 May 2019 13:57

Here is my service

[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
After=network.target
ConditionPathExists=/etc/snmp/snmptrapd.conf

[Service]
Environment="MIBSDIR=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp"
Type=simple
ExecStart=/usr/sbin/snmptrapd -f -M /opt/librenms/mibs:/opt/librenms/mibs/cisco:/opt/librenms/mibs/edgecos
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

MIB of device is here: /librenms/mibs/edgecos/ ES3528MO-MIB

for now i am carryng about auth

swAuthenticationFailure  .1.3.6.1.4.1.259.6.10.94.2.1.0.66
swAuthenticationSuccess  .1.3.6.1.4.1.259.6.10.94.2.1.0.67

php in /librenms/LibreNMS/Snmptrap/Handlers looks like this

<?php

namespace LibreNMS\Snmptrap\Handlers;

use App\Models\Device;
use LibreNMS\Interfaces\SnmptrapHandler;
use LibreNMS\Snmptrap\Trap;
use Log;

class EdgeCosSuccessUserLogin implements SnmptrapHandler
{
    /**
     * Handle snmptrap.
     * Data is pre-parsed and delivered as a Trap.
     *
     * @param Device $device
     * @param Trap $trap
     * @return void
     */
    public function handle(Device $device, Trap $trap)
    {
        Log::event('SNMP Trap: Success User Login', $device->device_id, 'auth', 3);
    }
}

and in /librenms/config/snmptraps.php i added

'ES3528MO-MIB::swAuthenticationSuccess' => \LibreNMS\Snmptrap\Handlers\EdgeCosSuccessUserLogin::class,

I want to figure it out how it works, in future i would like to add more handlers

TheGreatDoc · 13 May 2019 14:08

you have removed the -m ALL.

-M specify dir
-m is for mibs. If you dont set -m ALL, it wont read any mibfile

jozefrebjak · 13 May 2019 14:17

Fantastic, so It’s working

I am only getting some errors in snmptrapd service

service snmptrapd status
● snmptrapd.service - Simple Network Management Protocol (SNMP) Trap Daemon.
   Loaded: loaded (/lib/systemd/system/snmptrapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-05-13 16:14:54 CEST; 50s ago
 Main PID: 4173 (snmptrapd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/snmptrapd.service
           └─4173 /usr/sbin/snmptrapd -f -m ALL -M /opt/librenms/mibs:/opt/librenms/mibs/cisco:/opt/librenms/mibs/edgecos

May 13 16:15:32 librenms snmptrapd[4173]: Bad operator ((): At line 176 in /opt/librenms/mibs/CISCO-ENHANCED-IMAGE-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Too many textual conventions (INTEGER): At line 242 in /opt/librenms/mibs/CISCO-ENHANCED-SLB-MIB
May 13 16:15:32 librenms snmptrapd[4173]: : (is a reserved word): At line 242 in /opt/librenms/mibs/CISCO-ENHANCED-SLB-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Bad operator ((): At line 243 in /opt/librenms/mibs/CISCO-ENHANCED-SLB-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Too many textual conventions (INTEGER): At line 208 in /opt/librenms/mibs/CISCO-CONFIG-MAN-MIB
May 13 16:15:32 librenms snmptrapd[4173]: : (is a reserved word): At line 208 in /opt/librenms/mibs/CISCO-CONFIG-MAN-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Bad operator ((): At line 209 in /opt/librenms/mibs/CISCO-CONFIG-MAN-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Too many textual conventions (INTEGER): At line 96 in /opt/librenms/mibs/CISCO-IP-STAT-MIB
May 13 16:15:32 librenms snmptrapd[4173]: : (is a reserved word): At line 96 in /opt/librenms/mibs/CISCO-IP-STAT-MIB
May 13 16:15:32 librenms snmptrapd[4173]: Bad operator ((): At line 96 in /opt/librenms/mibs/CISCO-IP-STAT-MIB

I believe that this information is not very good covered in docs, for trap handler and for develop trap handlers.

Kevin_Krumm · 14 May 2019 11:15

Doc changes are welcome in the docs you can click the edit button on the top right and submit changes.