In this article, I will give an example of SNMP Traps display about Loop Detect in Zabbix.
Let’s configure SNMP Traps, for example, as I described in the article:
Configuring Zabbix SNMP Traps
Then you need to specify the required OIDs in the /etc/snmp/snmptt.conf file, for example, for D-Link DES-3200 I indicated:
# LoopDetected (ixnfo.com tested on des3200 c1 v4.48)
EVENT LoopDetected .1.3.6.1.4.1.171.11.113.1.3.2.20.0.3 "Status Events" Normal
FORMAT ZBXTRAP $aA Loop Detected Port:$1
# LoopDetected (ixnfo.com tested on des3200 a1 v1.83)
EVENT LoopDetected .1.3.6.1.4.1.171.11.113.1.5.2.20.0.3 "Status Events" Normal
FORMAT ZBXTRAP $aA Loop Detected Port:$1
If you do not know what SNMP OIDs your switches send when LoopDetected, then you can ask the manufacturer for archives with MIB and OIDs, or configure SNMP Trap on the switch, then make a loop and the required OIDs will be displayed in the /var/log/snmptt/snmpttunknown.log file
I will show a few more OIDs that I determined when the D-Link switches sent them:
# swDoSAttackDetected
EVENT swDoSAttackDetected .1.3.6.1.4.1.171.12.59.4.0.1 "Status Events" Normal
FORMAT swDoSAttackDetected $1 IP:$2 PORT:$3
# System change operation mode from normal to exhausted
EVENT swSafeGuardChgToExhausted .1.3.6.1.4.1.171.12.19.4.1.0.1 "Status Events" Normal
FORMAT SafeGuard Exhausted (swSafeGuardChgToExhausted) 1-$1
# System change operation mode from exhausted to normal
EVENT swSafeGuardChgToNormal .1.3.6.1.4.1.171.12.19.4.1.0.2 "Status Events" Normal
FORMAT SafeGuard Normal (swSafeGuardChgToNormal) 1-$1
# The process of upgrading the firmware via SNMP has finished
EVENT agentFirmwareUpgrade .1.3.6.1.4.1.171.12.1.7.2.0.7 "Status Events" Normal
FORMAT Upgrading the firmware via SNMP has finished. Version:$1
# Illegal DHCP server is detected
EVENT swFilterDetectedTrap .1.3.6.1.4.1.171.12.37.100.0.1 "Status Events" Normal
FORMAT Illegal DHCP server IP address detected IP:$1 PORT:$2(swFilterDetectedTrap)
# The configuration is completely saved, uploaded or downloaded
EVENT agentCfgOperCompleteTrap .1.3.6.1.4.1.171.12.1.7.2.0.9 "Status Events" Normal
FORMAT CFG Saved. User: $3 (agentCfgOperCompleteTrap) 1-$1 2-$2
#
EVENT swUnitTPChange .1.3.6.1.4.1.171.12.11.2.2.1.0.4 "Status Events" Normal
FORMAT Stacking topology is Chain. Master ($1 $2 MAC: $3) (swUnitTPChange)
...
I will give an example of configuring SNMP Traps on D-Link DES-3200 (A1/B1/C1):
enable snmp
enable snmp traps
create snmp community IXNFO view CommunityView read_only
create snmp host 192.168.2.2 v2c IXNFO
# enable the necessary traps
config loopdetect trap loop_detected
config temperature trap state enable
# disable unnecessary traps
config snmp coldstart_traps disable
config snmp warmstart_traps disable
disable snmp authenticate_traps
disable snmp linkchange_traps
config bpdu_protection trap none
config traffic trap none
config dos_prevention trap disable
config filter dhcp_server trap disable
An example of configuring SNMP Traps on ZyXEL MES-3528:
snmp-server trap-community IXNFO
snmp-server trap-destination 192.168.2.2
snmp-server trap-destination 192.168.2.2 enable traps system loopguard
An example of configuring SNMP Traps on a Huawei Quidway S2326:
snmp-agent
snmp-agent community read cipher IXNFO
snmp-agent target-host trap address udp-domain 192.168.2.2 params securityname cipher IXNFO v2c
snmp-agent trap enable
snmp-agent trap enable feature-name securitytrap
snmp-agent trap enable feature-name dhcp_trap
snmp-agent trap enable feature-name error-down trap-name hwerrordown
snmp-agent trap enable feature-name ldt trap-name hwldtportloop
display snmp-agent trap all
display current-configuration
Example Zabbix trigger:
{ixnfo_com_template:snmptrap[".1.3.6.1.4.1.171.11.113.1.3.2.20.0.3"].nodata(1h)}=0
You can also configure syslog and watch the logs of all switches on the server.
See also my articles:
Examples of Zabbix Triggers
My other articles about Zabbix
Installing Rsyslog + Loganalyzer + MySQL