After reading the files in LibreNMS/Snmptrap/Handlers it seems like an snmp trap in is handed over to LibreNMS in it’s numeric form and there the different handlers do a substring search on that numeric content. Right? How are snmp traps processed in LibreNMS?
It would be great to have tools like SNMPTT or the net-snmp’s own snmptranslate have the traps translated to human readable form and then written into the event log. Is this already possible and I just missed that part in the documentation?
Hi, they aren’t in numeric form.
About SNMPTT, there is another PR (WIP) that will do that, but by now the only way is to manually add support to other traps.
config/snmptraps.php contains the map of traps to Handlers.
The SNMPTT PR needs to be updated, but I don’t think the original author is working on it anymore: https://github.com/librenms/librenms/pull/8134 I’ve made a comment of changes that are needed.
After reading through the PR, I think there is something missing (I’m not talking about the manpower …).
Our monitoring system right now manages traps like this:
snmptrapd -> SEC -> snmptt -> NagTrap -> Nagios
Finding snmptt back in the day was a revelation to me, but what made the whole thing working for us was including SEC (Simpel Event Correlator) into the chain: some devices, especially old PSUs (You know, the ones that only speak SNMP v1 - yes, that old!), tend to send traps on a minute basis (sometimes on a 20 second basis) when they think, the reason is critical. And You can’t configure away that behavior. Also, some old HP switches tend to flood the net with traps of the same OID or of correlating OIDs. With some HP firmware releases You can configure the traps beeing sent on a very granular basis, with some You can’t (You can only switch of traps globally). And sometimes with the next release, a configuration option just disapears, no matter if it’s an old HP or a new one. So, working in a very heterogeneous network environment, I used SEC to filter out unwanted traps and traps, that were simply “too much”.
Now, with LibreNMS, how are traps filtered? Can they be filtered? Is there some kind of trap-frequency filter (f. e. “just on trap per 10 Minutes of the same OID”)? Or are they just piped into LibreNMS as they reach the snmptrapd?
If they aren’t filtered / can’t be filtered, it might be worth a thought to establish something like that to get rid of that constant “trap bias”. The other way would be to hand the traps first over to SEC for correlation / filtering and then to LibreNMS/SNMP Trap Manager for translation and putting them into the event log…
If I’m completely wrong, please tell me so. (… then I must really dig into our network configuration )