We started this journey about SNMP traps installing a SNMP Trap Handler, which is part of Net-SNMP package, in my previous post. Now, the last tile of this processing chain is a SNMP Trap Translator in charge of “translating” notifications received from snmptrapd daemon into easy to understand messages by means variable substitution. In addition, SNMPTT can also filter traps using their attributes (hostname, ipa, etc.), apply regexp search & replace algorithms, log to several kind of destinations (syslog-ng as well) or pass translated messages to monitoring clients (like Nagios) by executing external programs or scripts. Yes, it’s a full featured snmp tool indeed! Now, let’s see how to make it available to the end user.
Schema
Architecture
The SNMP Trap Translator is a structure based on the following components:
- /usr/local/sbin/snmptt: the daemon, it’s a Perl script responsible for translating received traps on a customized format;
- /etc/init.d/snmptt: a launch script which allow to start and stop the daemon easily;
- /etc/snmp/conf/snmptt.ini: the daemon configuration file;
- /etc/snmp/snmptt.conf: a configuration file including all MIBs definitions and their translations rules;
- /var/spool/snmptt: temporary store for received traps.
- /var/log/snmptt: log files directory;
Pre-requisites
Perl is your first requirement and in this case you have the choice between using an already built package or (more challenging!) compiling it by yourself using the instructions reported in my post. You decide! 😉
Furthermore, before using the SNMP Trap Translator Perl scripts, you need some additional modules that you can download from CPAN (if you’re in trouble use my post about this topic):
- Exporter::Tiny
- List::MoreUtils
- Config::IniFiles
Other required modules that should be already part of your Perl distribution are:
- Text::ParseWords
- Getopt::Long
- POSIX
- Time::HiRes
- Sys::Hostname
- File::Basename
- Text::Balanced
Install
Download the SNMP Trap Translator package from its homesite.
The installation process should be carried out with the “root” user:
# su - root
Let’s start by unzipping snmptt’s source files under /tmp directory (take care to use the GNU version of the tar command!), then make “root” their owner and group:
# cd /tmp # /usr/local/bin/tar xzvf snmptt_1.4.tgz # chown -R root:root snmptt_1.4 # rm snmptt_1.4.tgz
Then, make a copy of snmptt, snmptthandler and snmpttconvertmib files under /usr/local/sbin, giving all execution permissions:
# cd snmptt_1.4 # cp snmptt snmptthandler snmpttconvertmib /usr/local/sbin # chmod +x /usr/local/sbin/snmptt # chmod +x /usr/local/sbin/snmptthandler # chmod +x /usr/local/sbin/snmpttconvertmib
It’s also mandatory to modify all the above scripts, so that they point to the right version of Perl (in my case is /usr/local/bin/perl):
# vi /usr/sbin/snmptt /usr/sbin/snmptthandler /usr/sbin/snmpttconvertmib FROM : #!/usr/bin/perl TO : #!/usr/local/bin/perl
After that, copy snmptt.ini configuration file under /etc/snmp/conf and change its owner and group:
# cp snmptt.ini /etc/snmp/conf/ # chown root:sys /etc/snmp/conf/snmptt.ini
You can also exploit the bundled snmptt.logrotate file if you have logrotate installed in your operating system (see my post). Since we are going to use the Service Management Facility to manage the SNMPTT daemon, please change the logrotate references to the “snmptt” script with the invocation of the svcadm command, as shown in the file below:
/var/log/snmptt/snmptt*.log /var/log/snmptt/snmptthandler.debug { weekly notifempty missingok } /var/log/snmptt/snmptt.debug { weekly notifempty missingok postrotate /usr/sbin/svcadm restart snmptt >/dev/null 2>/dev/null || true endscript }
Copy it in the common configuration path /etc/logrotate.d and schedule an execution in root’s crontab:
# cp snmptt.logrotate /etc/logrotate.d/snmptt # export EDITOR=vi # crontab -e 00 00 * * * /usr/local/sbin/logrotate /etc/logrotate.d/snmptt > /dev/null 2>&1
Then, we need to create the following paths:
- a spool directory to read received traps from:
# mkdir /var/spool/snmptt
# mkdir /var/log/snmptt
Finally, remove source directory:
# rm -R /tmp/snmptt_1.4
Configure
SNMP Trap Translator has a unique file for configuration, named snmptt.ini. Everyone has its own requirements, so it’s quite difficult to define a general configuration good for every situation. With respect to my needs, I usually change the following default values:
- General ⇒ mode = daemon
- General ⇒ multiple_event = 0
- General ⇒ description_mode = 1 (means enable trap description text taken from MIBs)
- DaemonMode ⇒ daemon_uid = blank (means no child process with different UID)
- Logging ⇒ log_system_enable = 1
- Logging ⇒ unknown_trap_log_enable = 1
- Logging ⇒ syslog_enable = 0
- Logging ⇒ syslog_facility = daemon
- Logging ⇒ syslog_system_facility = daemon
- Debugging ⇒ DEBUGGING = 2 (means out all messages)
- Debugging ⇒ DEBUGGING_FILE, uncomment already defined path
- Debugging ⇒ DEBUGGING_FILE_HANDLER, uncomment already defined path
Regarding the “multiple_event” field, I don’t want multiple trap definitions to be executed for the same trap notification, so I prefer to stop after the first match.
If you have a domain and want to strip it from the host name that send the trap, you can define your domain names and activate this feature:
- General ⇒ strip_domain = 2 (means strip domains define by the list)
- General ⇒ strip_domain_list = “your-domain“
Finally, at the end of the file you can specify a list of configuration files describing what events have to be recognized and, for each one, the action to be executed. Read the convertmib doc page for further informations about how a configuration file of this kind can be created. The action taken at the SNMP Trap arrival can be whatever, for example a common used task is to write a message on a file watched by a monitoring system, for example Nagios.
Start SNMP trap translator as a service (using SMF)
Login as “root” user and copy this customized startup / shutdown script:
#!/bin/sh # # $Id: init.d.solaris,v 1.0 2009/11/06 08:00:00 Luca Merello Exp $ # ########### # PROGRAM # ########### PROG_DESCR=SNMPTT PROG_NAME=/usr/local/sbin/snmptt PROG_PID=/var/run/snmptt.pid PROG_OPTIONS="--daemon --ini=/etc/snmp/conf/snmptt.ini" ############# # FUNCTIONS # ############# RETVAL=0 start() { echo -n $"Starting $PROG_DESCR ..." $PROG_NAME $PROG_OPTIONS RETVAL=$? echo return $RETVAL } stop() { echo -n $"Stopping $PROG_DESCR ..." pkill -f $PROG_NAME 2>/dev/null RETVAL=$? echo if test -f $PROG_PID ; then [ $RETVAL -eq 0 ] && rm -f $PROG_PID fi return $RETVAL } reload() { echo -n $"Reloading config file of $PROG_DESCR ..." pkill -HUP -f $PROG_NAME RETVAL=$? echo return $RETVAL } restart() { stop start } case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload|force-reload) reload ;; *) echo $"Usage: $0 {start|stop|restart|reload|force-reload}" RETVAL=1 esac exit $RETVAL
to /etc/init.d directory:
# su - root # mv /tmp/snmptt /etc/init.d/ # chown root:sys /etc/init.d/snmptt # chmod 744 /etc/init.d/snmptt
After that, copy this customized manifest file:
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='snmptt'> <service name='application/snmp/snmptt' type='service' version='1'> <create_default_instance enabled='false' /> <single_instance /> <!-- Wait for network interfaces to be initialized. --> <dependency name='network' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/network:default' /> </dependency> <!-- Wait for all local filesystems to be mounted. --> <dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local:default' /> </dependency> <exec_method type='method' name='start' exec='/etc/init.d/snmptt start' timeout_seconds='60' /> <exec_method type='method' name='stop' exec='/etc/init.d/snmptt stop' timeout_seconds='60' /> <exec_method type='method' name='restart' exec='/etc/init.d/snmptt restart' timeout_seconds='60' /> <stability value='Evolving' /> <template> <common_name> <loctext xml:lang='C'> SNMP Trap Translator </loctext> </common_name> </template> </service> </service_bundle>
to /tmp directory, then enable the snmptt service through Solaris SMF with the following instructions:
# mv /tmp/snmptt.xml /var/svc/manifest/application/snmp/ # chown root:sys /var/svc/manifest/application/snmp/snmptt.xml # chmod 444 /var/svc/manifest/application/snmp/snmptt.xml # svccfg validate /var/svc/manifest/application/snmp/snmptt.xml # svccfg -v import /var/svc/manifest/application/snmp/snmptt.xml svccfg: Taking "initial" snapshot for svc:/application/snmp/snmptt:default. svccfg: Taking "last-import" snapshot for svc:/application/snmp/snmptt:default. svccfg: Refreshed svc:/application/snmp/snmptt:default. svccfg: Successful import.
Note:
if something goes wrong during manifest import, the procedure can be repeated after deleting the old file as follows:# svccfg delete svc:/application/snmp/snmptt:default
# svcs -xv snmptt svc:/application/snmp/snmptt:default (SNMP Trap Translator) State: disabled since January 01, 2015 08:00:00 AM CET Reason: Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05 Impact: This service is not running. # svcadm enable snmptt
Then, check corresponding log file so as to verify a proper start:
# more /var/svc/log/application-snmp-snmptt:default.log [ Jan 01 08:00:00 Enabled. ] [ Jan 01 08:00:00 Executing start method ("/etc/init.d/snmptt start") ] -n $Starting SNMPTT ... Could not open configuration file: /etc/snmp/snmptt.conf (No such file or directory) at /usr/local/sbin/snmptt line 2723. PID file: /var/run/snmptt.pid [ Jan 01 08:00:00 Method "start" exited with status 0 ]
Note that the lack of configuration file /etc/snmp/snmptt.conf is expected, since at this time we have not yet converted any MIB for the translating process (see configuration paragraph).
If you want to go into details, use ps command to see the daemon running:
# ps -ef | grep snmptt root 28035 1 0 Jan 01 ? 0:03 /usr/local/bin/perl /usr/local/sbin/snmptt --daemon --ini=/etc/snmp/conf/snmptt
In this way, starting, stopping and restarting snmptt can be accomplished exclusively using svcadm command:
# svcadm enable snmptt # svcadm disable snmptt # svcadm restart snmptt
Even this effort was completed at the end … make good use! 😀