SNMP table question
Greetings,
I inherited an SNMP table with the following definition. Before I open my mouth
and complain and make a fool of myself, I would like to know from the experts
that the table definition is correct and perhaps it is the way I used mib2c to
compile it that is the problem. BTW, I used mib2c.iterate_access.conf.
Thanks,
Mostafa
TableEntry ::= SEQUENCE {
rowIndex Integer32 not-accessible
column1 Integer32 read-create
column2 Integer32 read-create
column3 Integer32 read-create
column4 Integer32 read-create
column5 Integer32 read-only
column6 Integer32 read-only
column7 Integer32 read-only
column8 Integer32 read-only
column9 Integer32 read-only
column10Integer32 read-only
tableRowStatus RowStatus}
Would the SNMP manager be able to create table rows based on the
above-mentioned table definition knowing that some columns are read only?
If I execute the bash script listed below to set row 1 create-read columns only
($snmpV3Params contains all snmpV3 required authentication and privacy
parameters), I only get an error with the last statement that performs the
create and go. I am guessing that the read only columns are causing the problem.
Error in packet.
Reason: inconsistentValue (The set value is illegal or unsupported in some way)
Failed object: set tableRowStatus.1
/* The last part of the bash script
**/
set()
{
snmpset $snmpV3Params $ip "$@"
}
# Delete row 1
set tableRowStatus.1 i 6
# Populate the columns that can be created
set column1.1 i 1
set column2.1 i 32
set column3.1 i 1
set column4.1 i 2
# create & go
set tableRowStatus.1 i 4
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
How to compile table nodes for tables that don't have a rowStatus entry?
Greetings, I have a MIB file with several tables, some of them have rowStatus entries, some of them don't have rowStatus entries. I used mb2c on all the tables with mib2c.iterate.conf configuration file since the data is external to the agent. I have no problem with the tables that have the rowStatus entry, they are working fine. When trying to set a table row in tables with no rowStatus, I get an error stating: oid failed during SNMP set operation (no creation). My question is, is mib2c.iterate.conf configuration file is the proper configuration to generate the C files for tables without rowStatus entry? If not, which configuration file is suitable to use with tables with no rowStatus? Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Seeing duplicate authentication traps
Greetings, We are testing the authentication failure trap and trying to login with wrong credentials every second. However, for every login, we receive 2 traps. Any idea how to remedy this and only get one trap? Thanks, 12:21:15 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2724) 0:00:27.24 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:15 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2724) 0:00:27.24 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:16 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2832) 0:00:28.32 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:16 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2833) 0:00:28.33 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 Mostafa Kassem ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: AgentX reconnect time
Thank you, sir. You are a gentleman and a scholar.
I am using 5.8
All the best,
Mostafa
From: Anders Wallin
Sent: Friday, February 22, 2019 2:56 AM
To: Mostafa Kassem
Cc: net-snmp-users@lists.sourceforge.net
Subject: Re: AgentX reconnect time
It's not working in 5.7.3 either and w/o the possibility to us "-c" option for
the agent.
So it's broken!!
Regards
Anders Wallin
On Fri, Feb 22, 2019 at 7:44 AM Anders Wallin
mailto:walli...@gmail.com>> wrote:
Hi Mostafa,
which version of net-snmp are you using?
In 5.8 you can use the "-c" option which works, but I also found a bug in it
using the default paths
# ./mysubagent -h
USAGE: ./mysubagent [OPTIONS]
OPTIONS:
-c FILE[,...] read FILE(s) as configuration file(s)
-Cdo not read the default configuration files
# cat agentx.conf
[snmp] logTimestamp 1
agentXPingInterval 5
# ./mysubagent -C -c agentx.conf -f -x /var/agentx/master
2019-02-22 07:23:40 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
2019-02-22 07:23:45 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
2019-02-22 07:23:50 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
The name of the agentx config file can be agentx.conf or agentx.local.conf and
it should be in one of this directories
$HOME/.snmp
/usr/etc/snmp
/usr/lib/snmp
/usr/share/snmp
/var/lib/net-snmp
or you can use the SNMPCONFPATH
AND HERE comes the bug!! Using SNMPCONFPATH or the default path, you will get
"Warning: Unknown token: agentXPingInterval." and the timeout will be set to
the default value of 15.
I will file a bug on this!
# SNMPCONFPATH=$PWD ./mysubagent -f -x /var/agentx/master
2019-02-22 07:37:22 /root/snmp-test/agentx.conf: line 2: Warning: Unknown
token: agentXPingInterval.
2019-02-22 07:37:22 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
2019-02-22 07:37:37 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
# cp agentx.conf $HOME/.snmp/
# ./mysubagent -f -x /var/agentx/master
2019-02-22 07:41:39 /root/.snmp/agentx.conf: line 2: Warning: Unknown token:
agentXPingInterval.
2019-02-22 07:41:39 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
2019-02-22 07:41:54 Warning: Failed to connect to the agentx master agent
(/var/agentx/master):
I will check 5.7.3 and be back with more information
Regards
Anders Wallin
On Thu, Feb 21, 2019 at 10:43 PM Mostafa Kassem
mailto:mosta...@danlawinc.com>> wrote:
Thank you for your reply, Anders.
I created an agentx.conf file with this single line:
agentxPingInterval 5
I tried putting agentx.conf into one the following directories to no avail:
/var/agentx/
/var/snmp/
Var/net-snmp/
Where should the agentx.conf file go? I did a search on this topic and couldn’t
find an answer.
It is still 15 seconds of disconnection.
Thanks again,
Mostafa
From: Anders Wallin mailto:walli...@gmail.com>>
Sent: Thursday, February 21, 2019 2:57 AM
To: Mostafa Kassem mailto:mosta...@danlawinc.com>>
Cc:
net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net>
Subject: Re: AgentX reconnect time
Hi Mostafa,
you need to set it in the config file for your agentx(e.g agentx.conf), not in
snmpd.conf
Regards
Anders Wallin
On Thu, Feb 21, 2019 at 1:22 AM Mostafa Kassem
mailto:mosta...@danlawinc.com>> wrote:
When we restart the snmpd, the agent detects that the snmpd is no longer
running and disconnects, waits 15 seconds and then connects to the snmpd again.
AgentX master disconnected us, reconnecting in 15
I would like to reduce this time to 5 seconds.
Is this time specifieded in agentXPingInterval as described here?
http://www.net-snmp.org/docs/man/snmpd.conf.html
However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error:
/var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval.
I found this code in agentx_config.c which leads me to believe that this value
is hardcoded and not set in any configuration file. So changing it requires
editing and recompile of the code.
#ifdef USING_AGENTX_SUBAGENT_MODULE
/*
* tokens for master agent
*/
if (SUB_AGENT == agent_role) {
/*
* set up callbacks to initiate master agent pings for this session
*/
netsnmp_ds_register_config(ASN_INTEGER,
netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_APPTYPE),
"agentxPingInterval",
NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL);
/* ping and/or reconnect by default every 15 seconds */
netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTER
RE: AgentX reconnect time
Thank you for your reply, Anders.
I created an agentx.conf file with this single line:
agentxPingInterval 5
I tried putting agentx.conf into one the following directories to no avail:
/var/agentx/
/var/snmp/
Var/net-snmp/
Where should the agentx.conf file go? I did a search on this topic and couldn’t
find an answer.
It is still 15 seconds of disconnection.
Thanks again,
Mostafa
From: Anders Wallin
Sent: Thursday, February 21, 2019 2:57 AM
To: Mostafa Kassem
Cc: net-snmp-users@lists.sourceforge.net
Subject: Re: AgentX reconnect time
Hi Mostafa,
you need to set it in the config file for your agentx(e.g agentx.conf), not in
snmpd.conf
Regards
Anders Wallin
On Thu, Feb 21, 2019 at 1:22 AM Mostafa Kassem
mailto:mosta...@danlawinc.com>> wrote:
When we restart the snmpd, the agent detects that the snmpd is no longer
running and disconnects, waits 15 seconds and then connects to the snmpd again.
AgentX master disconnected us, reconnecting in 15
I would like to reduce this time to 5 seconds.
Is this time specifieded in agentXPingInterval as described here?
http://www.net-snmp.org/docs/man/snmpd.conf.html
However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error:
/var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval.
I found this code in agentx_config.c which leads me to believe that this value
is hardcoded and not set in any configuration file. So changing it requires
editing and recompile of the code.
#ifdef USING_AGENTX_SUBAGENT_MODULE
/*
* tokens for master agent
*/
if (SUB_AGENT == agent_role) {
/*
* set up callbacks to initiate master agent pings for this session
*/
netsnmp_ds_register_config(ASN_INTEGER,
netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_APPTYPE),
"agentxPingInterval",
NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL);
/* ping and/or reconnect by default every 15 seconds */
netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL, 15);
}
#endif /* USING_AGENTX_SUBAGENT_MODULE */
Thanks,
Mostafa
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net<mailto:Net-snmp-users@lists.sourceforge.net>
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
AgentX reconnect time
When we restart the snmpd, the agent detects that the snmpd is no longer
running and disconnects, waits 15 seconds and then connects to the snmpd again.
AgentX master disconnected us, reconnecting in 15
I would like to reduce this time to 5 seconds.
Is this time specifieded in agentXPingInterval as described here?
http://www.net-snmp.org/docs/man/snmpd.conf.html
However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error:
/var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval.
I found this code in agentx_config.c which leads me to believe that this value
is hardcoded and not set in any configuration file. So changing it requires
editing and recompile of the code.
#ifdef USING_AGENTX_SUBAGENT_MODULE
/*
* tokens for master agent
*/
if (SUB_AGENT == agent_role) {
/*
* set up callbacks to initiate master agent pings for this session
*/
netsnmp_ds_register_config(ASN_INTEGER,
netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
NETSNMP_DS_LIB_APPTYPE),
"agentxPingInterval",
NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL);
/* ping and/or reconnect by default every 15 seconds */
netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL, 15);
}
#endif /* USING_AGENTX_SUBAGENT_MODULE */
Thanks,
Mostafa
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem sending traps
Greetings,
Our trap sink parameters are modified per 2 MIB entries, one for the IP address
and one for the port.
We would like to set the trap sink programmatically on powerup and when we
receive an snmp request.
On powerup and every time we receive a request to change the trap sink IP
address or port, we parse the snmpd.conf file to get the username,
authentication and privacy protocols and passwords. Our snmpd.conf file looks
like this:
# setup authorization
CreateUser myUserName SHA "myAuthenticationPassword" AES " myPrivacyPassword "
rwuser myUserName authPriv
# include Agentx setup
master agentx
authtrapenable 1
And our code to set the trap session on power up, is written in C++ and is as
follows:
bool TrapSession::createSnmpV3TrapSession()
{
std::stringstream connectingString;
netsnmp_session session, *sesp;
memset(, 0, sizeof(netsnmp_session));
snmp_sess_init (); // Set up defaults
session.version = SNMP_VERSION_3;
// Peer name
std::stringstream connectionString;
connectionString << "udp6:[" << ipV6AddressAsString << "]:" << sinkPort;
session.peername = strdup(connectionString.str().c_str());
// set the SNMPV3 user name
session.securityName = strdup( userName.c_str());
session.securityNameLen = strlen(userName.c_str());
// Security
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
session.securityModel = SNMP_SEC_MODEL_USM;
// Authentication Protocol
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
session.securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol,
USM_AUTH_PROTO_SHA_LEN);
session.securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(const uint8_t *) authenticationPassword.c_str(),
authenticationPassword.length(),
session.securityAuthKey,
) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating authentication KU for authentication
password: " << authenticationPassword);
return false;
}
// Privacy Protocol
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
session.securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol,
USM_PRIV_PROTO_AES_LEN);
session.securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(const uint8_t *)privacyPassword.c_str(),
privacyPassword.length(),
session.securityPrivKey,
) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating privacy KU for privacy password: " <<
privacyPassword);
return false;
}
// open the session
sesp = snmp_open();
if (!sesp) {
LOG_ERROR("Unable to open a trap session to: " << session.peername << "
with user: " << userName);
throw std::runtime_error("Unable to open SNMP session!");
return false;
}
add_trap_session(sesp, SNMP_MSG_TRAP2, FALSE, SNMP_VERSION_3);
return true;
}
However, we are getting this error: [SNMP 3] : snmpd: send_trap: USM unknown
security name (no such user exists)
What are we doing wrong?
If we add this line to the snmpd.conf and not use the above-mentioned code, we
have no problem sending traps.
trapsess -v 3 -u myUserName -l authPriv -a SHA -A " myAuthenticationPassword "
-x AES -X " myPrivacyPassword " udp6:[2001:bb::f8]:162
Thanks,
Mostafa
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
