Craig Small | 1 Apr 02:46 2005
Picon

Re: Problems with new installation (RH 8.0) - PHP not parsing?

On Wed, Mar 30, 2005 at 09:03:53AM -0300, Javier Szyszlican wrote:
> You have to enable it and restart apache for the changes to take effect.
> 
> 90% (or more) of the documentation has been produced by Craig Small (Australian)
> but if you want to make any modifications please let us know.
Yes, if anyone has suggestions or even contributions to the document let
me know.  It's written in LaTeX but even if you send me plain ascii
I can do the conversion.

i'll make a note about the short tags.

--

-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/   MIEE         Debian developer
csmall at : enc.com.au                      ieee.org           debian.org

-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
Jon Azkorra | 1 Apr 09:54 2005
Picon

rrdtool not loaded

Hello,
Yesterday i put a message about this, and i've made some changes but i
still have the same problem.
When i try to visualize an interface event, the next message is shown
"rrdtool not loaded....  by the poller group".
I tried to run the cron jobs manually with "php -q poller.php" and
"php -q poller.php 127.0.0.1" commans as david vidal told me, later i
searched in the rrd tool folder but there was only a .check file.
I also tried to restart the cron, but there were no changes.
Can anyone help me?
THANX
Jon Azkorra

-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
Erno Rigo | 1 Apr 14:30 2005
Picon

snmp_trap_receivers and snmp_table patches ... and a question


Hello!

First of all: Javier: let me congratulate to this fine product. I was quite 
desperate to find a GPLed NMS that allows us to trash HP's OpenView (!) ... 
now we are on the way to achieve our goal.

In the meantime I had the 'oppurtunity' to change a few things in your latest 
release. Attached to my mail comes my patch against 8.0.1 with the following 
two changes:

I.: I had to find a way to recognize different interfaces of our embended 
remote monitoring device. The interfaces are all stored in SNMP tables so i 
wrote a generic snmp_table discovery plugin. This is an excrept from the 
diff:

+  * Generic SNMP table discovery
+  *
+  * Parameters:
+  *
+  *    OID,field,filter,basename
+  *
+  *    Where:
+  *            OID - snmp table base OID
+  *            field - snmp table field to be present (appended to OID)
+  *            filter - PHP evaluative expression to filter table indices 
based the field's value
+  *                     can be used to detect 'active' interfaces only
+  *            basename - base interface name for discovered and filtered 
table entries
(Continue reading)

Francis Boterblom | 1 Apr 14:50 2005
Picon

Bad Authentication Method

Hi all,

 

 

I have installed jffnms on a windows XP machine (I try to) did all the steps according the manual,

 

But when I go to my localhost/jffnms, I get a page saying “Bad Authentication Method”

 

I do not know what I am doing wrong, can you help me?

 

Regards,

 

Francis

Javier Szyszlican | 1 Apr 15:47 2005

Re: New to PHP back again - RRD tool has not been created by the Poller Process yet

Hi Thomas,

Thomas Williams wrote:
> 
> 1. All cron jobs are running confirmed in /var/log/cron

Good, which user is running them?

> 
> 2. I edit the /lib/api.rrdtool.inc.php file and get this error message
> 
> /opt/jffnms-0.8.1/rrdtool-1.0.49/bin/rrdtool graph
> '/opt/jffnms-0.8.1/engine/temp/424c4eea0fbbb.dat' 
> 

Are you completely sure thats all you get?
> 
> 3. I have run the cron jobs manually php-q poller.php and the rrd folder WAS populated with
interface-*.rrd files

That means your PHP/Mysql/SNMP and rrdtool work fine.

> 
> 4. BUT, I mistakenly deleted the rrd folder and recreated it but now even when I run the cron jobs manually
the 
> 	rrd file is not populated.
> 
> 5. As, for permissions jffnms is the owner and group for all files and directories in /opt/jffnms-0.8.1

Just to be sure do this:

# cd /opt
# chown jffnms:jffnms -R jffnms*
# chmod ug+rw -R jffnms*

> 
> Need Solutions:
> 
> 1. How to recreate rrd folder where it is populated at least manually and finally by the cron scripts automatically

# mkdir /opt/jffnms-0.8.1/rrd/

(do this before the chown/chmod commands I put in earlier)

> 
> 2. How to get the cron jobs to populate the rrdtool files to create the graphs

I think your problem is permissions.

cron may not be running the jobs under the jffnms user, so that user doesn't
have write privileges under rrd/.

So, re-create the rrd/ folder, apply the permissions and re check which user is
running the cronjobs.

> 
> Thank you
> 
> Thomas

Also, didn't you install rrdtool from RPM?

Javier

--

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Javier Szyszlican, Project Leader, JFFNMS
javier@...

I hope JFFNMS or I were helpful to you, if you
can, please donate at http://jffnms.org/donate

-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
Javier Szyszlican | 1 Apr 16:14 2005

Re: snmp_trap_receivers and snmp_table patches ... and a question

Hi Erno,

I'm glad you like JFFNMS so much. :)
And thank you very much for contributing this code.
I'm glad someone finally tried to fix the SNMP Trap system.

This seems like a perfect start.
I did a quick look and your code seems clean and usable.

Automatic ACK:

There's no GUI to disable it. But it should only a checkbox and a if in the
events consolidator.

SNMP_TABLE:

I've no problem in including the snmp_table discovery system once you provide an
interface type that uses it.

Also, please download a current -devel, I've included a system (integrated to
snmp_walk) that can reduce the OID (if you wanted to include the oid) to 1 or 2
"." dots. So, you don't need to do the explode(".") and count() stuff to reduce
that, it will simplify the snmp_table file. Look at the cisco PIX discovery
script for an example.

SNMP_TRAP system:

I don't like the idea of receivers->backend like in polling. The receivers idea
is great, the backend part is what I don't like.

My idea is something like this:
 - We get a trap with OID X.
 - Call all receivers that match a regexp for that OID (but break on the first
match),
   and pass them all the varbinds and the OID. (Just like you do now)

   We should have a last resort receiver that will match anything and generate
the unknown trap events. You should include a pos fields in the trap_receivers
table to make it only work if no other receivers exist.

 - The receiver should return a few fields:
	matched   = bool   = if the trap was understood.
	interface = string = interface name
	status	  = string = should be in the alarm_status table
	user	  = string
	info	  = string

	You will see this fields are the ones in the events table.

 - then the system will have only one backed, itself.
   if the matched field is true, then a new event will be inserted using the
provided fields. I see no point in having more than 1 backend. Do you?

I also didn't like the "interface mask" stuff. The receivers should return the
full interface name that the events consolidator will later use to create the
alarms (if needed).

So, in my point of view, you are 80% there.

What do you think?

Javier

Erno Rigo wrote:
> Hello!
> 
> First of all: Javier: let me congratulate to this fine product. I was quite 
> desperate to find a GPLed NMS that allows us to trash HP's OpenView (!) ... 
> now we are on the way to achieve our goal.
> 
> In the meantime I had the 'oppurtunity' to change a few things in your latest 
> release. Attached to my mail comes my patch against 8.0.1 with the following 
> two changes:
> 
> I.: I had to find a way to recognize different interfaces of our embended 
> remote monitoring device. The interfaces are all stored in SNMP tables so i 
> wrote a generic snmp_table discovery plugin. This is an excrept from the 
> diff:
> 
> +  * Generic SNMP table discovery
> +  *
> +  * Parameters:
> +  *
> +  *    OID,field,filter,basename
> +  *
> +  *    Where:
> +  *            OID - snmp table base OID
> +  *            field - snmp table field to be present (appended to OID)
> +  *            filter - PHP evaluative expression to filter table indices 
> based the field's value
> +  *                     can be used to detect 'active' interfaces only
> +  *            basename - base interface name for discovered and filtered 
> table entries
> +  *
> +  * Example:
> +  *
> +  *    1.3.6.1.4.1.2069.1.2.1.1.9.2,1.7,>0,Door Sensor
> +  *
> +  *    This will detect Door Sensors from the table at 
> 1.3.6.1.4.1.2069.1.2.1.1.9.2
> +  *    where eval("1.3.6.1.4.1.2069.1.2.1.1.9.2.1.7.n >0") returns true,
> +  *    the resulting interfaces will be called "Door Sensor [n]" where n is 
> the SNMP table index.
> 
> II.: I had a hard time using "SNMP Trap Rules". I took a look in your TODO 
> list and came up with an idea: SNMP trap receiving is so similar to polling 
> that i've seen it very useful to implement trap receiver frontends using the 
> same backend mechanism you used in the polling configuration. 
> 
> So I implemented "SNMP Trap Receivers" plugins in this way, defined a plugin 
> interface, modified the trap consolidator to launch the plugins, created a 
> mysql db diff for the new receivers table, and implemented one basic receiver 
> plugin called 'state_trap_receiver' witch maps traps to interface alarm 
> states like the snmp_status poller plugin does. An excrept from the diff 
> follows again:
> 
> +  * Receive state type SNMP traps - similar to the poller called snmp_status
> +  *
> +  * Parameters:
> +  *
> +  *    interface_mask,state_variable,state_mappings
> +  *
> +  *    Where:
> +  *            interface_mask - string mask used to determine interface name
> +  *                    the name is then reverse-mapped to find the interface 
> ID
> +  *                    sould contain a substring like "%n%" where n is the
> +  *                    snmp trap variable referring to the interface's number 
> on that host
> +  *            state_variable - the snmp trap variable referring to the 
> interface's state
> +  *                    similar to poller snmp_status
> +  *            state_mappings - state variable alarm mappings in the format 
> of
> +  *                    value1=alarm1[|value2=alarm2[...]] where valueX is a 
> value of
> +  *                    state_variable and alarmY is a valid alarm state 
> defined in
> +  *                    the Alarm States configuration menu
> +  *
> +  * Example (see also discovery/snmp_table.php for a more complete picture):
> +  *
> +  *    Door Sensor %1%,2,1=door closed|2=door recently closed|3=door open|
> 4=door recently open
> +  *
> +  *    This would map snmp trap variable #1 to the interface name, so if 
> variable #1's value
> +  *    is 2, the interface will be looked up as "Door Sensor 2". Then trap 
> variable #2 will
> +  *    be mapped to an alarm state, for example if variable #2's value is 3 
> the returned alarm
> +  *    will be 'door open'.
> +  *
> +  * This trap receiver plugin is designed to be used conjunction with the 
> 'alarm' backend plugin.
> 
> This second modification could be further extended to allow external events 
> different from SNMP traps to be received and processed with the same 
> mechanism. I hope some people will find my patch useful. I'm sure I do... 8)
> 
> And at last but not least: my question.
> 
> I understand that 'down' events on an interface generate an UnAcked entry in 
> the event log and 'up' events on the same interface not only generate another 
> event entry, but also Acks both the previous 'down' event and the freshly 
> created 'up' counterpart also... is there an easy (I mean: GUI) way to 
> disable this feature for some interfaces? I need my users to manually ACK 
> e.g. doorsensor events.
> 

--

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Javier Szyszlican, Project Leader, JFFNMS
javier@...

I hope JFFNMS or I were helpful to you, if you
can, please donate at http://jffnms.org/donate

-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
Buddy Shearer | 1 Apr 18:53 2005

No Events Found

Hello All!
 
Well, since reading so much about this I made the leap.
 
Everything is installed so far.  Customer made, Zones are set, Hosts were created and I can see Interfaces.
 
But there are three items that appear to be strange.  "No Events Found" and Alarms (How do you set them?)
 
My servers have a public SNMP access and that seems to be okay.  But when I go to drill down it says "The RRDTool files for Interface ID 269 (from Host ID 13), has not been created by the Poller Process yet"
 
Any ideas or where to point me?
 
Thanks in advance...
 
Buddy
Thomas Williams | 1 Apr 19:32 2005
Picon

error -RRdtool files for interface

Hello Javier

I have followed your directions completely

1. mkdir/ opt/jffnms-0.8.1/rrd, chown jffnms:jffnms -R jffnms*
# chmod ug+rw -R jffnms*

2. Cron jobs are running as jffnms (data taken from /var/log/cron)

Apr  1 09:19:01 pyramid crond[23553]: (jffnms) CMD (cd $JFFNMS && $PHP -
q consol idate.php >/dev/null 2>&1)
Apr  1 09:20:01 pyramid crond[23559]: (jffnms) CMD (cd $JFFNMS && sh
tmpwatch.sh  $JFFNMS >/dev/null 2>&1)
Apr  1 09:20:01 pyramid crond[23560]: (jffnms) CMD (cd $JFFNMS && $PHP -
q consol idate.php >/dev/null 2>&1)
Apr  1 09:20:01 pyramid crond[23561]: (jffnms) CMD (cd $JFFNMS && $PHP -
q poller .php >/dev/null 2>&1)

3. I installed the rrdtool from binaries not RPM, should I install from
an RPM, but it worked before manually?

4. jffnms owns all directories and files in /opt/jffnms-0.8.1

I am still getting the same error

/usr/local/rrdtool-1.0.48/bin/rrdtool graph
'/opt/jffnms-0.8.1/engine/temp/42432f35777a5.dat' 
Array
(
    [0] => ERROR: can't make a graph without contents
)
1

The RRDTool files for Interface ID 37 (from Host ID 3), has not been
created by the Poller Process yet

What should I try next?  this is so close to working.

I feel if I can just get thru this the API will work just fine.

Thomas

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
Paul Stewart | 1 Apr 19:47 2005

Email

Hi there...

Since we upgraded to 0.8.1 our email notification hasn't worked.. where 
do I look to see why?  When I check the mail log (sendmail) I get daily 
reports and everything fine from the server, just nothing from JFFNMS

Thanks,

Paul

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
Javier Szyszlican | 1 Apr 19:53 2005

Re: Email

Hi Paul,

You could try to set the "From" field in the action parameters in your trigger
definition.

Or modify line 99 of lib/api.triggers.inc.php to read:

if (($pair[0]=="from") && (!empty($pair[1]))) $parameters_array[$pair[0]]="";

That is already included for release in the next version.

Hope that helps.

Javier

Paul Stewart wrote:
> Hi there...
> 
> Since we upgraded to 0.8.1 our email notification hasn't worked.. where
> do I look to see why?  When I check the mail log (sendmail) I get daily
> reports and everything fine from the server, just nothing from JFFNMS
> 
> Thanks,
> 
> Paul
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> jffnms-users mailing list
> jffnms-users@...
> https://lists.sourceforge.net/lists/listinfo/jffnms-users

--

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Javier Szyszlican, Project Leader, JFFNMS
javier@...

I hope JFFNMS or I were helpful to you, if you
can, please donate at http://jffnms.org/donate

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Gmane