>>>>> On Tue, 29 Nov 2005 09:53:37 -0800 (PST), "David T. Perkins" <[EMAIL >>>>> PROTECTED]> said:
David> Well, I certainly disagree with this! If the security level is David> "noAuthNoPriv" then I believe that notifications should be David> "accepted", but put in a "different" pile. For notifications David> with security level of "authNoPriv" (and even "authPriv") where David> there is no user, the "keys don't match", or the "clocks don't David> match", I believe that they should be put in yet another pile. You can have different things happen for different security levels. However, we do drop packets from unconfigured communities/users now. In fact, USM has always dropped unconfigured users (it's in the RFC that if you don't have it in your user database you're supposed to drop it regardless of the security level). It is possible, now, though to specify that un-protected (noAuthNoPriv equivalent) isn't allowed to do as much. That's your "different pile". David> My motivation is that I believe that most of the time that the David> "unacceptable" notifications are due to misconfiguration of David> configuration data and not due to an attack, and the save David> information is both useful in fixing the misconfiguration and David> have useful "event information". Run with -Dusm to get messages that were dropped because of a lack of USM users existing. Running with -Dvacm,usm,snmptrapd:auth will probably give you the information you're looking for and could be considered "another pile". -- Wes Hardaker Sparta, Inc. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
