Join Log in
Score:0
Ashark avatar Server

Why CISCO-ERR-DISABLE-MIB trap does not show interface and vlan information in Icinga?

br flag
Ashark

I have a cisco and a monitoring server with icinga (a.k.a. nagios, thruk). I want to receive traps from cisco and show them in icinga. But I am unable to see the interface and vlan for the errdisable trap.

I have downloaded mibs from cisco, incliding CISCO-ERR-DISABLE-MIB.my. Then I converted it for snmptt with this command:

snmpttconvertmib --in=CISCO-ERR-DISABLE-MIB.my --out=snmptt.conf --exec='/bin/bash /usr/local/bin/trap/submit_check_result $r '"errdisable 2" -net_snmp_perl --format=4

which produced the following config (I replaced the absolute path to mib with ... and variable values with ...):

#
#
#
#
MIB: CISCO-ERR-DISABLE-MIB (file:/.../CISCO-ERR-DISABLE-MIB.my) converted on Wed Sep  8 16:49:53 2021 using snmpttconvertmib v1.4.2
#
#
#
EVENT cErrDisableInterfaceEvent .1.3.6.1.4.1.9.9.548.0.1.1 "Status Events" Normal
FORMAT cErrDisableInterfaceEvent - cErrDisableIfStatusCause:$1 
EXEC /bin/bash /usr/local/bin/trap/submit_check_result $r errdisable 2 "cErrDisableInterfaceEvent - cErrDisableIfStatusCause:$1 "
SDESC
The cErrDisableInterfaceEvent is generated when an interface
or {interface, vlan} is error-disabled by the feature
specified in cErrDisableIfStatusCause.
cErrDisableInterfaceEvent is deprecated and replaced by 
cErrDisableInterfaceEventRev1.
Variables:
  1: cErrDisableIfStatusCause
     Syntax="INTEGER"
       1: udld
       ...
       9: portSecurityViolation
     Descr="This object specifies the feature/event that caused the
        {interface, vlan} (or the entire interface) to be
        error-disabled."
EDESC
#
#
#
EVENT cErrDisableInterfaceEventRev1 .1.3.6.1.4.1.9.9.548.0.2 "Status Events" Normal
FORMAT cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause:$1 
EXEC /bin/bash /usr/local/bin/trap/submit_check_result $r errdisable 2 "$N - $+1 "
SDESC
The cErrDisableInterfaceEventRev1 is generated when an
interface or {interface, vlan} is error-disabled by the 
feature specified in cErrDisableIfStatusCause.
cErrDisableInterfaceEventRev1 deprecates 
cErrDisableInterfaceEvent to make it RFC 2578 compliant. 
According to section 8.5 of RFC 2578, the next
to last sub-identifier in the name of any newly-defined
notification must have the value zero.
Variables:
  1: cErrDisableIfStatusCause
     Syntax="INTEGER"
       1: udld
       ...
       9: portSecurityViolation
     Descr="This object specifies the feature/event that caused the
        {interface, vlan} (or the entire interface) to be
        error-disabled."
EDESC

There are two traps, I am interested only in cErrDisableInterfaceEventRev1, but not in deprecated cErrDisableInterfaceEvent.

This is my send-errdisable.sh which I use to generate a test errdisable event:

TO_HOST=icinga.example.com
community=abcabc

snmptrap -m ALL -v 2c -c $community $TO_HOST '' CISCO-ERR-DISABLE-MIB::cErrDisableInterfaceEventRev1 \
CISCO-ERR-DISABLE-MIB::cErrDisableIfStatusCause.2.0 i 1 \
2>/dev/null

Now when I generate an errdisable event, in icinga plugin output for the errdisable service I get the following text: cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause:udld
but I expect the interface and vlan to be there, like this:
cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause.2.0:udld

Why it is not shown? And how to fix that?

81
1 + 0
mib
Score:0
Ashark avatar Server
br flag
Ashark

I do not know exactly why it is not shown. I suspect it is something wrong done by the net_snmp_perl converter.

The OID event 1.3.6.1.4.1.9.9.548.1.3.1.1.2.2.0 of this case consists of two things: 1.3.6.1.4.1.9.9.548.1.3.1.1.2 and .2.0.

It seems net_snmp_perl omits the trailing part of the event OID (".2.0") after it resolved the first part of OID event (in this case it is resolved to cErrDisableIfStatusCause).

But I have found a solution for fixing.

Following this article, I have found out what I could write in the EXEC line to replicate the original values.

Open the generated snmptt.conf and replace

EVENT cErrDisableInterfaceEventRev1 .1.3.6.1.4.1.9.9.548.0.2 "Status Events" Normal
FORMAT cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause:$1 
EXEC /bin/bash /usr/local/bin/trap/submit_check_result $r errdisable 2 "cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause:$1 "

to

EVENT cErrDisableInterfaceEventRev1 .1.3.6.1.4.1.9.9.548.0.2 "Status Events" Normal
FORMAT Looks unimportant what you write here
EXEC /bin/bash /usr/local/bin/trap/submit_check_result $r errdisable 2 "$N - $+1 "

"$N" is event name from config file, in this case "cErrDisableInterfaceEventRev1"
"$+1" is first variable name and its value, in this case "cErrDisableIfStatusCause.2.0:udld"

So now sending a test trap is shown in icinga like this:
cErrDisableInterfaceEventRev1 - cErrDisableIfStatusCause.2.0:udld

And it is what we wanted. Now changing the .2.0 to for example .3.1 in send-errdisable.sh also is correspondingly shown in icinga.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.