TECHZEN Zenoss User Community ARCHIVE  
FORUMS / ZenPacks, JSON API, and Integrations / DISCUSSION

SNMP traps no longer being reported after installing Cisco MIB zenpack

Subject: SNMP traps no longer being reported after installing Cisco MIB zenpack
Author: anon anon
Posted: 2017-08-18 12:53

Hey,

I installed the zenoss core OVA the other day to play around with it and do some testing. I added a Cisco WLC 4404 as a device, and almost immediately, traps started coming in from that device (I pointed the WLC to the zenoss server) and being displayed in the "Events" section of the device.

However, as no MIBs were loaded, all of the traps just showed up as OIDs. In order to rectify this, I installed the below community Cisco MIB zenpack

<https://www.zenoss.com/product/zenpacks/cisco-mibs>

It took several hours to install the Zenpack, but after the install, a ton of Cisco MIBs appeared under the MIBs section.

HOWEVER, SNMP traps are no longer showing up in the event section at all! I verified via running tcpdump that the SNMP traps are still getting to the Zenoss appliance from the WLC. They are showing up when I run tcpdump on the zenoss device. They are NOT showing up in the event section though, it's like they are being "filtered" out now.

Does anyone know what would cause this? I tried restarting zentrap, zenoss.core service, and even the entire virtual appliance to no avail. There still are no SNMP traps of any sort showing up in the events section (either in the device itself or the overall event view).

Thanks for the help


It took several hours to install that Zenpack, but after the install

------------------------------
anon anon
anon
TX
------------------------------

Subject: RE: SNMP traps no longer being reported after installing Cisco MIB zenpack
Author: anon anon
Posted: 2017-08-18 16:24

After some investigation, I see now in the tcpdump that as soon as a trap comes in, my zenoss host is replying with a destination unreachable message.

I have tried restarting zentrap several times The address assignments all look right, my host IP is 10.1.144.20, and zentrap has an address assignment of 10.1.144.20:162.

Netstat doesn't seem to show anything else running on that port.

I have no idea why my zenoss host is replying with destination unreachable, but I am guessing that is why I am not seeing any traps. This all started after installing that zenpack.

Does anyone have any ideas?


------------------------------
anon anon
anon
TX
------------------------------

Subject: RE: SNMP traps no longer being reported after installing Cisco MIB zenpack
Author: Ryan Matte
Posted: 2019-01-17 13:12

When zentrap is restarted, or stopped/started the container IP can change and something that can happen is the conntrack table entry won't get cleared properly on the linux host and it'll continue trying to route the traps coming in to the old zentrap container.

You can try running the following command on your serviced hosts as root to see if that's what's going on.  The traps should starts coming in moments later...

conntrack --flush

An important thing to know would be whether or not the traps are making it in to the zentrap container itself.  You should attach to the zentrap container then run the tcpdump there to see if the above command doesn't fix the problem.



------------------------------
Ryan Matte
------------------------------


< Previous
Monitoring AWS Service Health Dashboard 		  Next
Collecting String data from SNMP during performance cycle? 		>