SNMPTT Zabbix trap handler

I’ve wondered how to integrate standard SNMP traps into Zabbix for some time, many of our systems are Dell’s with OpenManage installed. OpenManage supports sending SNMP traps to a monitoring station who receives them and then takes defined actions.
The components we will use to accomplish this are net-snmp, Zabbix, and SNMPTT. Net-SNMP will provide the trap receiver daemon, and if you choose to configure, a SNMP daemon as well for passive polling. The SNMP trap daemon will listen for incoming traps sent by hosts on your network, translate the trap from installed MIBs, and send the translated message to Zabbix using the zabbix_sender program.

This guide assumes you have configured some type of SNMP trap sending software, such as OpenManage if you use Dell systems. Other tools from HP can accomplish the same goal, but you will need to locate MIB files from those vendors to translate traps from. It is also assumed you have Zabbix configured and running in at least a minimal configuration.

Assuming you have configured OpenManage correctly, directing it to send SNMP traps to your monitoring station, it is time to install and configure an SNMP trap receiver.
On many systems, net-snmp is already installed. FreeBSD users: you can install the latest net-snmp from the ports tree:
cd /usr/ports/net-mgmt/net-snmp
make install clean

Next we must install SNMPTT. If you aren’t familiar with SNMPTT, it is a utility to retrieve SNMP trap messages from your SNMP trap daemon, process the message into human readable text using installed MIB files and a translation table. After the translation, you can have SNMPTT output the contents to another program, in our case the zabbix_sender program (which is use to manually send events to the Zabbix server).
Again, this example installs SNMPTT from the FreeBSD ports tree:
cd /usr/ports/net-mgmt/snmptt
make install clean

By default on FreeBSD your SNMP configuration files are stored under /usr/local/etc/snmp
From here, you will need to define a configuration file for snmptrapd. A basic configuration file will look similar to this

traphandle default /usr/local/sbin/snmptt
ignoreauthfailure 1
logoption f /var/log/snmpd.log
disableAuthorization yes

Make sure the path to snmptt is correct for your system. Also be sure to open the respective ports on your firewall (160, 161).
You can either use the installed FreeBSD snmptrapd init script, or place the following in your /etc/rc.local
/usr/local/sbin/snmptrapd -C -On -c /usr/local/etc/snmp/snmptrapd.conf -Lf /var/log/snmptrapd.log

You must now configure SNMPTT itself, the configuration file on FreeBSD is located under /usr/local/etc/snmp/snmptt.ini
You can customize the configuration file as you desire, key items to check are these lines:
dns_enable = 1
resolve_value_ip_addresses = 1
net_snmp_perl_enable = 1
net_snmp_perl_best_guess = 2
translate_log_trap_oid = 2
translate_value_oids = 2
mibs_environment = ALL
description_mode = 2
unknown_trap_log_enable = 1

I have found those above options to provide the best translations of MIBs, experiment as you wish. Take note also, the last line of the file provides space to include additional configuration files. We will specify a new file that contains translations for MIBs into meaningful text.
SNMP MIB files contain OIDs and descriptions for your vendors various SNMP traps.
Some vendors use some bizarre formats, but many vendor MIB files can be found HERE
For our example, you will download the Dell MIB packs, and unzip them to a directory of your choice.
Next we must convert the MIB files to something understandable, using the snmpttconvert utility.
Please read the following PAGE for specifics on converting MIBs.
Here is an excerpt on the command you could use:

for i in CPQ*
> do
> /usr/local/sbin/snmpttconvertmib --in=$i --out=snmptt.conf.dell
> done

It will create snmptt.conf.dell, with English translations of OIDs, Enterprise values, and other arbitrary items for which mere humans can read.

You will need to modify the snmptt.conf.dell file as well, to tell SNMPTT to exec a special program, the zabbix_sender program, to insert values into Zabbix itself for which we will alert on.
In my example, you will place:
EXEC /usr/local/bin/zabbix_sender -v -z HostnameOfZabbixServer -p 10051 -s Default_Trapper -k snmptraps -o "$aA / $A :: $s :: $N - $Fz"

You can use VIM or Nano find/replace to insert this into every item type row, customizing the Zabbix hostname above.

This will execute zabbix_sender for each incoming translated SNMPTT trap to Zabbix, to a Host called Default_Trapper, under item snmptraps.
Next, create a Host inside Zabbix named Default_Trapper without an IP address. Create a new Item for the host named snmptraps, description can be anything, item type must be Zabbix Trapper, and key must be snmptraps with Type of Character.

You should at this point be fully configured to receive traps from configured devices on your network.
From here, you can review the Latest Data tab in Zabbix to see what comes in from your devices, and plan your triggers to match any items you want to watch.
For example, to monitor critical tagged items from OpenManage, you can have a trigger such as:

({Default_Trapper:snmptraps.str(CRITICAL)}=1)
&({Default_Trapper:snmptraps.nodata(60)}=0)

Here is what a trap should look like:

Tue Oct 21 19:20:13 2008 StorageManagement-MIB::alertPowerSupplyFailure CRITICAL "Status Events" server.com - Storage Management Event: Power Supply Failure: Alert message ID: 2322, Power supply failure. The DC power supply is switched off., Controller 0, Connector 0, Enclosure 0, Power Supply 1

You may find many informational, minor, etc alerts come in over time. It is recommended you review incoming data often to build your triggers to alert on appropriate items. Windows itself can be configured to send SNMP traps, simply go to the SNMP Service properties from within services.msc, and configure the trap destination and community to match your monitoring station.

More information can be found on the Zabbix FORUMS or the Zabbix WIKI

You may contact me or leave comments below if you have any questions.

6 thoughts on “SNMPTT Zabbix trap handler

  1. Hi, I can created a zabbix host without IP, I followed the guide but zabbix server doesn’t received traps.
    Could you help me please.
    Thanks

  2. I read a lot of interesting articles here.
    Probably you spend a lot of time writing, i know how to save you a lot
    of time, there is an online tool that creates high quality, google friendly posts in seconds, just type in google – laranitas free content source

  3. Hi I`am not sure where I need put zabbix_sender line, can you post modified snmptt.conf.dell OID trap example?

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>