Installing Nagios on Debian with SNMP trap handling

From Nagios Wiki

Contents 1 Installing Nagios on Debian with SNMP trap handling 1.1 Installing Debian Linux 5.0.4 1.1.1 Configuring a static IP address 1.2 Install Nagios and supporting modules 1.3 Initial Nagios Configuration 1.4 Setup SNMP trap handling for Nagios 1.5 Getting SNMP trap alerts into Nagios 1.5.1 Create the service template 1.5.2 Add the service to a host 1.5.3 Configure SNMPTT to send an alert 1.6 Conclusion

[edit] Installing Nagios on Debian with SNMP trap handling

This tutorial assumes that you are installing Nagios on Debian Linux (5.0.4) on an i386 server with one hard disk. It also assumes that the server will be on an isolated private network with no public-facing interfaces.

[edit] Installing Debian Linux 5.0.4

Go to http://www.debian.org/distrib/netinst and download the appropriate CD image for your architecture. We’ll be using i386 180MB image for this tutorial. Burn the image to a CD with your favorite burning software.

Once the CD is ready, you’re ready to begin the install by booting your target system with the CD. (Keep in mind that this tutorial assumes a clean system and we’ll be destroying any data that exists on the hard drives.)

1. When the install menu comes up, select Graphical Install.
2. Choose your language, country and keyboard layout clicking continue after each.
3. Select your primary network interface and click continue. We’re using eth0 here but you’ll need to make sure that you’ve got the correct NIC plugged into your network.
4. Enter your host name. We’ll use debian here.
5. Type in your domain name. If you’re planning to send email to the outside world, it’s be helpful to specify a valid domain name. We’ll use domain.com here.
6. Select your time zone and click continue.
7. Next you’ll begin partitioning the disks. Select Guided – use entire disk and click continue.
8. Select the disk and click continue.
9. Select All files in one partition and click continue.
10. Select Finish partitioning and write changes to disk and click continue
11. Select Yes and continue
12. A few minutes of file copying takes place and you are then prompted to create a root password, and a generic user account and password.
13. Select your mirror country and a mirror. Add an HTTP proxy if you need to use one.
14. You’ll be prompted for the popularity contest. Make a selection and click continue.
15. Uncheck all of the software selection boxes and click continue.
16. Select Yes to install GRUB and click continue.
17. At the completion of the install click continue and the server will reboot.

After the install is completed, you’ll want set a static IP before getting into the Nagios install.

[edit] Configuring a static IP address

Login to the server using your root account. Type the following to edit the interfaces file:

nano /etc/network/interfaces

Look for the following line in the file:

iface eth0 inet dhcp

and change it to

iface etho inet static

Below that line add the following lines, changing the addresses as necessary

address 192.168.1.1

netmask 255.255.255.0

network 192.168.1.0

broadcast 192.168.1.255

gateway 192.168.1.254

Hit Ctrl-X, Y and enter to save and exit

Reboot the server for the static IP to take effect.

[edit] Install Nagios and supporting modules

1. apt-get install snmp
2. apt-get install snmpd
3. apt-get install apache2
4. apt-get install libapache2-mod-php5
5. apt-get install build-essential
6. apt-get install libgd2-xpm-dev
7. /usr/sbin/useradd -m -s /bin/bash nagios
8. passwd nagios
9. /usr/sbin/groupadd nagcmd
10. /usr/sbin/usermod -a -G nagcmd nagios
11. /usr/sbin/usermod -a -G nagcmd www-data
12. mkdir ~/downloads
13. cd ~/downloads
14. wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.1.tar.gz
15. wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
16. cd ~/downloads
17. tar xzf nagios-3.2.1.tar.gz
18. cd nagios-3.2.1
19. ./configure --with-command-group=nagcmd
20. make all
21. make install
22. make install-init
23. make install-config
24. make install-commandmode
25. make install-webconf
26. htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
27. set the web access password
28. /etc/init.d/apache2 reload
29. cd ~/downloads
30. tar xzf nagios-plugins-1.4.11.tar.gz
31. cd nagios-plugins-1.4.11
32. ./configure --with-nagios-user=nagios --with-nagios-group=nagios
33. make
34. make install
35. ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios
36. /etc/init.d/nagios start
37. apt-get install mailx
38. apt-get install sendmail-bin
39. apt-get install sendmail
40. ln -s /usr/bin/mail /bin/mail
41. apt-get install mrtg
42. apt-get install libsnmp-perl libsnmp-session-perl

With the install completed, Nagios is ready to run. You can confirm the installation by opening http://ipaddress/nagios in your web browser.

[edit] Initial Nagios Configuration

We’ll start by editing the Nagios config file at /usr/local/nagios/etc/nagios.cfg. We’ll make it so that we don’t need to edit the file every time we add a new host. Instead we’ll just have to put a cfg file for the new host in a specific folder and Nagios will find it.

Uncomment the following line in the nagios.cfg:

#cfg_dir=/usr/local/nagios/etc/servers

Next create that folder

mkdir /usr/local/nagios/etc/servers

We’ll create a simple host file to get started. Create a file at /usr/local/nagios/etc/servers/testhost.cfg with the following contents:

define host{
             use	             windows-server	
             host_name		     testhost	
             address		     192.168.1.2	
             }
define service{
             use               	     local-service 
             host_name               testhost
             service_description     PING
             check_command 	     check_ping!100.0,20%!500.0,60%
             }
define hostgroup{
             hostgroup_name	     windows-servers	
             alias	             Windows Servers	
             } 

We need to change the contact information so that alerts can be sent to the proper place. Edit /usr/local/nagios/etc/objects/contacts.cfg and change nagios@localhost to your email address.

Restart the Nagios process to load the new file

/etc/init.d/nagios restart

Log in to Nagios with your web browser to see if the new host has shown up.

If everything works, you should see two items in the Hosts Groups view.

[edit] Setup SNMP trap handling for Nagios

Download and install SNMPTT

1. cd ~/downloads
2. wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.3/snmptt_1.3.tgz?use_mirror=cdnetworks-us-1
3. tar xzf snmptt_1.3.tgz
4. cd snmptt_1.3
5. cp snmptt /usr/sbin/
6. cp snmptthandler /usr/sbin/
7. chmod +x /usr/sbin/snmptt*
8. cp snmptt.ini /etc/snmp/
9. mkdir /var/log/snmptt/
10. mkdir /usr/local/nagios/libexec/eventhandlers
11. cp ~/downloads/nagios-3.2.1/contrib/eventhandlers/submit_check_result /usr/local/nagios/libexec/eventhandlers/
12. chmod +x /usr/local/nagios/libexec/eventhandlers/submit_check_result
13. perl -MCPAN -e 'install Config::IniFiles'

Add the following lines to /etc/snmp/snmptrapd.conf:

traphandle default /usr/sbin/snmptt

disableAuthorization yes

donotlogtraps no

Edit the /etc/default/snmpd file and change the following lines:

TRAPDRUN=yes

TRAPDOPTS='-On -Lsd -p /var/run/snmptrapd.pid'

Restart snmpd with /etc/init.d/snmpd restart

Once the install is completed and the snmpd is restarted, you can create a sample snmptt.conf file to see if you can catch a trap. For testing, we’ll create a conf file that will catch a generic HP iLO test trap and a wildcard trap.

Create a file at /etc/snmp/snmptt.conf with the following:

# HP iLO test trap with a confirmation log
EVENT enterpriseSpecific .1.3.6.1.4.1.232.0.11003 "Status Events" Normal
FORMAT Remote Insight Test Trap from $r.
EXEC echo a remote Insight test trap was received > ~/testtrap.log
SDESC
A generic test trap sent from iLO
EDESC
#

# Wildcard trap with a confirmation log
EVENT enterpriseSpecific .1.3.6.* "Status Events" Normal
FORMAT Wildcard Test Trap from $r.
EXEC echo a Wildcard test trap was received > ~/wildcardtrap.log
SDESC
An undefined trap was received
EDESC
#

You can test to see if your configuration is correct by sending the following traps to the server:

snmptrap -v 1 -c public 192.168.1.1 .1.3.6.1.4.1.232 192.168.1.2 6 11003

snmptrap -v 1 -c public 192.168.1.1 .1.3.6.1.4.1.318 192.168.1.2 6 636

(Note: the first IP is your target and the second is the “source” but you can run this right from your target server.) The first trap simulates the HP iLO test trap and the second should trip the wildcard. Check the ~/testtrap.log and the ~/wildcardtrap.log files to see if they were caught.

You’ll also find successful traps logged in /var/log/snmptt/snmptt.log. If a trap was not picked up by SNMPTT, the trap will only be logged in /var/log/daemon.log. Traps go to the daemon.log whether SNMPTT catches them or not so it is a good tool to see if the traps are even hitting your server.

Once you’ve got this all working, you can experiment with adding other OIDs to your snmptt.conf file.

[edit] Getting SNMP trap alerts into Nagios

There are three steps to adding the SNMP trap service to a host. First is creating the service template, second is adding the service to the host and third is telling SNMPTT what to do if it receives a trap.

[edit] Create the service template

Edit /usr/local/nagios/etc/objects/templates.cfg to add the following:

# SNMP Trap service
define service{
	name				snmptrap-service
	use				generic-service
	service_description		TRAP
	is_volatile			1
        flap_detection_enabled          0
	check_command		        check-host-alive
	max_check_attempts		1
	normal_check_interval	        1
	retry_check_interval		1
	passive_checks_enabled	        1
	notification_options		w,u,c			
	register			0
	}

[edit] Add the service to a host

Edit the configuration file for the host you want to use. We’ll use /usr/local/nagios/etc/servers/testhost.cfg

Add the following:

define service{
	use			        snmptrap-service
	host_name		        testhost
	}

[edit] Configure SNMPTT to send an alert

Using our example snmptt.conf from before, change the following lines:

EXEC echo a remote Insight test trap was received > ~/testtrap.log

to

EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1 "Test Trap Received"

and

EXEC echo a Wildcard test trap was received > ~/wildcardtrap.log

to

EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r TRAP 1 "Undefined Trap Received"

These changes will allow SNMPTT to send an alert to Nagios that a trap was received. The $r is used to identify the correct host for the alert. The section in “” is the message that will be sent. TRAP is the service description.

As configured, the TRAP service will go to warning for the alert and then immediately change back to OK so that any subsequent traps will cause alerts. This is controlled by the is_volatile setting in the service template.

[edit] Conclusion

This tutorial provided a quick run through of how to setup Nagios with SNMP trap handling on Debian. Some things to consider if you were to implement this in a real-world situation are security and communication with the outside world. We didn’t configure any security and as configured, you probably can’t send email alerts to the outside world. In our setup, we specified debian.domain.com as our host name. If you tried to send email alerts to the outside, the target server would probably drop the message with an error like “domain of sender address does not exist”. A quick fix for this in our configuration is the following:

Edit /etc/mail/sendmail.mc and change the following line:

MASQUERADE_AS(`debian.domain.com')dnl

to

MASQUERADE_AS(`validhost.realdomain.com')dnl

Then execute the following two commands to make the change:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

/etc/init.d/sendmail restart

Security is an individual concern and there are plenty of resources available to help with that.