Cactiusers.org

Hey,

I've read in a seperate topic that it should be able to recieve traps with cacti? i'm very intrested in this since most of our network device can do this. Anybody has more info about this tool? How can i install/configure it?

Hello Brononi,

It is very easy and straight forward. You need to install

Snmptt(http://www.snmptt.org/) and load all devices(cisco,juniper) mibs in

SNMPTT. Configure cisco devices to send snmp traps to this box ,snmptt

will capture these traps ,format these and dump into syslog.

You will configure syslog-ng to filter SNMPTT logs and send all these events

in respective tables in mysql. Finally, cacti with haloe plugin will display

all these on webpage. I think it helps you.

If you need any configuration help or some thing else, I will be more than

happy to support you.

Thanks,

Farhan

sounds easy

I've started with snmptt, but get stuck with the configuration of that already.
Do I need to make extra tables in the 'cacti DB'? What are the exact settings for the snmptt.ini <> DB?


Thanks already!!!

I'm very interested in this as well,,, I have the haloe setup in cacti as well but i'd like to know if the notification part works?? I probably can get this setup to accept traps i guess, then into haloe but i want to know if haloe email function works?? Anyone else get this working?? with some typ of notification.

Farhan..

Can you provide the steps you took to setup all components of getting snmptt to work ..snmpd, snmptt, I already have the syslog-ng working with cacti. I'd just like to get same server to accept traps and translate them and send them over to syslog-ng. And in the end have alerting done from that in cacti

thanks

Hello Guys,

There is no need to create any extra table in cacti for snmptt. First of all you will install snmptt and then you muts have cisco or other vendor mibs. Then you will install these mibs through following commands

snmpttconvertmib --in=/tmp/ciscoMgmt/all --out=/etc/snmp/snmptt-cisco.conf

snmpttconvertmib --in=/tmp/juniper/all --out=/etc/snmp/snmptt-juniper.conf

And then you will have make following changes in snmptt.ini

snmptt_conf_files = <<END
/etc/snmp/snmptt-cisco.conf
/etc/snmp/snmptt-juniper.conf
END

And turn on syslog opetion in snmptt.ini like

syslog_system_enable = 1

So, in this way snmptt logs all the messages to syslog. And then you will

configure syslog-ng to filter these logs and insert in to database.

destination snmptt { file("/var/log/snmptt"); };
filter f_snmptt { program(snmptt); };
log { source(src); filter(f_snmptt); destination(snmptt); };

destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO haloe_incoming
(host, facility, priority, level, tag, date,time, program, message)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes));
};

log {
source(src); filter(f_snmptt);
destination(d_mysql);
};

Now syslog-ng filter the snmptt messages and insert into to mysql. Now you will configure haloe to view these messages.

I think it will help you.

Cheers,

Farhan

Thanks ...........I'll start working on that for sure...Dont' we also need snmptrapd running as well>>> Any special configs forthat ??

Off course you need to configure snmptrapd.conf for traphandling.

For standlone mode: Modify the snmptrapd.conf file by adding the following line:

traphandle default /usr/sbin/snmptt

For daemon mode: Modify the snmptrapd.conf file by adding the following line:

traphandle default /usr/sbin/snmptthandler

snmptrapd traps all snmp events and passes to snmptt.


Cheers,

Farhan

I already have syslog ng runninng on alinux box, I followed the instructions to set up snmptt to send the traps to my syslog ng that I can view on my cacti plugin


I was just hoping you could tell me how I can send a snmp trap message to my linux box so that I can view it with cacti

Thanks

I've setup snmptrapd and it works......i think ihave snmptt working?? But Ihave one question though..when I start snmptrapd i get a huge flood into my syslog server like tons?? How is this supposedto work ?? Isnt' only supposed to be traps coming from the server mibs and server or devices i've added///All i've added so far is 1 server and the 3 Dell mibs that come with OpenManage...and man its just a flood of stuff coming in./???

Any help would be awesome...anyone get this working in linux with all files and programs setup would be good?? example configs or just basic starting point

Hello gmailtester,

You need to configure devcies(cisco,juniper) to send snmp traps to your cacti box like as follow for cisco.

snmp-server trap-source FastEthernet0/0
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps bgp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps rtr
snmp-server host 10.10.10.10 public

I hope it helps

Hello spoonman,

Yes syslog will be flooded because snmptrapd and snmptt both sending

snmp messages to syslog but you have to care only snmptt. When cisco or

other device sends snmp trap to cacti box, snmptrapd and snmptt both

sends snmp traps in syslog. But we need only snmptt.


For this you have to configure syslog-ng to do this as follow.

destination snmptt { file("/var/log/snmptt"); };
filter f_snmptt { program(snmptt); };
log { source(src); filter(f_snmptt); destination(snmptt); };

destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO haloe_incoming
(host, facility, priority, level, tag, date,time, program, message)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes));
};

log {
source(src); filter(f_snmptt);
destination(d_mysql);
};



So, in this way syslog-ng only insert snmptt record in mysql and haloe will display these for you. In this way you will get rid of linux generic syslog messages(crond,mail,console etc) as well.

Cheers,

Farhan

What is it constantly sending? Why doesnt' it only send traps that the devices are setup to send traps on?

What do you mean with all? I'm trying to do it for our checkpoint machines, but when i unzip the mib file, a lot of TXT files are placed. Do i need to convert them all one by one, or is there a way to convert them all in one file?




How do i configure this syslog-ng? Is this a tool that i must install seperated? Or is it standard with cacti/haloe?


Sorry for the maybe stupid questions... :$

Brononi,

You can load all files one by one or can write a perl script. I have a perl

script for this. You can copy all your checkpoints file in /tmp/checkpoint

directory and run following script


#!/usr/bin/perl

sub getfiles {

opendir(DIR,"/tmp/checkpoint");

while($file = readdir(DIR)) {

if($file !~ /^\./) {

foreach $all ($file) {

system("/root/snmptt_1.1/snmpttconvertmib --in=/tmp/ciscoMgmt/$all --out=/etc/snmp/snmptt-d.conf");
print "$all\n";
}
}
}
closedir(DIR);
}

&getfiles;

Syslog-ng is separate from cacti. It is like generic syslog daemon.

Cheers,

Farhan