[c-nsp] OT: SNMP trap receiver/alerter.
Patrick Muldoon
doon.bulk at inoc.net
Wed Feb 13 18:36:32 EST 2008
On Feb 13, 2008, at 5:44 PM, Thorsten Dahm wrote:
>
> What's about Nagios? Sure, it's a bit overkill for what you want, but
> you don't have to use the full featureset if you don't want to.
You still need someone to get said traps into Nagios.
We do that with snmptrapd feeding into snmptt dropping into the
nagios.cmd
something like this.
EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal
FORMAT Link up on interface $1. Admin state: $2. Operational state: $3
EXEC echo "[$@] PROCESS_SERVICE_CHECK_RESULT;$r;TRAP;0;$2 linkUp : $4"
>>/var/spool/nagios/rw/nagios.cmd
But with using the above with nagios, it is kind hard to clear the
alarms if you have multiple interfaces going up/down on 1 box since
nagios seems to track status for the entire service. (These are
submitted to a passive service called TRAP).
I have also been looking at
http://kodu.neti.ee/~risto/sec/
To do event correlation, but haven't had the time to get it all
integrated as of yet.
We have also used snmptt going directly to qpage for quick and dirty
notifications.
-Patrick
--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C
Base 8 is just like base 10, if you are missing two fingers. - Tom
Lehrer
More information about the cisco-nsp
mailing list