- op5 Monitor with op5 Trapper Extension
- A Cisco device configured to send traps to op5 Monitor and with trap type set as "syslog"
To Configure a Cisco device to send traps to op5 Monitor and with type "syslog" as covered in this example do the following:
op5 Monitor and op5 Trapper configuration:
Create a destination host and service for your traps, this service need to be added manually for this example to work. You also need to disable active checks as traps are handled as passive results from trapper.
In this example trap-handler (rule) we have a host called "op5-system" which has a service named "Interface linkstatus".
Log on to your server using ssh and create the directory where you will place your rules:
Next we'll create a file containing our trapper-handler in your favorite editor, we use "vi" in this example:
Paste the following code to our newly created file:
And save your handler-file with :wq
Note: This handler, when loaded in op5 Trapper will match all traps of the type (Cisco Syslog MIB) and set severity in Monitor as stated in our rule (severity 1-4 we set as CRITICAL, 5 as WARNING and 6-8 as OK-state)
Now we need to tell op5 trapper to create our handler:
Update the handler from the file we created earlier:
To verify your handler was created simply use the command "list handlers":
Note: At this stage we have our handler loaded but it will not match on any incoming traps yet so we need to tell trapper which trap-OIDs should be associated with this handler (In most cases you probably have several handlers for different types of devices)
Create a bind between the trap OID and our cisco-syslog handler:
And verify that your handler is associated correctly:
Next restart trapper:
Now when you have your handler loaded it's time to test it!
Take a look in the op5 Trapper view in Monitor, you should see a new line as in the screenshot below:
This handler has a lot of logging enabled by default so we can follow how a trap is handled (/var/log/messages)
Log explained in more detail:
- Received SNMP trap with OID: .18.104.22.168.22.214.171.124.41.2
- Trap OID
- SNMP trap matches handler: cisco-syslog
- Matched handler
- Trap from: demo.op5.com
- Trap sending device or host (info from trap-daemon)
- Resulting host: switch1-sth
- device to host mapping (if other than trap.host)
- Trap type is: UPDOWN
- Trap type (Cisco syslog)
- Result service is: Interface linkstatus
- Trap type to service mapping
- Trap severity is: 4
- Actual severity in the original trap
- Severity to state: 2
- How we translate trap-severity to op5 Monitor severity (0=OK, 1=WARNING, 2=CRITICAL, 3=UNKNOWN)
- Trap message is: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
- Trap message
- Tag matching: GigabitEthernet1/0/13
- Not covered in this howto, please see trapper manual.
- SNMP trap handler executed.
- The state of Interface linkstatus at switch1-sth is now CRITICAL
- op5 Monitor status change (and not just trapper state change for a specific "tag")
- Message: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
- Resulting status output in op5 Monitor.
If we take a look in op5 Monitor log files /opt/monitor/var/nagios.log you will see the result submitted by trapper to Monitor and the service will be updated with the actual status:
Note: If you see a message below this line saying something similar to "host could not be found/host missing/unknown host" or "service missing/unknown" the problem is most likely caused by the hostname resolved by trapper is not configured in op5 Monitor or it could be configured using a different name.