SNMPTT FAQ / Troubleshooting

(www.snmptt.org)
This file was last updated on:  November 1st, 2003

Q:  What version of Net-SNMP should I run?

A:  If you have no plans on using the Net-SNMP Perl module (see the next question), then any recent version of Net-SNMP or UCD-SNMP should be sufficient.  If you plan on using UCD-SNMP 4.2.3 (provided by Compaq for RedHat 7.2), then you must at least use a newer version of snmptrapd.

If you plan on enabling the Net-SNMP Perl module, Net-SNMP v5.0.9 with patch 722075 is recommended.  This will allow you to use all the features of snmptt.  Net-SNMP 5.0.8 can also be patched with patch 722075.  Net-SNMP 5.1 will contain this patch when it is released.  The patch is also availabe in the contrib folder of the snmptt package. 

The standard way to apply the patch is to follow these steps:
  1. Download a fresh copy of Net-SNMP 5.0.9 or 5.0.8
  2. Uncompress the archive (tar xvf net-snmp-5.0.9.tar.gz)
  3. cd net-snmp-5.0.x
  4. patch -p0 < /path/to/patch.net-snmp-722075
  5. Compile Net-SNMP as per Net-SNMP documentation

If you run freebsd, you can simply copy the patch file into /usr/ports/net/net-snmp/files and rename it to patch-snmp-72205.  When you rebuild Net-SNMP, the patch will be included.


Q: Do I need the UCD-SNMP / Net-SNMP Perl module?

A:  SNMPTT does not REQUIRE the Perl module, but it is recommended.  By enabling the Perl module, you will get the following benefits:
Unless Net-SNMP 5.0.8 or 5.0.9 with patch 72205 is used, some Perl features may not work correctly.  The use of Net-SNMP 5.0.8 or 5.0.9 with patch 72205 is highly recommended.


Q:  I want to enable the Perl support for UCD-SNMP / Net-SNMP under Linux, but I installed UCD-SNMP / Net-SNMP using RPMs.  What is the easiest way to install the module without recompiling everything?

A:  You should not have to re-compile the entire package.  Try the following:

  1. Download the source RPM that matches the binary RPM you downloaded.  For example: ucd-snmp-4.2.3-1.src.rpm
  2. Install the RPM
  3. Locate the installed source code.  For Mandrake, it should be in /usr/src/RPM/SOURCES
  4. Go into the sub directory perl/SNMP
  5. Follow the instructions in the README file

Note:  If you have installed Net-SNMP 5.0.9 or 5.0.8 using RPM packages, and want to apply patch 722075, you will need to re-compile the entire package and re-install.  Patch 722075 makes modifications to both the Perl source files, and the main snmp libraries so the above steps will not work.


Q:  I want to use Net-SNMP under Windows NT.   What should I do?

A:  You have at least two options:

  1. Download Net-SNMP 5.0.9 and compile using MSVC++ as described in the README.WIN32 file.  This should create a working snmptrapd.  See the question: How to I enable the Perl support for UCD-SNMP / Net-SNMP under Windows?
  2. Install Cygwin, download Net-SNMP (5.0.8+) and compile using gcc as described in the README.WIN32 file.  The Perl module appears to work fine under Cygwin. 


Q:  How to I enable the Perl support for UCD-SNMP / Net-SNMP under Windows?

Native Windows:

Use Net-SNMP 5.0.9 and read the perl\SNMP\README file.  To compile Net-SNMP 5.0.8 under Windows using MSVC++ 6.0, apply this patch and read the updated perl\SNMP\README file.

The program snmptt-net-snmp-test can be used to perform various translations to test the functionality of the installed UCD-SNMP / Net-SNMP Perl module.  The value of best_guess can be specified on the command line to determine how translations should occur.  If you are using 5.0.8+ with patch 722075, use:  snmptt-net-snmp-test --best_guess=2.

Cygwin:

Use Net-SNMP 5.0.9 and read the perl\SNMP\README file.  To compile Net-SNMP 5.0.8 under Windows using Cygwin, apply this patch and read the updated perl\SNMP\README file.  The only update that applies to Cygwin is the section on Cygwin in the README file.

The program snmptt-net-snmp-test can be used to perform various translations to test the functionality of the installed UCD-SNMP / Net-SNMP Perl module.  The value of best_guess can be specified on the command line to determine how translations should occur.  If you are using 5.0.8+ with patch 722075, use:  snmptt-net-snmp-test --best_guess=2.

Q:  I have enabled net_snmp_perl_enable but the variable names are not being translated into text using $vn, $-n, $+n, $-* or $+*.  How do I troubleshoot it?
Q:  I have enabled translate_integers but the integer values are not being translated into text.   How do I troubleshoot it?

A:  You must have the UCD-SNMP / Net-SNMP Perl module installed and working, and must ensure UCD-SNMP / Net-SNMP is configured correctly with all the required MIBS.

For starters, make sure the SNMP module is working.  Type:

perl
use SNMP;
If you get an error after typing 'use SNMP', then the module is not installed correctly.  Re-install the module and make sure you execute the tests while building.

If the MIB files are present, but translations do not occur, ensure UCD-SNMP / Net-SNMP is correctly configured to process all the required mibs.  This is configured in the snmp.conf file.  Alternatively, you can try setting the mibs_enviroment variable in snmptt.ini to ALL (no quotes) to force all MIBS to be initialized at SNMPTT startup.

If everything appears to be fine, try translating the variable name by hand by using snmptranslate.  Get the variable name OID from the snmptt.debug file from the second Value 0+ section, and type:

snmptranslate -Td oid
This should return the OBJECT-TYPE for the variable if it exists in a MIB file

If you are using UCD-SNMP v4.2.3, then the variables will not translate properly because SNMPTRAPD does not pass them correctly to SNMPTT.  Upgrade to a newer version of snmptrapd.  


Q: Are there any sample files to get me started?

A:  Yes, the examples folder contains a sample snmptt.conf file, and a sample trap file for testing.
  1. Install SNMPTT as described in this document
  2. Copy the snmptt.conf.generic file to the location specified in the snmptt.ini file (probably /etc/snmp/ or c:\snmp)
  3. Add snmptt.conf.generic to the snmptt_conf_files section of snmptt.ini.
  4. Test SNMPTT by typing:  snmptt < sample-trap.generic
  5. Check the logs files etc for a sample linkDown trap


Q:  SNMPTT is not working!  How do I troubleshoot it?

A:  Start by enabling enable_unknown_trap_log in the snmptt.ini file.  Look inside this file to see if the traps are being passed correctly to SNMPTT but not being handled correctly.  Next, enable debug mode of 2 and specify a debug text file to log to in the snmptt.ini file.  After a trap is received, take a look at the file to try to determine what is going wrong.  Disable both logs when you are finished.

To make troubleshooting a particular trap easier when working in daemon mode, try the following.  This will prevent you have having to continuously generate the trap on the host.

  1. Shut down SNMPTT
  2. Generate the trap
  3. Copy the resulting # file from the spool directory (/var/spool/snmptt) to the /tmp directory as /tmp/test-trap
  4. Edit the file, removing the first line (which is a large number that contains the date / time)
  5. Run SNMPTT in standalone method using: snmptt < test-trap
  6. Troubleshoot by using the log files etc


Q:  I have configured SNMPTT correctly with an snmptt.ini file, snmptt.conf file(s) etc and it still does not process traps.  Everything appears in the snmpttunknowntrap.log file.  What did I do wrong?

A:  You probably didn't start snmptrapd correctly.  Make sure it is started using:

snmptrapd -On
If it is not started with -On, then it will not pass traps using numeric OIDs and SNMPTT will not process them.

As an alternative, you can edit your snmp.conf file to include the line: printNumericOids 1.  This setting will take effect no matter what is used on the command line.

Note:  If the UCD-SNMP / Net-SNMP Perl module is installed and enabled, then SNMPTT should be able to handle traps passed using symbolic form.  The Perl module (used by SNMPTT) in Net-SNMP 5.0.8 and previous versions should be able to handle single symbolic names (eg: coldTrap).  UCD-SNMP may not properly convert symbolic names to numeric OIDs which could result in traps not being matched.  A patch is available from the Net-SNMP web site for 5.0.8+ to allow it to handle other symbolic names such as module::symbolic name (eg: SNMPv2-MIB::coldTrap) etc.  The patch is available from the contrib folder, or it can be downloaded from the Net-SNMP patch page.  Net-SNMP 5.1 and higher will contain this patch.


Q:  I have disabled syslog support in SNMPTT, but my syslog (or NT Event Log) is still filling up with trap messages.  How do I disable them?
Q:  I am using syslog (or NT Event Log) to log trap messages, but there are two log entries for each trap received.  How do I prevent it?

A:  What you are seeing are snmptrapd trap messages, not SNMPTT messages.  SNMPTT trap messages start with 'snmptt[pid]:' while snmptrapd messages start with 'snmptrapd[pid]:'.  If you do not start snmptrapd with either the -P or -o (lowercase o) switches, syslog support will be forced on.  Snmptrapd should be started using 'snmptrapd -On' and this results in syslog being forced on.  The reason for this is the original design of snmptrapd assumed that if you are not going to display messages on the screen or log to a file, then you must want syslog output.

A workaround is to have snmptrapd log all messages to /dev/null, or to a text file that can be regularily purged if needed.  To log to a text file, start snmptrapd using:

snmptrapd -On -o /var/log/snmptrapd.log
This will cause ALL snmptrapd messages to be logged to the file which means all snmptrapd 'system' messages such as startup and shutdown will not be logged to syslog.

A patch for Net-SNMP 5.0.7 is available that adds a new switch (-t) to prevent TRAP messages from being logged to syslog, but allowing system messages to continue to be logged.  The patch is available from the Net-SNMP patch section.  This patch will be available in Net-SNMP 5.1 when it's release.  With this patch, snmptrapd should be started using:

snmptrapd -On -t


Q:  I set translate_oids or translate_trap_oid, but the trap is being logged in numerical form.  Why?
Q:  I set translate_oids or translate_trap_oid to 1 or 3 in snmptt.ini, but the trap is not being logged with a long symbolic name.  Why?

A:  The current version of Net-SNMP (5.0.9 at the time of this writing) and everything before it does not support including the module name (eg: IF-MIB::) when translating an OID and most of the 5.0.x versions do not properly tranlsate numeric OIDs to long symbolic names.  A patch is available for 5.0.8+ that will appear in later releases of Net-SNMP (5.1+).  The patch is available from the contrib folder, or it can be downloaded from the Net-SNMP patch page.

The program snmptt-net-snmp-test can be used to perform various translations to test the functionality of the installed UCD-SNMP / NE-SNMP Perl module.  The value of best_guess can be specified on the command line to determine how translations should occur.

Q:  I converted a MIB using snmpttconvertmib (default snmptranslate mode) but the OIDs are appearing as text instead of being numerical.  Why?

For example:
EVENT linkUp .iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps.linkUp "Status Events" Normal

instead of

EVENT linkUp .1.3.6.1.6.3.1.1.5.4 "Status Events" Normal


A:  By default, snmpttconvertmib uses the snmptranslate command to convert MIB files.  With Net-SNMP v5.0.2 and newer, setting the -On switch on the snmptranslate command causes the output to be in numerical format, which is what is needed for snmpttconvertmib.

With Net-SNMP v5.0.1 and all versions of UCD-SNMP, setting the -On switch will TOGGLE the setting of using numerical output.  With Net-SNMP v5.0.2 and newer, setting the -On switch will FORCE the output to be numerical.

Snmpttconvermib will use the-On switch for snmptranslate only if it detects anything but UCD-SNMP or Net-SNMP v5.0.1.

If you are using UCD-SNMP, or Net-SNMP v5.0.1, the best option is to modify your snmp.conf file (for UCD-SNMP / Net-SNMP), and add or modify the line:

printNumericOids 1
This will cause all applications to output in numerical format including snmptranslate.  Note: This will affect other UCD-SNMP / Net-SNMP programs you are using, if any.
 
Q:  Does SNMPTT use DNS?

Only if it is enabled.  See the Name Resolution / DNS section.


Q:  Why doesn't the snmptt-init.d script work with Debian?

The snmptt-init.d script provided with SNMPTT was written for Mandrake and RedHat.  To make the script work with Debian without requiring any re-writing of the script, copy /etc/init.d/skeleton to /etc/init.d/functions.


Q:  Is there a front-end alarm browser available for SNMPTT?

A:  Take a look at SNMPTT-GUI.  SNMPTT-GUI aims to provide a web based frontend for SNMPTT.  The GUI is made up of server side perl cgi scripts with client side javascripts which interfaces to a SQL database using DBI::ODBC.

SNMPTT-GUI questions should be directed to the project admins on the SNMPTT-GUI Sourceforge page.
 

Q:  When I convert a MIB file using snmpttconvertmib I get 'Bad operator (_) errors.

A:  You need to enable support for underlines / underscores in MIB files.  See the snmp.conf man page.  Support can be enabled by adding this line to your ~/.snmp/snmp.conf file: 

mibAllowUnderline 1


Q:  Double quotation marks (") are being logged with a \ in front of them.  How can this be disabled?

A:  Set remove_backslash_from_quotes = 1 in the snmptt.ini to have the \ removed from double quotes (").