Contents |
This page is under construction
Background
After putting it off for many years, I finally faced facts that I needed an SNMP trap receiver, and needed to do something with those traps. Our monitoring and management capabilities have grown substantially, and with some new blood on the team I actually have some spare time to tool around on things like this. After looking at a large number of NMS offerings from various vendors, as well as what the FOSS community has to offer, everything was either too big, or too stupid. So, well, I wrote my own.
Trap Wrangler, works with snmptrapd from the Net-SNMP project. Trap Wrangler is designed to be the "default" traphandle for snmptrapd. You can even turn off logging as the Wrangler will take care of that for you (not to syslog, though).
Phases
Phase 1: Trap In
Phase 2: Logging
Phase 3: Host->Wrangle Lookup
Phase 4: Wrangle Validity Check
Phase 5: Wangling
Configuration
snmptrapd.conf
NOTE: You're going to want to protect snmptrapd somehow. This example is the easiest way to get Trap Wrangler up and running, but if that first line doesn't scare you to death, there's no help for you.
disableauthorization yes traphandle default /usr/local/bin/trapwrangler.pl
Wranglers
A wrangler is Perl module that has at least two functions: &valid and &handler.
&valid is passed an array of trap lines, and is expected to return 1 or 0 on whether the wrangler handles that trap.
&handler is passed the host string (IP address generally) and the array of trap lines, and is expected to do the right thing. To make life easier, the common.pm module has a host of helpful functions- such as &update_nagios, to update a local Nagios install; and various logging functions- to help reuse code, reduce coding, and increase efficiency.
Airespace (aka Nortel 2270, Cisco [somemodelnumber])
This wrangler replaces my Check_wap checker and Get_waps helper utility, by listening for [Dis]associate traps from the 2270 security switches, and updates Nagios "passively". This has the benefits of real-time notification, and no polling.
Configuration
/usr/local/nagios/etc/waps.cfg is expected to be a list of WAPs in nagiosname\s+wapmacaddress\n format. The reason, quite simply, is that the traps are sent using the MAC address, but Nagios needs it in the name it knows them as (and you didn't name your WAPs by their MAC address now did you?). This file is trivially generated from a database, or hand-edited when there are changes.
Helper Apps
Let's face it, one of the biggest drawbacks of trap-based status notification is what happens when nothing's there to hear them, or if the network in between looses them. For that reason, I wrote:
nagios_update_waps.pl
This fun script is a modification of Get_waps that looks at /usr/local/nagios/etc/waps.cfg to see what WAPs should be up, then polls your security switches to see what is up, and sends all that information on to the Nagios command system to make sure the data is fresh. It also reports any WAP addresses that the security switches know about, but the ..waps.cfg doesn't.