Module: check_mk
Branch: master
Commit: e33a07ccc63aa2e00cf36835080ff36c940e384e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e33a07ccc63aa2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Sep 26 09:12:07 2018 +0200
Add verbose log entries for not processed SNMP traps
When an SNMP trap can not be processed this results in no log entry by
default. When now setting the new "SNMP trap processing" log to verbose
there are now entries added for dropped traps. They look like this:
2018-09-25 16:15:02,143 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:38365.
Checking for acceptance now.
2018-09-25 16:15:02,149 [15] [cmk.mkeventd.snmp] Trap (v1) dropped from 127.0.0.1: Unknown
community (asd)
2018-09-25 16:15:06,019 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:42741.
Checking for acceptance now.
2018-09-25 16:15:06,021 [15] [cmk.mkeventd.snmp] Trap (v1) dropped from 127.0.0.1: Unknown
community (x)
2018-09-25 16:15:08,253 [15] [cmk.mkeventd.snmp] Trap received from 127.0.0.1:37728.
Checking for acceptance now.
2018-09-25 16:15:08,255 [15] [cmk.mkeventd.snmp] Trap (v3) dropped from 127.0.0.1: Unknown
credentials (msgUserName: usr-sha-aes128)
CMK-905
Change-Id: I624ec2d2827b8256bd3fc6261c713d8cccde4c91
---
cmk/ec/defaults.py | 1 +
cmk/ec/main.py | 7 ++++++-
cmk/ec/snmp.py | 17 +++++++++++++++++
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/cmk/ec/defaults.py b/cmk/ec/defaults.py
index 784154b..07485d8 100644
--- a/cmk/ec/defaults.py
+++ b/cmk/ec/defaults.py
@@ -68,6 +68,7 @@ def default_config():
"log_level": {
"cmk.mkeventd": cmk.log.INFO,
"cmk.mkeventd.EventServer": cmk.log.INFO,
+ "cmk.mkeventd.EventServer.snmp": cmk.log.INFO,
"cmk.mkeventd.EventStatus": cmk.log.INFO,
"cmk.mkeventd.StatusServer": cmk.log.INFO,
"cmk.mkeventd.lock": cmk.log.INFO,
diff --git a/cmk/ec/main.py b/cmk/ec/main.py
index 0e37388..7ecdc73 100644
--- a/cmk/ec/main.py
+++ b/cmk/ec/main.py
@@ -865,7 +865,12 @@ class EventServer(ECServerThread):
self._logger.verbose("Trap received from %s:%d. Checking for acceptance
now." % sender_address)
engine = self._snmp_trap_engine.snmp_engine
engine.setUserContext(sender_address=sender_address)
- engine.msgAndPduDsp.receiveMessage(engine, (), (), message)
+ engine.msgAndPduDsp.receiveMessage(
+ snmpEngine=engine,
+ transportDomain=(),
+ transportAddress=sender_address,
+ wholeMsg=message
+ )
def handle_snmptrap(self, snmp_engine, state_reference, context_engine_id,
context_name,
var_binds, cb_ctx):
diff --git a/cmk/ec/snmp.py b/cmk/ec/snmp.py
index 50d606c..9043b75 100644
--- a/cmk/ec/snmp.py
+++ b/cmk/ec/snmp.py
@@ -30,6 +30,7 @@ import pysnmp.entity.config
import pysnmp.entity.engine
import pysnmp.entity.rfc3413.ntfrcv
import pysnmp.proto.api
+import pysnmp.proto.errind
# Needed for trap translation
import pysnmp.smi.builder
@@ -61,6 +62,10 @@ class SNMPTrapEngine(object):
# Hand over our logger to PySNMP
pysnmp.debug.setLogger(pysnmp.debug.Debug("all",
printer=self._logger.debug))
+
self.snmp_engine.observer.registerObserver(self._handle_unauthenticated_snmptrap,
+ "rfc2576.prepareDataElements:sm-failure",
"rfc3412.prepareDataElements:sm-failure")
+
+
@staticmethod
def _auth_proto_for(proto_name):
@@ -129,6 +134,18 @@ class SNMPTrapEngine(object):
securityEngineId=pysnmp.proto.api.v2c.OctetString(hexValue=engine_id))
+ def _handle_unauthenticated_snmptrap(self, snmp_engine, execpoint, variables,
cb_ctx):
+ if variables["securityLevel"] in [ 1, 2 ] and
variables["statusInformation"]["errorIndication"] ==
pysnmp.proto.errind.unknownCommunityName:
+ msg = "Unknown community (%s)" %
variables["statusInformation"].get("communityName", "")
+ elif variables["securityLevel"] == 3 and
variables["statusInformation"]["errorIndication"] ==
pysnmp.proto.errind.unknownSecurityName:
+ msg = "Unknown credentials (msgUserName: %s)" %
variables["statusInformation"].get("msgUserName", "")
+ else:
+ msg = "%s" % variables["statusInformation"]
+
+ self._logger.verbose("Trap (v%d) dropped from %s: %s",
+ variables["securityLevel"],
variables["transportAddress"][0], msg)
+
+
class SNMPTrapTranslator(object):
def __init__(self, settings, config, logger):
super(SNMPTrapTranslator, self).__init__()