NSTI - Architecture Article Number: 30 | Rating: 1/5 from 1 votes | Last Updated: Mon, Feb 22, 2016 at 10:46 PM O ve r vie w This Article will outline and describe how Nagios SNMP Trap Interface works from the ground up. Details describe how SNMP traps are accepted in the backend, displayed in the User Interface, written to the database, and more. Much of the focus of this article will be on the back end handling and writing of traps using Python. This guide applies to NSTI version 3.0 .2 or newer. G lo s s ar y o f Te r ms MIB - Management Information Base: The structure that describes the management data of a device using OID’s NS TI - Nagios SNMP Trap Interface O ID - Object Identifier: Identifies a variable that can be read or set by SNMP. P ytho n - [Python] is a widely used general-purpose, high-level programming language. S NMP - Simple Network Management Protocol S NMP Tra p - Asynchronous notification from agent to manager. S to rm - Storm is an object-relational mapper (ORM) for Python developed at Canonical. Yum - Package manager utilized by all RHEL based Linux systems. No te a b o ut c o nfig ura tio n file s : It is assumed that when editing files such and snmptt.ini and snmptrapd.conf or any other configuration files the user will almost always have to restart the service that depends on those files so they can load them anew and the changes can take affect. Keep this in mind while navigating through this documentation. NS TI Make UP Nagios SNMP Trap Interface is a web interface loaded by mo d _ws g i (served by Apache) and made up of a Python framework, Fla s k, that allows Abstraction and Object-Relational Mapping to a MySQL database. This allows NSTI to create, and read from, multiple database tables and allow for all the database information to be displayed into a speedy and attractive User Interface using Bootstrap. Here is a list of the prerequisites that will be included during install: mysql mysql-devel mysql-server httpd gcc wget make tar mod_wsgi snmptt net-snmp python Once python is available the install will use p ip (Python package installer) to install the follow additional dependencies: Flask MySQL-python storm Bas ic Wo r kf lo w a ) Tra p s , Be fo re Ge tting to NS TI 1. Generate a trap from an outside host. There are multiple methods to send traps, but snmptt, Net-SNMP and the Perl snmptrap() are the easiest free solutions to use. Trap senders become more sophisticated with handling custom messages, OID tree tables and views and MIB management UI’s and these will all work with NSTI as long as the configuration is correct. 2. snmptrapd receives the trap and writes it to the MySQL database using the snmptt daemon. This is where NSTI is reading, displaying and filtering traps all through the database and multiple overlaying jquery calls that in turn draw the trap table that the user views. Almost every action in the NSTI interface is going to trigger some kind of jquery combined with ajax to query the API and then display what data is returned. This is also another great feature of NSTI which allows other applications to access the database that NSTI has created and is described in more detail in section II. Ba c ke nd , Here is the basic workflow of a Trap going into the NSTI host and being handled and written to the database where it is read and displayed by NSTI: b ) Tra p s , Afte r Ge tting to NS TI After the received traps are written to the database NSTI is able to view the traps and display them into the tables in the User Interface. This is done using jquery and AJAX calls to the API to read the trap tables and display them with a combination of JavaScript, HTML and CSS. 3. Read database and parse Traps into Normal, Unknown or Archive trap tables. 4. Display NSTI User Interface with fully loaded trap tables from live database using JSON encoded API arrays based on the URL of the query. C o nf igur at io n o f Tr ap Handle r s There are a number of ways to handle trap sending and receiving for NSTI and we are going to go over a few methods of doing that here. First, the default method of receiving traps is set by NSTI during installation. Sections: 1) Default Trap Receiving Method After Install 2) Alternative Trap Receiving Methods 1) Default Trap Receiving Method After Install During installation NSTI will write to the configuration file for snmptt located here: /etc/snmp/snmptt.ini In install.sh, the main install script for NSTI,the snmptt.sh file is called which makes 3 changes to the snmptt.ini file, shown here: SNMPTTINI="/etc/snmp/snmptt.ini" sed -i’.bkp’ ’s/^mode[ \t]*=[ \t]*standalone/mode = daemon/g’ "$SNMPTTINI" sed -i’.bkp’ ’s/^dns_enable[ \t]*=[ \t]*0/dns_enable = 1/g’ "$SNMPTTINI" sed -i’.bkp’ ’s/^mysql_dbi_enable[ \t]*=[ \t]*0/mysql_dbi_enable = 1/g’ "$SNMPTTINI" Let’s break these down to see what they are doing. Ac tio n: Set snmptt to daemon mode and use snmptrapd to collect traps: sed -i’.bkp’ ’s/^mode[ \t]*=[ \t]*standalone/mode = daemon/g’ "$SNMPTTINI" Re s ult: mode = daemon (in line 16 of snmptt.ini) This line of the snmptt.sh file is setting the Mode of Operation of snmptt. This will define if snmptt will work in standalone or daemon mode and since we want to continuously collect traps we want to process anything received into the database for NSTI to read so we will set daemon mode and allow collection of traps. snmptrapd.conf When in daemon mode the snmptrapd.conf file will contain a tra p ha nd le statement that will look like this: (from SNMPTT Documentation) traphandle default /usr/sbin/snmptthandler This will send the trap caught by snmptrapd and sent to the snmptthandler script as defined above. The handler will do the following: 1. Read traps passed from snmptrapd 2. Writes the trap in to a spool directory (commonly /var/spool/snmptt) 3. Then quits Then SNMPTT (daemon mode) will run another set of tasks: 1. Load Config files containing trap definitions at startup 2. Read traps in spool directory 3. Search traps for any matches 4. Log and execute EXEC statements among other trap actions 5. Sleep for 5 seconds (configurable) 6. Start at step 2 as a loop to read any traps passed to the spool directory Source Here is how NSTI will constantly accept and write traps, but during step 1 above we come to the second change to the snmptt.ini file: Ac tio n: Set DNS resolution to 1 in snmptt.ini sed -i’.bkp’ ’s/^dns_enable[ \t]*=[ \t]*0/dns_enable = 1/g’ "$SNMPTTINI" Re s ult: dns_enable = 1 (in line 38 of snmptt.ini) The first part above simply tells s nmp tra p d to pass the IP address of both the device sending the trap, and the IP address of the actual SNMP agent. Here is the explanation from the # If DNS is enabled, the agent IP address is converted to a host name using a DNS lookup # (which includes the local hosts file, depending on how the OS is configured). This name # will be used for: NODES entry matches, hostname field in logged traps (file / database), # and the $A variable. Host names on the NODES line will be resolved and the IP address # will then be used for comparing. # Set to 0 to disable DNS resolution # Set to 1 to enable DNS resolution Source The last change, and possibly the most important part, of this script is the mysql_dbi_enable which is when SNMPTT trap handler is on the log/execute/write trap step (step 4 above): Ac tio n: Set mysql_dbi_enable to 1 in snmptt.ini sed -i’.bkp’ ’s/^mysql_dbi_enable[ \t]*=[ \t]*0/mysql_dbi_enable = 1/g’ "$SNMPTTINI" Re s ult: mysql_dbi_enable = 1 (in line 402 of snmptt.ini) This will tell snmptt to enable logging to the MySQL database via DBI. This is how NSTI will display, query, filter all the traps in the database so if this is working NSTI is able to show trap data. The SNMPTT Documentation describes that the Perl modules installs it should be included with the already installed NSTI packages. The SNMPTT Documentation describes to update the following other variables in snmptt.ini: mysql_dbi_host mysql_dbi_port mysql_dbi_database mysql_dbi_table mysql_dbi_table_unknown mysql_dbi_username mysql_dbi_password These won’t need to be changed because NSTI will use the default values for these variables. If you need to change anything in here to customize your Nagios SNMP Trap Interface implementation then make sure to change the database credentials and access variables located in the #~ Database Configuration Options #~ Use mysql for MySQL and postgres for PostgreSQL DB_TYPE=’mysql’ DB_HOST=’localhost’ DB_PORT=’3306’ DB_NAME=’snmptt’ DB_USER=’snmpttuser’ DB_PASS=’password’ #~ Page Display Options TRUNCATE=100 PERPAGE=50 As you can see here these values match the defaults in snmptt.ini so if you even want to go back to them after editing them you can look at the default snmptt.ini file. Source 2) Alternative Trap Receiving Methods There are a number of ways that will allow a user to receive traps and write them to the database. Here is an example of another trap receiving method you could use to accomplish the same thing that the above is trying to do.