VMware Cloud Community
kingpin_hyperic
Contributor
Contributor
‎04-18-2007 04:19 PM

Receiving SNMP Traps

It seems that receiving SNMP traps is now available with version 3.0; however, I'm stumped. I've tried in both the OSS and Demo Enterprise version. Ideally, I'd like to be able to have Hyperic handle incoming SNMP traps and generate alerts. Is this feasible?

Part of the problem is that I'm not sure exactly how to conceptualize this -- should the HQ agent handle the traps or should they be sent directly to the HQ server?

Any information would be really useful -- this is a fantastic product.
Reply
0 Kudos
12 Replies
sjmh
Enthusiast
Enthusiast
‎04-18-2007 04:45 PM

I'm not sure that Hyperic can RECEIVE SNMP traps. It can, however, be setup to SEND them ( http://support.hyperic.com/confluence/display/DOCSHQ30/Enabling+SNMP+Traps ). At least, I haven't seen anywhere that Hyperic can act as a collection repository for SNMP traps, but I could be totally wrong.

I take it you have some other monitoring applications that watch SNMP OIDs and send traps out and you want them to show up via the Hyperic dashboard and go out via emails? If so, why not just get rid of those applications and instead use Hyperic to monitor the OIDS?
Reply
0 Kudos
dougm_hyperic
VMware Employee
VMware Employee
‎04-18-2007 09:15 PM


Yes, HQ can receive SNMP traps, but it isn't well advertised.  The trap receiver is turned on by enabling log tracking for a Network Device, Cisco IOS, etc., platform.  The catch is that HQ agent must be able to bind to the default udp 162 to listen.  However, this can be changed in agent.properties like so:
snmpTrapReceiver.listenAddress=udp:0.0.0.0/1620

We're happy to improve/document this feature of course.

On Apr 18, 2007, at 4:19 PM, kingpin wrote:

It seems that receiving SNMP traps is now available with version 3.0; however, I'm stumped.  I've tried in both the OSS and Demo Enterprise version.  Ideally, I'd like to be able to have Hyperic handle incoming SNMP traps and generate alerts.  Is this feasible?

Part of the problem is that I'm not sure exactly how to conceptualize this -- should the HQ agent handle the traps or should they be sent directly to the HQ server?

Any information would be really useful -- this is a fantastic product.



Reply
sjmh
Enthusiast
Enthusiast
‎04-18-2007 10:53 PM

Learn something new everyday. 🙂

Does the trap receiver only accept traps from the specific host that log tracking is enabled for or does turning it on a single network device enable traps to be sent in from any host?
Reply
0 Kudos
dougm_hyperic
VMware Employee
VMware Employee
‎04-19-2007 05:48 AM


I believe it will allow traps to be sent from any host.  We should have an option (perhaps the default?) to only accept from the same ip being used for metric collection.  What are your thoughts on this?

On Apr 18, 2007, at 10:53 PM, Steven Hajducko wrote:

Learn something new everyday. 🙂

Does the trap receiver only accept traps from the specific host that log tracking is enabled for or does turning it on a single network device enable traps to be sent in from any host?



Reply
0 Kudos
kingpin_hyperic
Contributor
Contributor
‎04-19-2007 09:14 AM

Basically, I'm looking at replacing OpenNMS with Hyperic. I have a few racks of Dell servers running OpenManager Server Admin. When certain events happen (i.e. high temp, bezel removal, etc) it fires off an SNMP trap. I'd like to have Hyperic accept and alert via SMS if the conditions meet. I had all of this with OpenNMS, but Hyperic is much more full featured and provides application layer information which would take lots of custom work with any other NMS system.
Reply
0 Kudos
kingpin_hyperic
Contributor
Contributor
‎04-19-2007 09:15 AM

Thanks to the info, I was able to set it up to receive traps. You'll have to run the agent as root in order to bind to a reserved port (which can be avoided with the line you provided as well), but that's okay in my case.

Now, is this an enterprise only feature or OSS enabled as well? Back to testing.

Thanks for your help.
Reply
0 Kudos
sjmh
Enthusiast
Enthusiast
‎04-19-2007 09:22 AM

Doug,

There might be a use for being able to limit it to the IP sent although I can't think it'd be a huge concern. My point was more along the lines of does the log enabling allow snmp traps from regular platforms ( AIX, Linux, Windows, etc ), rather than just the SNMP type systems ( Cisco, Network Device ) or would one have to add a SNMP platform and enable log tracking in order to start allowing traps to be sent from my AIX/Linux/Windows platforms?

Thanks!
Reply
0 Kudos
kingpin_hyperic
Contributor
Contributor
‎04-20-2007 11:16 AM

This actually appears to be incorrect.

It seems to only allow traps sent from the IP specified in the metric collection. I would actually prefer it the other way; however, to get around this, I've setup a second interface on the machine and have net-snmp forward any trap to the new interface. This makes it look like (to HQ Agent) that the trap came from itself and thus the agent accepts and fires the alerts appropriately.

IMO, this is a good way to handle it -- a single NetDevice platform can be setup as a 'Trap Sink' and all traps are handled in one place.
Reply
0 Kudos
kingpin_hyperic
Contributor
Contributor
‎04-20-2007 11:20 AM

In my experience, the answer is the latter. You would have to add a NetDevice platform and enable log tracking in order to receive SNMP traps.

Enabling log tracking on a Linux platform doesn't seem to start a trap receiver.
Reply
0 Kudos
e37
Contributor
Contributor
‎05-03-2007 01:34 PM

This thread has really helped, but still questions remain...

Starting from the beginning for me (sorry), I expect the agent to bind to this port (udp:1620) and it's not. I've added the following to the agent.properties file

# Custom
snmpTrapReceiver.listenAddress=udp:0.0.0.0/1620
and I've also tried
# Custom
snmpTrapReceiver.listenAddress=udp:1.2.3.4/1620

where 1.2.3.4 is the IP of the agent server. Nothing is already bound to this port. Is there something else that needs to be configured within the agent?
Reply
0 Kudos
cwitt_hyperic
Hot Shot
Hot Shot
‎05-23-2007 05:02 PM

We've added some new documentation to faciliate setting up the SNMP trap receiver on an HQ agent, and configuring the network device for acting upon those traps. See it here:

http://support.hyperic.com/confluence/display/DOCSHQ30/Agent+SNMP+Trap+Receiver

Additional questions, or comments welcome as a continuation of this thread. Specifically, some have kicked around the idea that it might make sense to change the default agent listen port for SNMP traps from 162 to 1620 (from a privileged port to a unprivileged port). This would allow the SNMP trap receiver setup to work as a non-root user by default, and would therefore require no modification to the agent.properties file.

Message was edited by: cwitt
Reply
0 Kudos
gb1
Enthusiast
Enthusiast
‎05-28-2007 03:42 AM

Found this thread, good info.. However, I have enabled traps in my agent and verified by doing a netstat and it's listening on udp port 1620.

Then in my platform I have checked "platform.log_track.enable"

I then set up my Cisco router with:

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host "ip addr" "community" udp-port 1620

I have verified with tcpdump that the agent box is receiving a udp packet on port 1620 when I disconnect a port.

I then set up an alert on one specific port of the cisco box and checked "Events/Logs Level: Any" and "each time conditions are met"

But I'm still not getting an alert when the trap comes in.. What am I missing here?

Thanks,

Gary
Reply
0 Kudos