Forwarding alarms northbound via Syslog messages and SNMP traps

how-to
northbounder
alarms
snmp-traps
#1

OpenNMS can be configured to forward alarms to other systems using various northbounders.

In this walkthrough we’ll show how you can enable the Syslog and SNMP Trap northbounders.

Enable the Syslog Northbounder

To enable the Syslog Northbounder, edit $OPENNMS_HOME/etc/syslog-northbounder-configuration.xml and change:

<enabled>false</enabled>

to:

<enabled>true</enabled>

Syslog messages will be sent to 127.0.0.1:514 by default

Enable the SNMP Trap Northbounder

To enable the SNMP Trap Northbounder, edit $OPENNMS_HOME/etc/snmptrap-northbounder-configuration.xml and change:

<enabled>false</enabled>

to:

<enabled>true</enabled>

In that same file, define a new trap sink as follows:

<snmp-trap-sink>
  <name>demo</name>
  <ip-address>127.0.0.1</ip-address>
  <port>162</port>
  <version>v2c</version>
  <mapping-group name="Sample Mappings">
         <rule>uei matches '.*'</rule> <!-- Match all -->
         <mapping name="generic trigger">
                <rule>uei == 'uei.opennms.org/alarms/trigger'</rule>
                <enterprise-oid>.1.2.3.4.5.6.7.8.101</enterprise-oid>
                <generic>6</generic>
                <specific>1</specific>
                <varbind>
                   <oid>.1.2.3.4.5.6.7.8.2</oid>
                   <type>OctetString</type>
                   <value>parameters['service']</value><!-- Value of the parameter named service -->
                   <max>48</max><!-- Maximum length for OctetString varibinds -->
                </varbind>
         </mapping>
  </mapping-group>
</snmp-trap-sink>

Apply the changes

Apply the changes by restarting OpenNMS.

Trigger and verify

We’ll use tcpdump to validate that the Syslog messages and SNMP traps are actually sent:

tcpdump -XX -i lo port 162 or port 514

We can then trigger some arbitrary alarm using:

$OPENNMS_HOME/bin/send-event.pl -p "service maple" uei.opennms.org/alarms/trigger

tcpdump should show output similar to:

$ sudo tcpdump -XX -i lo port 162 or port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
13:07:48.424654 IP localhost.44543 > localhost.syslog: SYSLOG local0.warning, length: 95
        0x0000:  0000 0000 0000 0000 0000 0000 0800 4500  ..............E.
        0x0010:  007b 81bb 4000 4011 bab4 7f00 0001 7f00  .{..@.@.........
        0x0020:  0001 adff 0202 0067 fe7a 3c31 3332 3e41  .......g.z<132>A
        0x0030:  7072 2020 3520 3133 3a30 373a 3438 2066  pr..5.13:07:48.f
        0x0040:  6465 7620 4f70 656e 4e4d 533a 2041 4c41  dev.OpenNMS:.ALA
        0x0050:  524d 2049 443a 3134 3120 4e4f 4445 3a3b  RM.ID:141.NODE:;
        0x0060:  2041 2070 726f 626c 656d 2068 6173 2062  .A.problem.has.b
        0x0070:  6565 6e20 7472 6967 6765 7265 6420 6f6e  een.triggered.on
        0x0080:  202f 2f6d 6170 6c65 2e                   .//maple.
13:07:48.425416 IP localhost.56145 > localhost.snmptrap:  V2Trap(76)  system.sysUpTime.0=1554484068 S:1.1.4.1.0=.iso.2.3.4.5.6.7.8.101.1 .iso.2.3.4.5.6.7.8.2="maple"
        0x0000:  0000 0000 0000 0000 0000 0000 0800 4500  ..............E.
        0x0010:  0077 81bd 4000 4011 bab6 7f00 0001 7f00  .w..@.@.........
        0x0020:  0001 db51 00a2 0063 fe76 3059 0201 0104  ...Q...c.v0Y....
        0x0030:  0670 7562 6c69 63a7 4c02 0423 86e2 b602  .public.L..#....
        0x0040:  0100 0201 0030 3e30 1006 082b 0601 0201  .....0>0...+....
        0x0050:  0103 0043 045c a78b 6430 1706 0a2b 0601  ...C.\..d0...+..
        0x0060:  0603 0101 0401 0006 092a 0304 0506 0708  .........*......
        0x0070:  6501 3011 0608 2a03 0405 0607 0802 0405  e.0...*.........
        0x0080:  6d61 706c 65                             maple

Here we see packets corresponding to both the Syslog message and SNMP trap that were generated.

1 Like
Haven't found guidance how to configure SNMP north-bounder for alarms