Next: , Up: (dir)

Snmptrap NodeBrain Module

This manual is for the Snmptrap NodeBrain Module (version 0.2, August 2014) used for receiving events via SNMP traps.

Copyright © 2014 Ed Trettevik <eat@nodebrain.org>

Permission is granted to copy, distribute and/or modify this document under the terms of either the MIT License (Expat) or NodeBrain License. See the Licenses section at the end of this document for details.
Short Table Of Contents

Table of Contents


Next: , Previous: Top, Up: Top

1 Concepts

The Snmptrap module provides a node that monitors SNMP V1 and V2 traps. This node listens on a specified port and interface for SNMP traps. By default, it listens to port 162 on all interfaces.

     
     	define snmptrap node snmptrap; # default to port 162
     	define snmptrap node snmptrap(50162); # alternate port
     	define snmptrap node snmptrap("127.0.0.1"); # interface address
     	define snmptrap node snmptrap("127.0.0.1:50162"); # both

When a trap is received, the node sends an alert command to its own context. Since this module is not MIB aware, the generated alert command references NodeBrain terms that are single quoted OIDs.

     	alert '<oid>'=<value>,...;

You can reference these OID terms in you NodeBrain rules or define aliases as illustrated in the example below.

     define snmptrap node snmptrap;
     snmptrap. define snmpTrap      cell '1.3.6.1.6.3.1.1.4.1.0';
     snmptrap. define myMsgText     cell '1.3.6.1.4.1.2789.2005.1';
     snmptrap. define myRestartTrap cell snmpTrap="1.3.6.1.4.1.2789.2005.0.2476317";
     snmptrap. define r1 if(myRestartTrap and myMsgText~~"WWW"):$ - echo "$${myMsgText}"

To send your own traps to this node, you will need a utility for sending traps. Examples are shown below using the snmptrap in the Net-SNMP package.

     snmptrap -v 1 -d -c public localhost .1.3.6.1.4.1.2789.2005 localhost 6 2476317 '' \
               .1.3.6.1.4.1.2789.2005.1 s "WWW Server Has Been Restarted"
     
     snmptrap -v 2c -d -c public localhost '' .1.3.6.1.6.3.1.1.5.3 \
               ifIndex i 2   ifAdminStatus i 1    ifOperStatus i 1
     


Next: , Previous: Concepts, Up: Top

2 Tutorial

Man is the only kind of varmint who sets his own trap, baits it, then steps on it. —John Steinbeck (1902–1968)
The Snmptrap node is used to monitor SNMP traps. This is one method of configuring NodeBrain to accept alerts from monitoring tools that are capable of sending SNMP traps. NodeBrain's Snmptrap node is a bit unusual in that it does not use MIBs. Instead, each trap is converted into a NodeBrain alert using single quoted OID terms.

     alert 'oid'="value",'oid'="value",...;

You must then code your rules referencing the oid terms. However, I recommend you define aliases for the OIDs of interest to make your rules more readable.

     #!/usr/local/bin/nb -d
     # File: tutorial/Snmptrap/snmptrap.nb
     -rm snmptrap.log
     set log="snmptrap.log",out=".";
     # Node
     define snmptrap node snmptrap:trace,dump;
     # Aliases
     snmptrap. define myProduct cell '1.3.6.1.6.3.1.1.4.3'="1.3.6.1.4.1.1279";
     snmptrap. define address cell '1.3.6.1.4.1.1279.4';
     snmptrap. define type    cell '1.3.6.1.4.1.1279.5';
     # Rules
     snmptrap. define r1 if(myProduct and type="hiccup");

The example above is only provided to illustrate the syntax for working with single quoted OID terms. You will need to adapt this example to the traps you want to monitor to construct useful rules. However, you can use this example to start collecting traps right away. The traps will show up in your snmptrap.log file. Then, you can figure out what you want to monitor.

Remove the :trace,dump from your Snmptrap node specification to reduce the amount of information in your log.

     define snmptrap node snmptrap;

You may use a silent option to stop logging the alerts generated by the Snmptrap node.

     define snmptrap node snmptrap:silent;


Next: , Previous: Tutorial, Up: Top

3 Commands

3.1 Define


Next: , Previous: Commands, Up: Top

4 Triggers

This module generates an alert for every trap received.


Next: , Previous: Triggers, Up: Top

Licenses

NodeBrain is free software; you can modify and/or redistribute it, including this document, under the terms of either the MIT License (Expat) or the NodeBrain License.


MIT License

Copyright © 2014 Ed Trettevik <eat@nodebrain.org>

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


NodeBrain License

Copyright © 2014 Ed Trettevik <eat@nodebrain.org>

Permission to use and redistribute with or without fee, in source and binary forms, with or without modification, is granted free of charge to any person obtaining a copy of this software and included documentation, provided that the above copyright notice, this permission notice, and the following disclaimer are retained with source files and reproduced in documention included with source and binary distributions.

Unless required by applicable law or agreed to in writing, this software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.


Previous: Licenses, Up: Top

Index