Date: Fri, 29 Mar 2024 14:39:37 +0000 (UTC) Message-ID: <1365829548.4169.1711723177420@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4168_901132612.1711723177420" ------=_Part_4168_901132612.1711723177420 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This page will describe the steps to configure opEvents to send = SNMP traps as a proof of concept, using the SNMPTRAP commandline tool.
A copy of the OPMANTEK-MIB.mib has been obtained, this is currently in D= RAFT state and is in the NMIS8 GIT source in /usr/local/nmis8/mibs/traps.= p>
opEvents has been installed and licensed.
opEvents is already processing events and "working".
NET-SNMP is installed on the target server and the snmptrap command shou= ld be /usr/bin/snmptrap
Where opEvents is installed, edit the file /usr/local/omk/conf/EventActi= ons.nmis, locate the section called scripts. The default configuratio= n file from /usr/local/omk/install includes this section:
=09'script' =3D&g= t; { =09=09'traceroute_node' =3D> { =09=09=09arguments =3D> '--max-hops=3D20 node.host', =09=09=09exec =3D> 'traceroute',=09=09=09# traceroute commonly isn't in = /bin =09=09=09output =3D> 'save' =09=09}, =09=09'ping_node' =3D> { =09=09=09arguments =3D> '-c 5 node.host', =09=09=09exec =3D> '/bin/ping',=09=09=09# but ping usually is =09=09=09output =3D> 'save' =09=09}, =09=09'ping_neighbor' =3D> { =09=09=09arguments =3D> '-c 5 event.element', =09=09=09exec =3D> '/bin/ping', =09=09=09output =3D> 'save' =09=09} =09},
We are going to be inserting the content below into that section.
In the output below, IP_ADDRESS_OF_TEMIP needs to be replaced with = the IP Address of the actual server.
=09=09'send_snmpt= rap_poc' =3D> { =09=09=09arguments =3D> '-v 2c -Ci -c OPMANTEK IP_ADDRESS_OF_TEMIP "" 1.= 3.6.1.4.1.4818.1.1 1.3.6.1.4.1.4818.2.1.1 s event._id 1.3.6.1.4.1.4818.2.1.= 2 s event.time 1.3.6.1.4.1.4818.2.1.3 s event.date 1.3.6.1.4.1.4818.2.1.4 s= event.node 1.3.6.1.4.1.4818.2.1.5 s event.host 1.3.6.1.4.1.4818.2.1.6 s ev= ent.event 1.3.6.1.4.1.4818.2.1.7 s event.element 1.3.6.1.4.1.4818.2.1.8 s e= vent.state 1.3.6.1.4.1.4818.2.1.9 s event.stateful 1.3.6.1.4.1.4818.2.1.10 = s event.details 1.3.6.1.4.1.4818.2.1.11 s event.type 1.3.6.1.4.1.4818.2.1.1= 2 s event.priority 1.3.6.1.4.1.4818.2.1.13 s event.level', =09=09=09exec =3D> '/usr/bin/snmptrap', =09=09=09output =3D> 'save' =09=09},
Once finished you will have a script section which looks like:
=09'script' =3D&g= t; { =09=09'send_snmptrap_poc' =3D> { =09=09=09arguments =3D> '-v 2c -Ci -c OPMANTEK IP_ADDRESS_OF_TEMIP "" 1.= 3.6.1.4.1.4818.1.1 1.3.6.1.4.1.4818.2.1.1 s event._id 1.3.6.1.4.1.4818.2.1.= 2 s event.time 1.3.6.1.4.1.4818.2.1.3 s event.date 1.3.6.1.4.1.4818.2.1.4 s= event.node 1.3.6.1.4.1.4818.2.1.5 s event.host 1.3.6.1.4.1.4818.2.1.6 s ev= ent.event 1.3.6.1.4.1.4818.2.1.7 s event.element 1.3.6.1.4.1.4818.2.1.8 s e= vent.state 1.3.6.1.4.1.4818.2.1.9 s event.stateful 1.3.6.1.4.1.4818.2.1.10 = s event.details 1.3.6.1.4.1.4818.2.1.11 s event.type 1.3.6.1.4.1.4818.2.1.1= 2 s event.priority 1.3.6.1.4.1.4818.2.1.13 s event.level', =09=09=09exec =3D> '/usr/bin/snmptrap', =09=09=09output =3D> 'save' =09=09}, =09=09'traceroute_node' =3D> { =09=09=09arguments =3D> '--max-hops=3D20 node.host', =09=09=09exec =3D> 'traceroute',=09=09=09# traceroute commonly isn't in = /bin =09=09=09output =3D> 'save' =09=09}, =09=09'ping_node' =3D> { =09=09=09arguments =3D> '-c 5 node.host', =09=09=09exec =3D> '/bin/ping',=09=09=09# but ping usually is =09=09=09output =3D> 'save' =09=09}, =09=09'ping_neighbor' =3D> { =09=09=09arguments =3D> '-c 5 event.element', =09=09=09exec =3D> '/bin/ping', =09=09=09output =3D> 'save' =09=09} =09},
The default policy starts with a section 1, which is going to match any = event.
=09'policy' =3D&g= t; { =09=09'1' =3D> { =09=09=09IF =3D> 'node.any and event.any', =09=09=09THEN =3D> { =09=09=09=09'10' =3D> { =09=09=09=09=09IF =3D> 'node.roleType eq "core" and event.event =3D~ "Do= wn"', =09=09=09=09=09THEN =3D> 'priority(+3)', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09}, =09=09=09=09'20' =3D> { =09=09=09=09=09IF =3D> 'node.roleType eq "distribution" and event.event = =3D~ "Down"', =09=09=09=09=09THEN =3D> 'priority(+2)', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09}, =09=09=09=09'30' =3D> { =09=09=09=09=09IF =3D> 'node.any and event.event eq "Node Down"', =09=09=09=09=09THEN =3D> 'script.traceroute_node() AND tag.isbroken(node= down) AND tag.verybad(42)', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09}, =09=09=09}, =09=09=09BREAK =3D> 'false' =09=09},
We are going to insert a new policy which will send an SNMP Trap for eve= ry event opEvents generates except for SNMP Traps which opEvents will gener= ate.
The if statement here is is going to be TRUE if the contents of the even= t name (event.event) do NOT contain OPMANTEK-MIB
=09=09=09=09'5' = =3D> { =09=09=09=09=09IF =3D> 'event.event !~ "OPMANTEK-MIB"', =09=09=09=09=09THEN =3D> 'script.send_snmptrap_poc()', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09},
The configuration will look like below.
=09'policy' =3D&g= t; { =09=09'1' =3D> { =09=09=09IF =3D> 'node.any and event.any', =09=09=09THEN =3D> { =09=09=09=09'5' =3D> { =09=09=09=09=09IF =3D> 'event.event !~ "OPMANTEK-MIB"', =09=09=09=09=09THEN =3D> 'script.send_snmptrap_poc()', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09}, =09=09=09=09'10' =3D> { =09=09=09=09=09IF =3D> 'node.roleType eq "core" and event.event =3D~ "Do= wn"', =09=09=09=09=09THEN =3D> 'priority(+3)', =09=09=09=09=09BREAK =3D> 'false' =09=09=09=09},
When you have finished editing the file you can check the file by runnin= g the command perl -c EventActions.nmis, the result should= be "syntax OK"
[keiths@nmisdev64= conf]$ perl -c EventActions.nmis EventActions.nmis syntax OK
Copy the file OPMANTEK-MIB.mib to the target system which will be receiv= ing the SNMP TRAPS. If this system is another vendors system, they wi= ll need to process the file into their system and confirm that it is done. = To load it into an Opmantek VM copy the file to /usr/local/nmis8/mibs= /traps and restart the SNMP Trap daemon "service snmptrapd restart".
The easiest way to generate an event in NMIS is to change a managed node= s host to an IP address which is unreachable and then restart the fpingd.pl= .
'host' =3D>= ; '1.2.3.4',
/usr/local/nmis8/= bin/fpingd.pl restart=3Dtrue
Check the GUI or watch the logs
tail -f /usr/loca= l/omk/log/common.log
Change the IP address back when your done and restart fpingd.pl