See www.zabbix.com for the official Zabbix site.

Start with SNMP traps in Zabbix

From Zabbix.org
Jump to: navigation, search

Install Zabbix

Notes


OS: CentOS

Zabbix version: 2.2

Install Zabbix from packages

See Zabbix manual for details - https://www.zabbix.com/documentation/2.2/manual/installation/install_from_packages

Setting up firewall


162 port should be opened. Add the following line in /etc/sysconfig/iptables:

-A INPUT -p udp -m udp --dport 162 -j ACCEPT

or for Centos 7.x

firewall-cmd --add-port=162/udp --permanent
firewall-cmd --reload

and restart firewall:

/etc/init.d/iptables restart

not needed for Centos 7.x

Setting up Zabbix to receive SNMP traps


Install additional packages:

yum install -y net-snmp-utils net-snmp-perl net-snmp

We'll use zabbix_trap_receiver.pl script as trap receiver. Download and extract Zabbix sources:

wget http://sourceforge.net/projects/zabbix/files/ZABBIX%20Latest%20Stable/2.2.1/zabbix-2.2.1.tar.gz
tar -zxvf zabbix-2.2.1.tar.gz

Copy script from the sources and add execute permission:

cp ./zabbix-2.2.1/misc/snmptrap/zabbix_trap_receiver.pl /usr/bin
chmod +x /usr/bin/zabbix_trap_receiver.pl

Set up trap receiver and community name:

vi /etc/snmp/snmptrapd.conf
# you can set multiple community names:
# authCommunity execute public
# authCommunity execute S7di@kjh8
authCommunity execute public
perl do "/usr/bin/zabbix_trap_receiver.pl";

Enable SNMP trapper by editing Zabbix server configuration file:

vi /etc/zabbix/zabbix_server.conf
StartSNMPTrapper=1
SNMPTrapperFile=/tmp/zabbix_traps.tmp (must be same as in zabbix_trap_receiver.pl)

and restart Zabbix server processes to apply changes:

/etc/init.d/zabbix-server restart

or for Centos 7.x

systemctl restart zabbix-server

Setting up SNMP MIBs


MIBs could be placed in the system wide directory /usr/share/snmp/mibs. Add MIB name to your /etc/snmp/snmp.conf (create "snmp.conf" if necessary) as they are expected to be used by Net-SNMP trap daemon to provide human readable trap OID (example):

mibs +JUNIPER-MIB:JUNIPER-FABRIC-CHASSIS:BGP4-MIB

Configure snmptrapd to start automatically:

chkconfig snmptrapd on

or for Centos 7.x

systemctl enanble snmptrapd

and restart snmptrapd service:

/etc/init.d/snmptrapd restart

or for Centos 7.x

systemctl restart snmptrapd

SNMP trap transmission file rotation (optional)


Set up rotation for Zabbix SNMP trap transmission file. Archived Zabbix SNMP trap transmission files are placed in /var/log/zabbix_traps_archive. 10 archived copies are kept.

mkdir -p /var/log/zabbix_traps_archive

/etc/logrotate.d/zabbix_traps contents :

/tmp/zabbix_traps.tmp {
    weekly
    size 10M
    compress
    compresscmd /usr/bin/bzip2
    compressoptions -9
    notifempty
    dateext
    dateformat -%Y%m%d
    missingok
    maxage 365
    rotate 10
}

Use "olddir" option to move logs into a directory for rotation. The directory must be on the same physical device!

Testing

Send test trap:

snmptrap -v 1 -c public 127.0.0.1 '.1.3.6.1.6.3.1.1.5.4' '0.0.0.0' 6 33 '55' .1.3.6.1.6.3.1.1.5.4 s "eth0"

and check that trap received in the /tmp/zabbix_traps.tmp. You should see:

 18:58:38 2014/02/26 ZBXTRAP 127.0.0.1
 PDU INFO:
 notificationtype               TRAP
 version                        0
 receivedfrom                   UDP: [127.0.0.1]:40780->[127.0.0.1]
 errorstatus                    0
 messageid                      0
 community                      public
 transactionid                  7
 errorindex                     0
 requestid                      0
 VARBINDS:
 DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (55) 0:00:00.55
 SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: IF-MIB::linkUp.0.33
 IF-MIB::linkUp type=4  value=STRING: "eth0"  SNMP-COMMUNITY
 MIB::snmpTrapCommunity.0 type=4  value=STRING: "public"
 SNMPv2-MIB::snmpTrapEnterprise.0 type=6  value=OID: IF-MIB::linkUp

Configure Zabbix

Create "Template SNMP trap fallback"


Create "SNMP trap fallback" template (https://www.zabbix.com/documentation/2.2/manual/config/templates/template#creating_a_template) and "SNMP trap fallback" item:

  • Name: SNMP trap fallback
  • Type: SNMP trap
  • Key: snmptrap.fallback
  • Type of information: Log

This item will collect all unmatched traps. Create trigger which will inform administrator about new unmatched traps:

  • Name: Unmatched SNMP trap received from {HOST.NAME}
  • Expression: {Template SNMP trap fallback:snmptrap.fallback.nodata(300)}=0

Create "Template SNMP traps"


Create "Template SNMP traps" template and link it to "Template SNMP trap fallback" (https://www.zabbix.com/documentation/2.2/manual/config/templates/template#creating_a_template). In "Template SNMP traps" template, create required items for traps. As the key, use the snmptrap[regex] (https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/snmptrap#configuring_snmp_traps).

Example 1

  • Key: snmptrap["SNMPv2-MIB::coldStart"]

Instead of OID (numeric or textual), you can use any word / phrase from a trap text:

  • Key: snmptrap["No route to host"]

in this case, Zabbix catches all SNMP traps from a corresponding address that contains "No route to host".

Note that you can create item for each trap (example above) or a single item for multiple traps.

Example 2

  • Key: snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"]

in this case, Zabbix catches all SNMP traps from a corresponding address that contains "cpqRackPowerSubsystemNotRedundant" or "cpqRackPowerSubsystemLineVoltageProblem" or "cpqRackPowerSubsystemOverloadCondition".

Create triggers


In the previously created template, create triggers for the necessary items/traps. Here are a few variants. Example of trigger expression for item from "Example 1":

  • Expression: {Template SNMP traps:snmptrap["SNMPv2-MIB::coldStart"].nodata(5m)}=0

this trigger goes into the Problem state if trap received and automatically returns to OK state after 5 minutes.

The triggers for item from the "Example 2" (use "and" instead of "&" in Zabbix 2.4 or above):

  • Expression: {Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].str("LineVoltageProblem")}=1&{Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].nodata(5m)}=0
  • Expression: {Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].str("NotRedundant")}=1&{Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].nodata(5m)}=0
  • Expression: {Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].str("OverloadCondition")}=1&{Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltageProblem|OverloadCondition)"].nodata(5m)}=0

for example, first trigger goes into the Problem state if trap received and contains the text string "LineVoltageProblem". The trigger automatically returns to OK state after 5 minutes.

Please note, similar trigger expressions you could use for "log monitoring".

Create items for linkUp/linkDown traps with LLD

Let's create item prototype for linkUp/linkDown traps. I'll use "Network interfaces" discovery rule from default "Template SNMP Interfaces" template. Add item prototype (https://www.zabbix.com/documentation/2.2/manual/discovery/low_level_discovery).

Example 3

  Name: Link status trap for {#SNMPVALUE}
  Type: SNMP trap
  Key: snmptrap["(IF-MIB::linkDown|IF-MIB::linkUp)(.|[[:space:]])*{#SNMPVALUE}"]
  Type of information: Log

Create triggers for linkUp/linkDown traps with LLD


Create trigger prototype for linkUp/linkDown traps (from "Example 3"):

  Name: Interface {#SNMPVALUE} on {HOST.NAME} is down
  Expression: {Template SNMP Interfaces:snmptrap["(IF-MIB::linkDown|IF-MIB::linkUp)(.|[[:space:]])*{#SNMPVALUE}"].str(linkDown)}=1

this trigger goes into the Problem state if trap received and contains the text string "linkDown". The trigger will be returned to the Ok state, if received trap with "linkUp" text.

Link "Template SNMP traps" and "Template SNMP Device" (which include our LLD rule for linkUp/linkDown traps) templates to hosts and check result.