Here's a quick overview of how I handle SNMP traps with Hobbit:
1 - Snmptrapd is configured to feed SNMPTT the OID and hostname of the
sending SNMP agent.
2 - SNMPTT then translates the OID into a text message based on the MIB
description for that OID and logs the message in /var/log/messages (or
where ever you put it). You can also configure SNMPTT to log to a MySQL
database simultaneously.
3 - SEC monitors the /var/log/messages file for entries from SNMPTT.
Since some equipment can send the same trap multiple times in quick
sucession, SEC is configured to ignore duplicate messages for a second
or two
4 - SEC then launches a wrapper script that sends Hobbit a message using
Hobbit's BB client program. Hobbit will send an alert if its status is
yellow/red.
5 - A script is run by Hobbit every 5 minutes to prevent any trap
message columns from turning purple. (I don't want my screen turning
purple if I don't get a trap inside of 30min or whatever the no response
timeout period is for Hobbit.)
In the event you get a rapid sequence of a "CRITICAL" trap and then a
"Normal" trap, you'll get a Hobbit alert, but when you view the web
page, it'll be green. You have to rely on the trap history to see all
of the traps that SNMPTT recorded.
The real trick (pain) is defining what traps you want to be CRITICAL and
what not.
Andy
From: Asif Iqbal [mailto:user-6f4b51ac2a40@xymon.invalid]
Sent: Tuesday, July 17, 2007 9:31 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Hobbit not recognizing certain tests?
On 7/17/07, Henrik Stoerner <user-ce4a2c883f75@xymon.invalid> wrote:
On Tue, Jul 17, 2007 at 08:07:31AM -0500, Hubbard, Greg L wrote:
Being familiar with both Netcool and Hobbit, I would never
consider
replacing Netcool trap management with Hobbit. Netcool
processes traps
in "near real time" and scales quite large. Hobbit does not
provide
real time monitoring (default is 5 minute samples, with 1
minute screen
updates).
There is nothing inherent in Hobbit that prevents it from doing
real-time handling of events. Hobbit processes events as soon as
it
is told about them; the fact that some types of information is
only
checked once every 5 minutes is not something that necessarily
applies
to everything Hobbit monitors.
I havent looked at Andy's trap script, but if I were to
implement
SNMP trap handling in Hobbit, I'd start off with snmptrapd from
the
I wish you do :-). I have lots of customers who like to see that feature
in hobbit.
May be then I can convince my IT department to get rid of Netcool slowly
:P
Net-SNMP tools - this receives snmp traps, and can be configured
to
do "something" when a trap arrives. That "something" would then
be
a script/utility that grabs the hostname and trap type from the
trap
information, and feeds that into Hobbit as a status update. That
will
give you an immediate alert, and a status change in the Hobbit
display
if you use the "Critical systems" view which is dynamically
generated.
I'm not throwing rocks at Netcool <grin> but I just want to make
it clear
that Hobbit can be as real-time as you want it to - it's only a
matter
of feeding it data as quickly as you possible.
Regards,
Henrik
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu