VMware Cloud Community
ComradeKev_hype
Contributor
Contributor
‎01-19-2010 10:47 AM

Intercepting SNMP traps

OK, I've been searching the last year's worth of forum topics for help on setting up HQ to intercept SNMP traps and haven't gotten it right yet.

I have a piece of software that produces SNMP traps and can forward them to a IP/port that I'm able to configure. The application uses OUTBOUND only SNMP and cannot be queried.

Currently, I have HQ server installed on one desktop and the SNMP enabled application on another. Using wireshark, I can see the traps making it to my server (if that's the destination ip/port I've configured), but I'm unable to capture the traps with HQ.

Here are some of the combinations I've tried with the results:

HQ agent installed on application client with traps sent to it's own IP (not 127.0.0.0) using various ports (162, 2144, 7080). I don't see any network activity making it to my HQ Server.

HQ agent installed on the server with traps sent to its IP and ports (162, 2144, 7080). Using ports 2144 and 7080 I get error messages in wireshark that the 'destination unreachable (port unreachable)'. However, using port 162, I can see the SNMP traps arriving on my server- just not displayed in HQ.

I've tried setting up the Network Device as instructed. It appears to work, but no metrics are displayed (and no traps). Looking further on the Monitor tab, it gives the error error message 'Unable to connect to SNMP Agent (snmp:null null,null)'. When I go to the Configuration Properties, it defaults the snmpIp to the client application IP, the snmpPort to 161, and the transport, version, and community. The transport and version are defaulted correctly, for the community, we use a string other than public. No matter what combination of IPs and ports I put in, I get the error message 'Unable to connect to [ip:port]: Connection refused: connect'

I've tried using the version 1 option as I've seen that it helps others, but it doesn't resolve anything.

I'm hoping someone can figure out what the heck I've done wrong.

Thanks in advance!
Kev

I've tried installing the agent on the server as well as the app. client and forwarding the traps to each using the default 2144 and 7080 ports but I get
0 Kudos
9 Replies
admin
Immortal
Immortal
‎01-20-2010 07:32 PM

Hi Kev,

Have you configured the HQ agent to act as a SNMP Trap receiver? If not, you need to add the following line to the agent.properties file for the HQ agent

snmpTrapReceiver.listenAddress=udp:0.0.0.0/162

If the HQ agent doesn't run as a privileged user, then you would need to change 162 to a non-privileged port and configure the SNMP agent to send to that port.

If you also set "agent.logLevel=DEBUG" in the agent.properties file, upon agent start you should see a log line like:

DEBUG [SNMPTrapReceiver] snmpTrapReceiver.listenAddress=udp:0.0.0.0/162

If you are not seeing the above in the agent.log(in DEBUG mode), then it's not picking up the snmpTrapReceiver.listenAddress property.

You should also be able to use netstat on the host to see if it is listening on that port.

Once you have that setup and running, you can then configure the SNMP agent to send to the IP address/port that the HQ agent is listening on(as set by snmpTrapReceiver.listenAddress=).

Since, you mentioned that you can't query the SNMP agent, you can't create a platform for the SNMP Agent as the platform will want to query the SNMP agent. Instead, any traps received by the agent will appear on the default(aka hostname of the host) platform for the agent. The SNMP agent not accepting queries is the reason you are experiencing the issues configuring the platform you created. So that step in the instructions can be skipped.
ComradeKev_hype
Contributor
Contributor
‎01-21-2010 11:10 AM

OK, that explains why I couldn't set up the 'Network Device.'

I've configured my SNMP enabled application on the remote desktop to direct the traps to my HQ Server workstation at port 1620.

I installed an HQ Client on the HQ Server workstation and modified its snmpTrapReceiver.listenAddress as directed and verified the log message on startup of the agent.

I can now see the traps travelling across the network on both machines using WireShark. I can even see a note in the agent.log file regarding the SNMP trap. However, I'm not seeing it show up in the HQ Dashboard.

The log message is: 'DEBUG [SNMPTrapReceiver.0] [SNMPTrapReceiver] No plugin for [IP], routing to default platform: 1:10015'

This is followed by another message that looks like it might have the MAC address or something in it- but I'm not seeing the actual message:
'DEBUG [SNMPTrapReceiver.0] [SNMPTrapReceiver] Msg=07:da:01:xx:xx:xx:xx:xx:xx:xx:xx, machinename, 1.x.x.x.x.x.xxxxx.x.x.x.xx, 0, up' (all x's are just masking hex data that I'm unfamiliar with)

Is that 2nd message directing me elsewhere, and how can I get them to show in the Dashboard?

I'm close. I appreciate your help!
Kev
0 Kudos
ComradeKev_hype
Contributor
Contributor
‎01-21-2010 11:21 AM

OK, looking a little closer, I am seeing the log messages in the Dashboard.

If I click on the resource (local workstation) on the Dashboard, it takes me to the 'Resources' tab for that workstation. At the bottom of the 'Indicators' pane I can see the small purple dots in the Events/Logs Tracking. Clicking on one of those, it displays the same hex looking log id mentioned in my previous post above.

But that still doesn't help me to display the actual trap data (with human readable problem reporting) that was sent from the SNMP enabled application.

Kev
0 Kudos
excowboy
Virtuoso
Virtuoso
‎01-22-2010 10:17 PM

Hi,

as far as I know Hyperic HQ does not translate traps from numerical form at the moment.

Mirko
0 Kudos
fcbsmarts
Contributor
Contributor
‎01-23-2010 08:03 PM

I am having the same issue.

I create the SNMP Trap platform, setup the hyperic agent as the proxy agent.etc,etc. The inventory config worked.

I cannot get the traps to show up on the SNMP Platform dashboard. They will only show up on the local host dashboard. I change the agent to use 1620 and if I disable "platform.log_track.enable" on the local host then I get the [SNMPTrapReceiver] No plugin for xxx.xxx.xxx.xxx. where xxx is the ip address of the sending snmptrap generator.

What am I doing wrong here?
0 Kudos
fcbsmarts
Contributor
Contributor
‎03-04-2010 07:03 AM

Finally got mine working....

There is a caveat to make this work. The community string sent by the snmp trap sender must equal the trap senders snmp polling password.
0 Kudos
ryuu
Contributor
Contributor
‎03-25-2010 04:57 AM

Hi !
How did you got it working ?

Here is my situation :

1) I can see the traps in the agent log file :
DEBUG [SNMPTrapReceiver.0] [SNMPTrapReceiver] Msg= <trap msg>
However, I don't see them in the server Dashboard, or the platform monitor or anything.
How can see them ?

2) I guess I have to write a plugin for the server to recognize the the different OID of the trap. How can I do it ? Is there any tuto ?

Thank you for answering !

Thomas
0 Kudos
excowboy
Virtuoso
Virtuoso
‎03-25-2010 10:02 AM

Hi,

1)
Traps appear on the platform page like log tracking events. Please See the screenshot below "View Log Events" section in
http://support.hyperic.com/display/DOC/Log+Tracking

2) There is currently no translation of trap messages and I am not quite sure if you can modify the server easily to do a translation.

Cheers,
Mirko
0 Kudos
ryuu
Contributor
Contributor
‎03-26-2010 07:40 AM

Thank you Mirko !
0 Kudos