On 6 June 2012 10:16, Chayvialle, Daniel (External)
<daniel.chayvialle.exter...@cassidian.com> wrote:
> Here is what I modified in /etc/default/snmp:
>
> %diff /etc/default/snmpd /etc/default/snmpd.org ~
> 11,14c11
> < SNMPDOPTS='-M /var/lib/mibs/ietf:/home/daniel/.snmp/mibs -m
> SNMPv2-SMI:TCS-MIB -LS7d
> -Dagent_handler,disman:event::mib,disman:expr::mib,disman:expr::val,expScalars,fixup_mib_directory,get_mib_directory,perl,snmp_agent,snmpd,snmpv3
> -Lf /var/log/snmpd -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
> ---
>> SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
>
> This merely was an attempt to get any useful log, which did not succeed, at
> least to my understanding
OK - so (ignoring the commented out entries):
- you've switched from logging via syslog, to log directly to a
file. (-Lsd vs -Lf)
- you've explicitly set the MIB directories to search (-M)
- you've explicitly set the only MIB files to load (-m)
- you're setting a whole list of debug tokens to log
If this isn't getting you anything useful, I would suggest that you
revert to the
original invocation.
> Here is my /etc/snmp/snmp.conf
>
> #mibs :
> mibs +SNMPv2-SMI:TCS-MIB
Well, the SNMPv2-SMI is unnecessary, since this is loaded (or at least
handled) by default. Stick with the simple
mibs +TCS-MIB
Where does this MIB come from?
> Here are the changes I made to /etc/snmp/snmpd.conf
>
> % sudo diff /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org ~
> 186,195d185
> < #DC/20120525: ajout d'un agent TCS-MIB
> < doDebugging 1
> < disablePerl false
> < pass 1.3.6.1.4.1.16304.3665 /usr/bin/perl
> /home/daniel/.snmp/mibs/tcs-agent-module.pl
> < perl 'do /home/daniel/.snmp/mibs/tcs-agent-module.pl';
Hmm.... there seems to be some confusion here.
Is this script a "pass" script, or a sub-agent-style script?
I'd expect to see one or the other of these two lines - but not both.
> < #DC/20120525: fin ajout
What are the access control settings in this file?
>
> These are various attempts to get the agent
>
> Here is the output when I walk iso
>
> % snmpwalk -v1 -c public localhost iso
> ~
> SNMPv2-MIB::sysDescr.0 = STRING: Linux debian 2.6.32-5-686 #1 SMP Mon Mar 26
> 05:20:33 UTC 2012 i686
> SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (5429948) 15:04:59.48
:
> SNMPv2-MIB::sysORUpTime.8 = Timeticks: (10) 0:00:00.10
> HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (287043) 0:47:50.43
:
> HOST-RESOURCES-MIB::hrSystemMaxProcesses.0 = INTEGER: 0
> End of MIB
In other words, you can *only* see the system group.
What are the access control settings in your snmpd.conf file?
Have a look at the FAQ entry
"I can see the system group, but nothing else. Why?"
> % snmpget -v1 -c public localhost 1.3.6.1.4.1.8072
> ~
> Error in packet
> Reason: (noSuchName) There is no such variable name in this MIB.
> Failed object: NET-SNMP-MIB::netSnmp
That will always fail.
You can only use "snmpget" on individual instances - i.e. the exact
variable names listed by "snmpwalk" or similar.
> ...even though it appears when I translate the whole tree
>
> % snmptranslate -Tt | grep netSnmp ~
> netSnmp(8072) type=24
> netSnmpObjects(1) type=0
> netSnmpExtendMIB(1) type=24
> netSnmpVacmMIB(9) type=24
> netSnmpExamples(2) type=24
> netSnmpExampleScalars(1) type=0
> netSnmpExampleInteger(1) type=16
> netSnmpExampleSleeper(2) type=16
> netSnmpExampleString(3) type=2 tc=49 hint=255t
> netSnmpExampleTables(2) type=0
> <and about 30 more lines>
The netSnmp object is a perfectly valid object. But it's an internal
structural object - acting as the root of a tree. It doesn't have a value
directly associated with it.
> But the following does not work:
>
> % snmptranslate -Tl netSnmp ~
> netSnmp: Unknown Object Identifier (Sub-id not found: (top) -> netSnmp)
snmptranslate is a relatively unusual command, in that by default it requires
an absolute object name - either a full path
(.iso.org.dod.internet.private.enterprises.netSnmp)
or qualified by the name of the MIB (NET-SNMP-MIB::netSnmp)
Try adding the option '-IR' to enable "random lookup"
snmptranslate -Tl -IR netSnmp
should work OK.
> Here is what I currently get for snmpget
>
> % snmpget -v1 -c public localhost sysDescr.0 ~
> SNMPv2-MIB::sysDescr.0 = STRING: Linux debian 2.6.32-5-686 #1 SMP Mon Mar 26
> 05:20:33 UTC 2012 i686
> % snmpget -v1 -c public localhost netSnmp ~
> Error in packet
> Reason: (noSuchName) There is no such variable name in this MIB.
> Failed object: NET-SNMP-MIB::netSnmp
Yes - that's correct.
> % snmpget -v1 -c public localhost tcs.0 ~
> tcs.0: Unknown Object Identifier (Sub-id not found: (top) -> tcs)
> % snmpget -v1 -c public localhost tcsTestString.0 ~
> tcsTestString.0: Unknown Object Identifier (Sub-id not found: (top) ->
> tcsTestString)
What does the TCS-MIB look like?
Where have you installed it?
> Here is what I currently get for snmpgetnext and snmpwalk:
>
> % snmpgetnext -v1 -c public localhost tcs ~
> tcs: Unknown Object Identifier (Sub-id not found: (top) -> tcs)
> % snmpwalk -v1 -c public localhost tcs ~
> tcs: Unknown Object Identifier (Sub-id not found: (top) -> tcs)
If snmpget does not understand the MIB object name, then the
other commands won't either.
> Here is what I currently get for snmptranslate:
>
> % snmptranslate -Td tcs ~
> tcs: Unknown Object Identifier (Sub-id not found: (top) -> tcs)
> % snmptranslate -Td netSnmp ~
> netSnmp: Unknown Object Identifier (Sub-id not found: (top) -> netSnmp)
> % snmptranslate -Td sysDescr ~
> sysDescr: Unknown Object Identifier (Sub-id not found: (top) -> sysDescr)
Don't worry about snmptranslate. It's much fussier than the other tools.
(See above)
> I also tried recompiling the last sources (5.7.1) yesterday evening,
I wouldn't worry about recompiling sources.
Given that you're extending the agent using perl scripts, this
shouldn't be necessary.
Concentrate on:
- first getting the access control sorted, so that you can query
the full agent
(not just the system group)
- getting the TCS-MIB loading properly, so that you can refer to
'tcs' successfully
- sorting out the perl extension - decide which approach you want to use,
and stick to that (rather than mixing the two).
Then - and only then - is it worth worrying about whether your
extension works or not.
Dave
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
