PDA

View Full Version : SNMP Traps with R70.1, following the manual but NO GO



fhoekie
2009-09-20, 04:46
Hi Guys,

I am trying to have a UTM box (R70.1) sending SNMP traps. As a trustfull administrator I follow the manual:
http://dl4.checkpoint.com/s/dc/f6/CP_R70.1_Hardware_Health_Monitoring.pdf?e=12534432 29&h=5ea313afcf7c4cc7ad9d9f4ca8dfa88d

On page 7 you see:
=======================
To configure SNMP monitoring and traps:
1.Edit the /etc/snmp/snmpd.conf configuration file and define the SNMP monitoring rules and
the trap server. The following is an example configuration:

trap2sink 10.10.10.10 public
cp_cleartrap 10 1
cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.2.1.3.1.0 == 0 10 "Fan 1 stopped"
cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.1.0 > 50 10 "Temperature 1 is over 50c"
cp_monitor 1.3.6.1.4.1.2620.1.6.7.7.2.1.9.1.0 == 3 10 "First disk failed"

2.At the SecurePlatform command prompt, start the SNMP service. Run:
snmp service enable
=======================

I changed the IP and community to the ones I use of course.

But in the /var/log/messages I see:
Sep 20 10:31:27 JOHN snmpd[7368]: /etc/snmp/snmpd.conf: line 96: Warning: Unknown token: cp.
Sep 20 10:31:27 JOHN snmpd[7368]: /etc/snmp/snmpd.conf: line 97: Warning: Unknown token: cp.
Sep 20 10:31:27 JOHN snmpd[7368]: /etc/snmp/snmpd.conf: line 98: Warning: Unknown token: cp.
Sep 20 10:31:27 JOHN snmpd[7368]: /etc/snmp/snmpd.conf: line 99: Warning: Unknown token: cp.
Sep 20 10:31:27 JOHN snmpd[7368]: NET-SNMP version 5.0.9

So the example doesnt work as given in the manual, it contains unknown tokens.

What am i doing wrong, or what is Check Point forgetting to mention in the manual.

Kind regards.

boldin
2009-09-20, 14:54
To follow up on this - does anyone know if the directions would be the same for R65? I've been trying to get traps to work for some time now on R65 with no love...

Thanks,
ab

boldin
2009-09-25, 17:48
Bump...

I might also add that the only snmp experience I have was teaching myself monitoring on SPLAT based on documentation and (primarily) comments from others on this site.

I've figured out that I need to add the mibs to the monitoring tool and that I need to configure the traps by adding the oids in the config - but past that I'm at a loss (I don't even know where in the configs or which file to edit for this).

Thanks,
-ab

masterloo
2010-02-23, 16:32
I'm seeing the same issue.. tried on R70.1 and then again with 70.2 (where net-snmp package gets upgraded)

Feb 23 14:28:00 lawl snmpd[17153]: Turning on AgentX master support.
Feb 23 14:28:00 lawl snmpd[17153]: /etc/snmp/snmpd.conf: line 22: Warning: Unknown token: cp_monitor.
Feb 23 14:28:00 lawl snmpd[17153]: /etc/snmp/snmpd.conf: line 23: Warning: Unknown token: cp_monitor.
Feb 23 14:28:00 lawl snmpd[17153]: NET-SNMP version 5.3.1

The only trap message I see going outbound are coldStartTraps:

Agent Up with Possible Changes (coldStart Trap) enterprise:.1.3.6.1.4.1.8072.3.2.10 (.1.3.6.1.4.1.8072.3.2.10) args(1):.1.3.6.1.6.3.1.1.4.3.0=".1.3.6.1.4.1.8072.3.2.10"

masterloo
2010-02-23, 16:54
well, I went ahead and added a user via "snmp user add noauthuser <username>".. I had edited the snmpd.users.conf manually and CP related SNMP was polling fine, but after removing the manual edit and redoing it with the cmd above my traps started working, though I still see those "Warning: Unknown token: cp_monitor" messages..

snmpd.conf:

master agentx
syslocation xxx
syscontact xxx
proxy -v 1 -c snoc_1 127.0.0.1:260 .1.3.6.1.4.1.2620
pass 1.3.6.1.4.1.2620 127.0.0.1:260
sysservices 76
smuxpeer 1.3.6.1.4.1.4.3.1.4

trap2sink 192.168.4.235 snoc_1
proc syslogd 1 1
disk /var 20%
cp_monitor 1.3.6.1.2.1.2.2.1.8.1 == 2 60 "link 1 down"
cp_monitor prErrorFlag.1 != "0" 60 "process monitor"
cp_monitor dskErrorFlag.1 != 0 60 "disk monitor"
cp_monitor 1.3.6.1.4.1.2021.10.1.5.1 > 100 60 "CPU load 1 min"
cp_monitor 1.3.6.1.4.1.2021.10.1.5.2 > 90 60 "CPU load 5 min"
cp_monitor 1.3.6.1.4.1.2021.4.4.0 < 2000 60 "memAvailSwap"
cp_monitor 1.3.6.1.4.1.2021.4.6.0 < 2000 60 "memAvailReal"
cp_monitor 1.3.6.1.4.1.2620.1.1.25.3.0 > 50 20 "Firewall Connections"
cp_cleartrap 10 2
cp_monitor 1.3.6.1.2.1.25.2.3.1.6.6 > 60000 60 "/opt hrStorageUsed"