How to forward alarms northbound via Syslog messages and SNMP traps

OpenNMS can be configured to forward alarms to other systems using various northbounders.

In this walkthrough we’ll show how you can enable the Syslog and SNMP Trap northbounders.

Enable the Syslog Northbounder

To enable the Syslog Northbounder, edit $OPENNMS_HOME/etc/syslog-northbounder-configuration.xml and change:

<enabled>false</enabled>

to:

<enabled>true</enabled>

Syslog messages will be sent to 127.0.0.1:514 by default

Enable the SNMP Trap Northbounder

To enable the SNMP Trap Northbounder, edit $OPENNMS_HOME/etc/snmptrap-northbounder-configuration.xml and change:

<enabled>false</enabled>

to:

<enabled>true</enabled>

In that same file, define a new trap sink as follows:

<snmp-trap-sink>
  <name>demo</name>
  <ip-address>127.0.0.1</ip-address>
  <port>162</port>
  <version>v2c</version>
  <mapping-group name="Sample Mappings">
         <rule>uei matches '.*'</rule> <!-- Match all -->
         <mapping name="generic trigger">
                <rule>uei == 'uei.opennms.org/alarms/trigger'</rule>
                <enterprise-oid>.1.2.3.4.5.6.7.8.101</enterprise-oid>
                <generic>6</generic>
                <specific>1</specific>
                <varbind>
                   <oid>.1.2.3.4.5.6.7.8.2</oid>
                   <type>OctetString</type>
                   <value>parameters['service']</value><!-- Value of the parameter named service -->
                   <max>48</max><!-- Maximum length for OctetString varibinds -->
                </varbind>
         </mapping>
  </mapping-group>
</snmp-trap-sink>

Apply the changes

Apply the changes by restarting OpenNMS.

Trigger and verify

We’ll use tcpdump to validate that the Syslog messages and SNMP traps are actually sent:

tcpdump -XX -i lo port 162 or port 514

We can then trigger some arbitrary alarm using:

$OPENNMS_HOME/bin/send-event.pl -p "service maple" uei.opennms.org/alarms/trigger

tcpdump should show output similar to:

$ sudo tcpdump -XX -i lo port 162 or port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
13:07:48.424654 IP localhost.44543 > localhost.syslog: SYSLOG local0.warning, length: 95
        0x0000:  0000 0000 0000 0000 0000 0000 0800 4500  ..............E.
        0x0010:  007b 81bb 4000 4011 bab4 7f00 0001 7f00  .{..@.@.........
        0x0020:  0001 adff 0202 0067 fe7a 3c31 3332 3e41  .......g.z<132>A
        0x0030:  7072 2020 3520 3133 3a30 373a 3438 2066  pr..5.13:07:48.f
        0x0040:  6465 7620 4f70 656e 4e4d 533a 2041 4c41  dev.OpenNMS:.ALA
        0x0050:  524d 2049 443a 3134 3120 4e4f 4445 3a3b  RM.ID:141.NODE:;
        0x0060:  2041 2070 726f 626c 656d 2068 6173 2062  .A.problem.has.b
        0x0070:  6565 6e20 7472 6967 6765 7265 6420 6f6e  een.triggered.on
        0x0080:  202f 2f6d 6170 6c65 2e                   .//maple.
13:07:48.425416 IP localhost.56145 > localhost.snmptrap:  V2Trap(76)  system.sysUpTime.0=1554484068 S:1.1.4.1.0=.iso.2.3.4.5.6.7.8.101.1 .iso.2.3.4.5.6.7.8.2="maple"
        0x0000:  0000 0000 0000 0000 0000 0000 0800 4500  ..............E.
        0x0010:  0077 81bd 4000 4011 bab6 7f00 0001 7f00  .w..@.@.........
        0x0020:  0001 db51 00a2 0063 fe76 3059 0201 0104  ...Q...c.v0Y....
        0x0030:  0670 7562 6c69 63a7 4c02 0423 86e2 b602  .public.L..#....
        0x0040:  0100 0201 0030 3e30 1006 082b 0601 0201  .....0>0...+....
        0x0050:  0103 0043 045c a78b 6430 1706 0a2b 0601  ...C.\..d0...+..
        0x0060:  0603 0101 0401 0006 092a 0304 0506 0708  .........*......
        0x0070:  6501 3011 0608 2a03 0405 0607 0802 0405  e.0...*.........
        0x0080:  6d61 706c 65                             maple

Here we see packets corresponding to both the Syslog message and SNMP trap that were generated.

1 Like

Hi @jesse. I Finally got around testing out a bit here.
One thing that took some of my time was that if you manage get null in the varbind value the trap is very silently just ignored from being sent. Even on debug. The reason is a null pointer in SnmpTrapHelper.addParameters -> value.getContent().

Then I wonder if there is any good description on the snmp parameters in the NB config file. Especially the varbin section. Can we have some more advanced annotated examples?

Regards
/Johan

Got a bit further but cannot figure out how to just pass on an alarm with a lot of varbinds. Seems like the whole NB logic relies on that you rebuild your traps basically. Or am I missing something fundamental here?

Hi @jesse

Thanks a lot for the sample XML file, it works in my setup greatly. I’m new to OpenNMS and I have an additional question followup on the example you listed above.

If I want SNMP Northbound to send all alerts, what do I need to modify in snmptrap-northbounder-configuration.xml file base on your example?

Thank you for your help,

Regards,
Arron