I want to send an SNMP-trap to prtg with a value of 42. PRTG should go to warning when getting it. The trap can be seen in messages, but there is no action done (getting yellow) from PRTG.
This is what I have done:
Create a PRTG-Sensor of type SNMP Trap Receiver
Port: 162
Purge Messages after: 2 hours
Include filter: source[10.x.x.x] AND community[public]
Warning filter: bindings[1.3.6.1.4.8072.100.2.1,42,equal]
Sending an SNMP-Trap by Shell from a Debian-Linux
{{{export COMMUNITY=public
export SNMP_VERSION=2c
export SNMPTRAP_RECEIVER=prtg.xxxxxxxxxxxxxxxxxxxxx.de
- every Trap must send an Uptime, this can be done with "" or 0
- to fetch the value from the operating system
export UPTIME=0
- official Start-OID to make tests:
export TEST_OID_BASE=1.3.6.1.4.8072
- something I was inventing. The device shall send a heartfrequence as trap
- when something is wrong with the patient. The patient has more than one heart
- to send values
export OID_HEART_FREQUENCY=${TEST_OID_BASE}.100.2
- all variable-types found her: snmpset -h
- variable-type=i -> integer
- variable-type=s -> string
export VARTYPE=i
export MESSAGE=42
export MESSAGE2=10
- Send two values .0 und .1 (this could be the left and the right heart
snmptrap -c $COMMUNITY -v $SNMP_VERSION $SNMPTRAP_RECEIVER $UPTIME ${OID_HEART_FREQUENCY} ${OID_HEART_FREQUENCY}.0 $VARTYPE $MESSAGE ${OID_HEART_FREQUENCY}.1 $VARTYPE $MESSAGE2
}}}
How it looks like in PRTG
In the sensor in PRTG I see in the tab "Messages" that the snmp-trap arrived:
+Bindings+
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::private.8072.100.2
SNMPv2-SMI::private.8072.100.2.0 = 42
SNMPv2-SMI::private.8072.100.2.1 = 10
So the trap arrived in the right sensor-"slot".
In "Overview" I see these channels:
Messages, Drops, Errors, Warnings.
I don't see channel 100.2.0 oder 100.2.1
What I would like to see
PRTG should go to warning state.
Article Comments
I was thinking much to complicate about this check. After investigating I found this wisdom for myself:
There is a scanning interval for the sensor I created not on the probe (toplevel) but on a single machine which shall be observed by PRTG. I set this scanning interval down from 5 minutes which I use to 60 seconds.
When an SNMP-Trap is fetched by this sensor I see this in "Messages" of this SNMP-Trap-Receiver-Sensor. Not everything is fetched by my sensor because I am "filtering" to see only what I want to see:
Include filter: source[10.x.x.x] AND community[public]
What is a warning? An SNMP-trap is seen as a warning when define the condition to be a warning in "Warning Filter". I did it like this:
Warning filter: bindings[1.3.6.1.4.8072.100.2.1,42,greater]
This means that an SNMP-trap with the oid 1.3.6.1.4.8072.100.2.1 and a value > 42 leads to a warning.
This PRTG SNMP-Trap-Receiver now waits for a whole scanning interval (in my example 60 seconds) and ONLY COUNTS warnings. It does not create channels automatically, it ONLY COUNTS the number of warnings in the scanning period. When there is at least one warning the status of the sensor is warning.
In the next scanning interval when there is a warning again -> Sensor is warning.
In the next scanning interval when there is NO warning trap -> Sensor is ok.
As I can see there is no collection of data to graphs. The only collecting which is made by PRTG is collecting the messages (in tab "Messages" of the sensor). These messages are only human readable, the values are not collected to a graph. The messages get removed by PRTG after 2hours here, this is the time I can choose in the settings of the sensor: SNMP Trap Specific -> Purge Messages After: 2 hours (or 12 hours, a week, a year...)
Feb, 2020 - Permalink
Thanks for posting the actual solution here, Richard! Most appreciated!
Feb, 2020 - Permalink
I was thinking much to complicate about this check. After investigating I found this wisdom for myself:
There is a scanning interval for the sensor I created not on the probe (toplevel) but on a single machine which shall be observed by PRTG. I set this scanning interval down from 5 minutes which I use to 60 seconds.
When an SNMP-Trap is fetched by this sensor I see this in "Messages" of this SNMP-Trap-Receiver-Sensor. Not everything is fetched by my sensor because I am "filtering" to see only what I want to see:
What is a warning? An SNMP-trap is seen as a warning when define the condition to be a warning in "Warning Filter". I did it like this:
This means that an SNMP-trap with the oid 1.3.6.1.4.8072.100.2.1 and a value > 42 leads to a warning.
This PRTG SNMP-Trap-Receiver now waits for a whole scanning interval (in my example 60 seconds) and ONLY COUNTS warnings. It does not create channels automatically, it ONLY COUNTS the number of warnings in the scanning period. When there is at least one warning the status of the sensor is warning.
In the next scanning interval when there is a warning again -> Sensor is warning.
In the next scanning interval when there is NO warning trap -> Sensor is ok.
As I can see there is no collection of data to graphs. The only collecting which is made by PRTG is collecting the messages (in tab "Messages" of the sensor). These messages are only human readable, the values are not collected to a graph. The messages get removed by PRTG after 2hours here, this is the time I can choose in the settings of the sensor: SNMP Trap Specific -> Purge Messages After: 2 hours (or 12 hours, a week, a year...)
Feb, 2020 - Permalink