[checkmk-commits] Add verbose log entries for not processed SNMP traps

Module: check_mk Branch: master Commit: e33a07ccc63aa2e00cf36835080ff36c940e384e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e33a07ccc63aa2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Sep 26 09:12:07 2018 +0200 Add verbose log entries for not processed SNMP traps When an SNMP trap can not be processed this results in no log entry by default. When now setting the new "SNMP trap processing" log to verbose there are now entries added for dropped traps. They look like this: 2018-09-25 16:15:02,143 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:38365. Checking for acceptance now. 2018-09-25 16:15:02,149 [15] [cmk.mkeventd.snmp] Trap (v1) dropped from 127.0.0.1: Unknown community (asd) 2018-09-25 16:15:06,019 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:42741. Checking for acceptance now. 2018-09-25 16:15:06,021 [15] [cmk.mkeventd.snmp] Trap (v1) dropped from 127.0.0.1: Unknown community (x) 2018-09-25 16:15:08,253 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:37728. Checking for acceptance now. 2018-09-25 16:15:08,255 [15] [cmk.mkeventd.snmp] Trap (v3) dropped from 127.0.0.1: Unknown credentials (msgUserName: usr-sha-aes128) CMK-905 Change-Id: I624ec2d2827b8256bd3fc6261c713d8cccde4c91 --- cmk/ec/defaults.py | 1 + cmk/ec/main.py | 7 ++++++- cmk/ec/snmp.py | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/cmk/ec/defaults.py b/cmk/ec/defaults.py index 784154b..07485d8 100644 --- a/cmk/ec/defaults.py +++ b/cmk/ec/defaults.py @@ -68,6 +68,7 @@ def default_config(): "log_level": { "cmk.mkeventd": cmk.log.INFO, "cmk.mkeventd.EventServer": cmk.log.INFO, + "cmk.mkeventd.EventServer.snmp": cmk.log.INFO, "cmk.mkeventd.EventStatus": cmk.log.INFO, "cmk.mkeventd.StatusServer": cmk.log.INFO, "cmk.mkeventd.lock": cmk.log.INFO, diff --git a/cmk/ec/main.py b/cmk/ec/main.py index 0e37388..7ecdc73 100644 --- a/cmk/ec/main.py +++ b/cmk/ec/main.py @@ -865,7 +865,12 @@ class EventServer(ECServerThread): self._logger.verbose("Trap received from %s:%d. Checking for acceptance now." % sender_address) engine = self._snmp_trap_engine.snmp_engine engine.setUserContext(sender_address=sender_address) - engine.msgAndPduDsp.receiveMessage(engine, (), (), message) + engine.msgAndPduDsp.receiveMessage( + snmpEngine=engine, + transportDomain=(), + transportAddress=sender_address, + wholeMsg=message + ) def handle_snmptrap(self, snmp_engine, state_reference, context_engine_id, context_name, var_binds, cb_ctx): diff --git a/cmk/ec/snmp.py b/cmk/ec/snmp.py index 50d606c..9043b75 100644 --- a/cmk/ec/snmp.py +++ b/cmk/ec/snmp.py @@ -30,6 +30,7 @@ import pysnmp.entity.config import pysnmp.entity.engine import pysnmp.entity.rfc3413.ntfrcv import pysnmp.proto.api +import pysnmp.proto.errind # Needed for trap translation import pysnmp.smi.builder @@ -61,6 +62,10 @@ class SNMPTrapEngine(object): # Hand over our logger to PySNMP pysnmp.debug.setLogger(pysnmp.debug.Debug("all", printer=self._logger.debug)) + self.snmp_engine.observer.registerObserver(self._handle_unauthenticated_snmptrap, + "rfc2576.prepareDataElements:sm-failure", "rfc3412.prepareDataElements:sm-failure") + + @staticmethod def _auth_proto_for(proto_name): @@ -129,6 +134,18 @@ class SNMPTrapEngine(object): securityEngineId=pysnmp.proto.api.v2c.OctetString(hexValue=engine_id)) + def _handle_unauthenticated_snmptrap(self, snmp_engine, execpoint, variables, cb_ctx): + if variables["securityLevel"] in [ 1, 2 ] and variables["statusInformation"]["errorIndication"] == pysnmp.proto.errind.unknownCommunityName: + msg = "Unknown community (%s)" % variables["statusInformation"].get("communityName", "") + elif variables["securityLevel"] == 3 and variables["statusInformation"]["errorIndication"] == pysnmp.proto.errind.unknownSecurityName: + msg = "Unknown credentials (msgUserName: %s)" % variables["statusInformation"].get("msgUserName", "") + else: + msg = "%s" % variables["statusInformation"] + + self._logger.verbose("Trap (v%d) dropped from %s: %s", + variables["securityLevel"], variables["transportAddress"][0], msg) + + class SNMPTrapTranslator(object): def __init__(self, settings, config, logger): super(SNMPTrapTranslator, self).__init__()