You are here

SNMP Trap proxies with Opsview - using wrong IP to identify host

2 posts / 0 new
Last post
aledt
aledt's picture
SNMP Trap proxies with Opsview - using wrong IP to identify host
Hi guys,   I have a system which is collating SNMP traps from over a dozen other servers and, once it's filtered them, proxies the traps onwards to Opsview for alerting. The problem I have is that Opsview is using the IP from the IP header to figure out which server it should match instead of the IP inside the trap itself, here's an example:   172.16.1.206 UDP: [172.16.1.206]:48790->[172.16.9.200] DISMAN-EVENT-MIB::sysUpTimeInstance 79:19:53:10.69 SNMPv2-MIB::snmpTrapOID.0 VendorFault::notification SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.16.1.201 [...]       Where:   .206 is the proxy .200 is my Opsview server .201 is the originating server   How can I get Opsview to use the IP in the SNMP trap itself as the originator instead of the IP envelope?   thanks, Aled.
aledt
aledt's picture
Re: SNMP Trap proxies with Opsview - using wrong IP to ...

Guys,

I've been looking at this and have modified snmptrap2nagios to cater for this scenario. Here's a diff of what I wrote:

--- snmptrap2nagios.bak 2014-06-11 16:48:21.000000000 +0100 +++ snmptrap2nagios 2014-06-12 11:31:14.000000000 +0100 @@ -124,6 +124,15 @@ $hostip = $1; } + # Added - Aled Treharne, Siphon Networks 20140611 + # Look into the trap itself to check the source IP - RFC 3584 + # Also, this regex is bad, should be using Regexp::Common::net or something + if ( $trap->expand('${SNMP-COMMUNITY-MIB::snmpTrapAddress}') + =~ m/(\d+\.\d+\.\d+\.\d+)/ ) + { + $hostip = $1; + } + unless ( exists $hostip_lookup->{$hostip} ) { exception_exit( $trap, 5 ); # Not expecting this hostip next;

This isn't particularly great, I'm not delirious about the regex here, but it does at least work in our environment. Any chance someone from Opsview can look at this and see whether you can bring this patch into production and do some more robust testing of it please?

THanks, Aled.