i think snmp trap image has wrong config

thej4ck commented 4 years ago

is this LOGFMT correct for zabbix? "$x ZBXTRAP $R $G $S $e $*\"/' \

this is the default used in dockerfile in 5.0 i use latest docker compose file. it all works, but not snmptraps. snmptraps.log is correctly populated when trap is recieved but it's not consumed by zabbix server. Zabbix container does correctly acces the shared volume on /var/lib/zabbix/snmptraps (RO from server, RW from snmptrap). I cannot no log in zabbix-server. is default config bugged?

thej4ck commented 4 years ago

the default v5 documentation speaks about another format of traps. thats why i'm opening thi issue.

dotneft commented 4 years ago

maybe you do not have snmp trapper process in server container?

thej4ck commented 4 years ago

it's on, i followed all guides

thej4ck commented 4 years ago

bash-5.0$ ps axf | grep snmp 163 zabbix 0:00 /usr/sbin/zabbix_server: snmp trapper [processed data in 0.000032 sec, idle 1 sec] 205 zabbix 0:00 grep snmp

dotneft commented 4 years ago

please show an example of received snmptrap from the log file.

thej4ck commented 4 years ago

bash-5.0$ cat /var/lib/zabbix/snmptraps/snmptraps.log 
20200603.144409 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.144417 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.144425 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 HOST10.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.144428 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 HOST10.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.150000 ZBXTRAP 172.21.0.92 SNMPv2-MIB::authenticationFailure 0 (null) SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232.9.4.10 
20200603.150000 ZBXTRAP 172.21.0.92 SNMPv2-MIB::authenticationFailure 0 (null) SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232.9.4.10 
20200603.150409 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.150758 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.153838 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.153847 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.153850 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.153857 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.153910 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154222 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154224 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154224 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154225 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154225 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.154225 ZBXTRAP 172.21.0.92 6 11003 (null) SNMPv2-MIB::sysName.0 ILOCZ232903MS.scao.locale SNMPv2-SMI::enterprises.232.11.2.11.1.0 4 SNMPv2-SMI::enterprises.232.11.2.8.1.0 Remote Insight Test Trap SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232 
20200603.155958 ZBXTRAP 172.21.0.92 SNMPv2-MIB::authenticationFailure 0 (null) SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232.9.4.10 
20200603.155958 ZBXTRAP 172.21.0.92 SNMPv2-MIB::authenticationFailure 0 (null) SNMP-COMMUNITY-MIB::snmpTrapAddress.0 172.21.0.92 SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 public SNMPv2-MIB::snmpTrapEnterprise.0 SNMPv2-SMI::enterprises.232.9.4.10

dotneft commented 4 years ago

looks good. how did you configured snmp trap item?

thej4ck commented 4 years ago

i've default snmptrap item

dotneft commented 4 years ago

screenshot？

thej4ck commented 4 years ago

it's the default from snmpv2 template

thej4ck commented 4 years ago

does zabbix log traps recieved, even there is not a configurated item related?

thej4ck commented 4 years ago

i've done something wrong?

dotneft commented 4 years ago

Everything looks fine. Please check zabbix server log for any errors

thej4ck commented 4 years ago

it's default docker image i'm checking in the console output, because there is no log file, bot nothing signalled. That is why i'm opening the issue

dotneft commented 4 years ago

Try to increase level of debug for SNMP trapper:

Inside server container execute zabbix_server -R log_level_increase="snmp trapper"
Send trap
Check server log for new records in debug mode.

thej4ck commented 4 years ago

() title:'snmp trapper [processed data in 0.019311 sec, idle 1 sec]'

163:20200604:064601.447 zbx_setproctitle() title:'snmp trapper [processing data]' 163:20200604:064601.447 In DCconfig_get_snmp_interfaceids_by_addr() addr:'172.21.0.92' 163:20200604:064601.447 End of DCconfig_get_snmp_interfaceids_by_addr():1 163:20200604:064601.447 In DCconfig_get_snmp_items_by_interfaceid() interfaceid:3 163:20200604:064601.447 End of DCconfig_get_snmp_items_by_interfaceid():1 163:20200604:064601.447 In substitute_key_macros_impl() data:'snmptrap.fallback' 163:20200604:064601.447 End of substitute_key_macros_impl():SUCCEED data:'snmptrap.fallback' 163:20200604:064601.447 In calc_timestamp() 163:20200604:064601.447 calc_timestamp() 20:00:04 09/01/0645 163:20200604:064601.447 End of calc_timestamp() timestamp:0 163:20200604:064601.447 In zbx_preprocess_item_value() 163:20200604:064601.447 End of zbx_preprocess_item_value() 163:20200604:064601.447 In zbx_ipc_socket_write() 163:20200604:064601.447 End of zbx_ipc_socket_write():SUCCEED 163:20200604:064601.447 zbx_setproctitle() title:'snmp trapper [processed data in 0.000418 sec, idle 1 sec]' 163:20200604:064602.447 zbx_setproctitle() title:'snmp trapper [processing data]' 163:20200604:064602.447 zbx_setproctitle() title:'snmp trapper [processed data in 0.000051 sec, idle 1 sec]' 163:20200604:064603.447 zbx_setproctitle() title:'snmp trapper [processing data]' 163:20200604:064603.447 zbx_setproctitle() title:'snmp trapper [processed data in 0.000054 sec, idle 1 sec]'

thej4ck commented 4 years ago

timestamp parsing issue?

narenmakwana commented 4 years ago

just curious did you have to something special for /var/lib/zabbix/snmptraps/snmptraps.log to be created ? coz i keep getting Cannot open log file '/var/tmp/snmptrapfmt.trc' [File exists] and when i connect to snmp trap docker and vi that file i see this in that file

20200604.160151 (snmptrapfmt-7): Cannot append to logfile '/var/lib/zabbix/snmptraps/snmptraps.log' [Permission denied]

thej4ck commented 4 years ago

Ok, @narenmakwana your problem is about mount permissions. I've got the same problem. Notice that the snmptraps dir is root:root and not zabbix:root, so you cannot write on it. I changed the compose using a volume (on both server and snmptraps containers) and not a bind.

volumes:

snmptraps:var/lib/zabbix/snmptraps

After that, the service can write and zabbix scan read. But the problem in this issue comes after yours.

narenmakwana commented 4 years ago

ok let me figure out how to do what you did (i m not expert with docker yet :) ) . in mean time i was curious how does one define snmp community to something else other then public ?

thej4ck commented 4 years ago

Use Macro for community.

narenmakwana commented 4 years ago

sorry for lack of my understanding but i thought /etc/snmp/snmptrapd.conf has authCommunity log,execute,net public disableAuthorization yes traphandle default /usr/sbin/snmptrapfmthdlr

Also i dont want to use public so dont i need to edit snmp.onf file too ?

narenmakwana commented 4 years ago

well i m using volumes and i m using compose yml which is on zabbix git hub https://github.com/zabbix/zabbix-docker/blob/5.0/docker-compose_v3_alpine_mysql_latest.yaml

I tried changing volumes from ro to rw and even removed ro but no luck :(

thej4ck commented 4 years ago

you have to change the two lines (in zabbix-server and in snmptrap)

./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps[ro|rw]

in

snmptraps:var/lib/zabbix/snmptraps

narenmakwana commented 4 years ago

i think thats what i did.

version: '3.5' services: zabbix-server: image: zabbix/zabbix-server-mysql:alpine-5.0-latest ports:

"10051:10051" volumes:
/etc/localtime:/etc/localtime:ro
/etc/timezone:/etc/timezone:ro
./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps

and

zabbix-snmptraps: image: zabbix/zabbix-snmptraps:alpine-5.0-latest ports:

"162:1162/udp" volumes:
./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps

sorry for my confusion but are you saying replace ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps WITH nmptraps:var/lib/zabbix/snmptraps ?

thej4ck commented 4 years ago

_sorry for my confusion but are you saying replace ./zbxenv/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps WITH snmptraps:var/lib/zabbix/snmptraps ?

yes

narenmakwana commented 4 years ago

ok i think i suck at this :) so i tried as you said and got this error.

ERROR: Named volume "snmptraps:/var/lib/zabbix/snmptraps:rw" is used in service "zabbix-snmptraps" but no declaration was found in the volumes section.

so then added this at 2 places.

./zbx_env/snmptraps:/var/lib/zabbix/snmptraps

started everything but still same error.

thej4ck commented 4 years ago

timestamp parsing issue?

@dotneft it's a problem about timestamp parsing?

narenmakwana commented 4 years ago

ok so i m not even getting TEXT format of snmp traps. in snmptrap.log i do see entries.

thej4ck commented 4 years ago

https://github.com/zabbix/zabbix-docker/issues/632#issuecomment-638347427

narenmakwana commented 4 years ago

i may be wrong it might be something to do with community string.

thej4ck commented 4 years ago

let me know if u discover something

narenmakwana commented 4 years ago

sure

narenmakwana commented 4 years ago

any luck on fixing this ?

dotneft commented 4 years ago

Please do something like this:

diff --git a/docker-compose_v3_alpine_mysql_latest.yaml b/docker-compose_v3_alpine_mysql_latest.yaml
index b767e44..c4a933b 100644
--- a/docker-compose_v3_alpine_mysql_latest.yaml
+++ b/docker-compose_v3_alpine_mysql_latest.yaml
@@ -14,7 +14,7 @@ services:
    - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
    - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
    - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
-   - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
   links:
    - mysql-server:mysql-server
    - zabbix-java-gateway:zabbix-java-gateway
@@ -80,7 +80,7 @@ services:
    - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
    - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
    - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
-   - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
   links:
    - zabbix-server:zabbix-server
    - zabbix-java-gateway:zabbix-java-gateway
@@ -130,7 +130,7 @@ services:
    - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
    - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
    - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
-   - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
   links:
    - zabbix-server:zabbix-server
    - zabbix-java-gateway:zabbix-java-gateway
@@ -361,7 +361,7 @@ services:
   ports:
    - "162:1162/udp"
   volumes:
-   - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
+   - snmptraps:/var/lib/zabbix/snmptraps
   deploy:
    resources:
     limits:
@@ -446,6 +446,9 @@ networks:
       config:
       - subnet: 172.16.239.0/24

+volumes:
+  snmptraps:
+
 secrets:
   MYSQL_USER:
     file: ./.MYSQL_USER

The issue will be fixed soon!

dotneft commented 4 years ago

Fixed! Update compose files.

zabbix / zabbix-docker

i think snmp trap image has wrong config #632