Receiving SNMP traps

Hi,

I am new to Sensu and just getting my head around how to set things up. I’ve created a few basic checks which are running OK and sending some test alerts to Pagerduty.

First, some quick background…

My main reason for getting Sensu set up is to send alerts when backup jobs fail. Management wants a system in place whereby when a backup fails an alert is sent out to me and if I don’t respond/acknowledge then it escalates to my manager. Looking at our backup software (Veeam) I found it can send SNMP traps on job completion. I tried to integrate this with our existing monitoring solution (Observium), but found that I could not import an MIB, hence why I’m looking into Sensu.

I found that there is an extension at https://github.com/sensu-extensions/sensu-extensions-snmp-trap which looks like it will do what I want, but what I can’t get my head round is the following:

Does this extension need to be installed on my Sensu server, or the client (i.e. my Veeam server)?

If it’s the server, do I then just configure Veeam to send all SNMP traps to the Sensu server?

If it’s the client, do I configure Veeam to send SNMP traps to localhost??

Sorry if this seems like a dumb question, but I’ve found the Sensu documentation somewhat confusing and disorganised, things have mentioned client when it should be server and vice-versa. Needless to say when I do get this set up I think a blog post is in order!

Thanks in advance for any help that’s out there!

Stuart

Hi Stuart,

Judging from your line of questioning I think you have the right idea. Sorry that it’s unclear how these pieces fit together.

The README for the extension describes it as a check extension for the client process. As such it will be loaded by sensu-client and ignored by other Sensu services. Conversely filter, mutator and handler extensions are loaded by the sensu-server process and ignored by sensu-client. This extension can be used with the sensu-client running on your Veeam server, or anywhere else you run sensu-client.

For the case you describe, I’d recommend running the SNMP trap extension via sensu-client on your Sensu server(s), or on one or more other systems you can use as a designated trap receiver pool.

I recommend this because the extension on currently doesn’t do much in terms of mapping incoming SNMP trap source IPs to existing Sensu client names. When a trap is received, the extension attempts to resolve the trap source IP address to a DNS name via reverse lookup, the result of which becomes the source of the resulting Sensu event. As such, traps sent to 127.0.0.1 will be resolved as originating from “localhost” so you’ll likely see these events being associated with a Sensu client named “localhost” instead of the Sensu client you might otherwise expect.

A blog post describing how you are using this would be awesome, I hope you have a chance to put one together! As always, our documentation efforts are on-going. If you can share examples of places where the documentation is confusing or incorrect by opening an issue against GitHub - sensu/sensu-docs: Sensu documentation that helps us a lot!

Regards,

Cameron