Me: > v5.5 snmptrapd successfully logs V2C traps from this agent, but I > can't get it to log V3 traps from the same agent.
I am able to glean more by adding this to the snmp.conf file associated with my workstation/trap recipient net-snmp installation: dumpPacket yes doDebugging 1 Now my snmptrapd.log contains a lot of useful information. snmptrapd is indeed receiving trap packets from my agent, but is dropping them due to failed authorization (despite my setting the V3 user level to "noauth" on both the agent and trap listener). I included a snmptrapd.log excerpt showing reception & rejection of one nsNotifyShutdown trap at the end of this message. I seem to be violating some aspects of the VACM on the trap sending and/or receiving sides. I have tried various user permutations on both agent and trapd sides, including the latest: [trapd] authUser log,execute,net -s usm trapuser1 noauth [agent] rouser -s usm trapuser1 noauth but I can't seem to make the VACM authorization happy. Does the log capture give anybody any ideas? Thanks, Ron Received 90 bytes from UDP: [192.168.1.208]:32894->[0.0.0.0] 0000: 30 58 02 01 01 04 00 A7 51 02 04 69 E4 A9 1C 02 0X.....§Q..iä©.. 0016: 01 00 02 01 00 30 43 30 0F 06 08 2B 06 01 02 01 .....0C0...+.... 0032: 01 03 00 43 03 00 81 3B 30 18 06 0A 2B 06 01 06 ...C...;0...+... 0048: 03 01 01 04 01 00 06 0A 2B 06 01 04 01 BF 08 04 ........+....¿.. 0064: 00 02 30 16 06 0A 2B 06 01 06 03 01 01 04 03 00 ..0...+......... 0080: 06 08 2B 06 01 04 01 BF 08 04 ..+....¿.. dumpx_recv:02 01 01 dumpv_recv: Integer: 1 (0x01) trace: ..\..\snmplib\snmp_api.c, 4238: snmp_api: Parsing SNMPv2 message... trace: ..\..\snmplib\snmp_api.c, 4248: dumph_recv: SNMPv2c message trace: ..\..\snmplib\snmp_auth.c, 135: dumph_recv: SNMP version dumpx_recv: 02 01 01 dumpv_recv: Integer: 1 (0x01) trace: ..\..\snmplib\snmp_auth.c, 147: dumph_recv: community string dumpx_recv: 04 00 dumpv_recv: String: trace: ..\..\snmplib\snmp_api.c, 4294: dumph_recv: PDU trace: ..\..\snmplib\snmp_api.c, 4514: dumpv_recv: Command TRAP2 trace: ..\..\snmplib\snmp_api.c, 4595: dumph_recv: request_id dumpx_recv: 02 04 69 E4 A9 1C dumpv_recv: Integer: 1776593180 (0x69E4A91C) trace: ..\..\snmplib\snmp_api.c, 4606: dumph_recv: error status dumpx_recv: 02 01 00 dumpv_recv: Integer: 0 (0x00) trace: ..\..\snmplib\snmp_api.c, 4617: dumph_recv: error index dumpx_recv: 02 01 00 dumpv_recv: Integer: 0 (0x00) trace: ..\..\snmplib\snmp_api.c, 4635: dumph_recv: VarBindList trace: ..\..\snmplib\snmp_api.c, 4665: dumph_recv: VarBind trace: ..\..\snmplib\snmp.c, 166: dumph_recv: Name dumpx_recv: 06 08 2B 06 01 02 01 01 03 00 dumpv_recv: ObjID: DISMAN-EVENT-MIB::sysUpTimeInstance trace: ..\..\snmplib\snmp_api.c, 4674: dumph_recv: Value dumpx_recv: 43 03 00 81 3B dumpv_recv: UInteger: 33083 (0x813B) trace: ..\..\snmplib\snmp_api.c, 4665: dumph_recv: VarBind trace: ..\..\snmplib\snmp.c, 166: dumph_recv: Name dumpx_recv: 06 0A 2B 06 01 06 03 01 01 04 01 00 dumpv_recv: ObjID: SNMPv2-MIB::snmpTrapOID.0 trace: ..\..\snmplib\snmp_api.c, 4674: dumph_recv: Value dumpx_recv: 06 0A 2B 06 01 04 01 BF 08 04 00 02 dumpv_recv: ObjID: NET-SNMP-AGENT-MIB::nsNotifyShutdown trace: ..\..\snmplib\snmp_api.c, 4665: dumph_recv: VarBind trace: ..\..\snmplib\snmp.c, 166: dumph_recv: Name dumpx_recv: 06 0A 2B 06 01 06 03 01 01 04 03 00 dumpv_recv: ObjID: SNMPv2-MIB::snmpTrapEnterprise.0 trace: ..\..\snmplib\snmp_api.c, 4674: dumph_recv: Value dumpx_recv: 06 08 2B 06 01 04 01 BF 08 04 dumpv_recv: ObjID: NET-SNMP-MIB::netSnmpNotificationPrefix trace: ..\..\snmplib\snmp_api.c, 5416: sess_process_packet: received message id#0 reqid#1776593180 trace: ..\..\apps\snmptrapd_handlers.c, 955: snmptrapd: input: a7 trace: ..\..\apps\snmptrapd_handlers.c, 1013: snmptrapd: Trap OID: NET-SNMP-AGENT-MIB::nsNotifyShutdown trace: ..\..\apps\snmptrapd_handlers.c, 1039: snmptrapd: Running auth trap handlers trace: ..\..\apps\snmptrapd_auth.c, 166: snmptrapd:auth: Comparing auth types: result=0, request=0, result=1 trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 0:read trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 1:write trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 2:notify trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 3:log trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 4:execute trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 5:net trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 6:(null) trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 118: snmptrapd:auth: Calling VACM for checking phase 7:(null) trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1284: mibII/vacm_vars: NULL communitytrace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1290: mibII/vacm_vars: vacm_in_view: ver=1, community=NULL trace: ..\..\snmplib\snmpUDPDomain.c, 1172: netsnmp_udp_getSecName: no com2sec entries trace: ..\..\agent\mibgroup\mibII\vacm_conf.c, 1388: mibII/vacm_vars: vacm_in_view: No security name found trace: ..\..\apps\snmptrapd_auth.c, 126: snmptrapd:auth: result: not authorized trace: ..\..\apps\snmptrapd_auth.c, 129: snmptrapd:auth: Final bitmask auth: 0 trace: ..\..\apps\snmptrapd_auth.c, 142: snmptrapd:auth: Dropping unauthorized message The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting all copies. Thank you. ------------------------------------------------------------------------------ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
