SNMP table question
Greetings, I inherited an SNMP table with the following definition. Before I open my mouth and complain and make a fool of myself, I would like to know from the experts that the table definition is correct and perhaps it is the way I used mib2c to compile it that is the problem. BTW, I used mib2c.iterate_access.conf. Thanks, Mostafa TableEntry ::= SEQUENCE { rowIndex Integer32 not-accessible column1 Integer32 read-create column2 Integer32 read-create column3 Integer32 read-create column4 Integer32 read-create column5 Integer32 read-only column6 Integer32 read-only column7 Integer32 read-only column8 Integer32 read-only column9 Integer32 read-only column10Integer32 read-only tableRowStatus RowStatus} Would the SNMP manager be able to create table rows based on the above-mentioned table definition knowing that some columns are read only? If I execute the bash script listed below to set row 1 create-read columns only ($snmpV3Params contains all snmpV3 required authentication and privacy parameters), I only get an error with the last statement that performs the create and go. I am guessing that the read only columns are causing the problem. Error in packet. Reason: inconsistentValue (The set value is illegal or unsupported in some way) Failed object: set tableRowStatus.1 /* The last part of the bash script **/ set() { snmpset $snmpV3Params $ip "$@" } # Delete row 1 set tableRowStatus.1 i 6 # Populate the columns that can be created set column1.1 i 1 set column2.1 i 32 set column3.1 i 1 set column4.1 i 2 # create & go set tableRowStatus.1 i 4 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
How to compile table nodes for tables that don't have a rowStatus entry?
Greetings, I have a MIB file with several tables, some of them have rowStatus entries, some of them don't have rowStatus entries. I used mb2c on all the tables with mib2c.iterate.conf configuration file since the data is external to the agent. I have no problem with the tables that have the rowStatus entry, they are working fine. When trying to set a table row in tables with no rowStatus, I get an error stating: oid failed during SNMP set operation (no creation). My question is, is mib2c.iterate.conf configuration file is the proper configuration to generate the C files for tables without rowStatus entry? If not, which configuration file is suitable to use with tables with no rowStatus? Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Seeing duplicate authentication traps
Greetings, We are testing the authentication failure trap and trying to login with wrong credentials every second. However, for every login, we receive 2 traps. Any idea how to remedy this and only get one trap? Thanks, 12:21:15 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2724) 0:00:27.24 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:15 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2724) 0:00:27.24 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:16 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2832) 0:00:28.32 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 12:21:16 (TRAP2, SNMP v3, user myRwUser, context ) TRAP 0.0 (Cold Start) from UDP/IPv6: [2001:bb::150]:38107, binded variables: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2833) 0:00:28.33 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::authenticationFailure SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 Mostafa Kassem ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: AgentX reconnect time
Thank you, sir. You are a gentleman and a scholar. I am using 5.8 All the best, Mostafa From: Anders Wallin Sent: Friday, February 22, 2019 2:56 AM To: Mostafa Kassem Cc: net-snmp-users@lists.sourceforge.net Subject: Re: AgentX reconnect time It's not working in 5.7.3 either and w/o the possibility to us "-c" option for the agent. So it's broken!! Regards Anders Wallin On Fri, Feb 22, 2019 at 7:44 AM Anders Wallin mailto:walli...@gmail.com>> wrote: Hi Mostafa, which version of net-snmp are you using? In 5.8 you can use the "-c" option which works, but I also found a bug in it using the default paths # ./mysubagent -h USAGE: ./mysubagent [OPTIONS] OPTIONS: -c FILE[,...] read FILE(s) as configuration file(s) -Cdo not read the default configuration files # cat agentx.conf [snmp] logTimestamp 1 agentXPingInterval 5 # ./mysubagent -C -c agentx.conf -f -x /var/agentx/master 2019-02-22 07:23:40 Warning: Failed to connect to the agentx master agent (/var/agentx/master): 2019-02-22 07:23:45 Warning: Failed to connect to the agentx master agent (/var/agentx/master): 2019-02-22 07:23:50 Warning: Failed to connect to the agentx master agent (/var/agentx/master): The name of the agentx config file can be agentx.conf or agentx.local.conf and it should be in one of this directories $HOME/.snmp /usr/etc/snmp /usr/lib/snmp /usr/share/snmp /var/lib/net-snmp or you can use the SNMPCONFPATH AND HERE comes the bug!! Using SNMPCONFPATH or the default path, you will get "Warning: Unknown token: agentXPingInterval." and the timeout will be set to the default value of 15. I will file a bug on this! # SNMPCONFPATH=$PWD ./mysubagent -f -x /var/agentx/master 2019-02-22 07:37:22 /root/snmp-test/agentx.conf: line 2: Warning: Unknown token: agentXPingInterval. 2019-02-22 07:37:22 Warning: Failed to connect to the agentx master agent (/var/agentx/master): 2019-02-22 07:37:37 Warning: Failed to connect to the agentx master agent (/var/agentx/master): # cp agentx.conf $HOME/.snmp/ # ./mysubagent -f -x /var/agentx/master 2019-02-22 07:41:39 /root/.snmp/agentx.conf: line 2: Warning: Unknown token: agentXPingInterval. 2019-02-22 07:41:39 Warning: Failed to connect to the agentx master agent (/var/agentx/master): 2019-02-22 07:41:54 Warning: Failed to connect to the agentx master agent (/var/agentx/master): I will check 5.7.3 and be back with more information Regards Anders Wallin On Thu, Feb 21, 2019 at 10:43 PM Mostafa Kassem mailto:mosta...@danlawinc.com>> wrote: Thank you for your reply, Anders. I created an agentx.conf file with this single line: agentxPingInterval 5 I tried putting agentx.conf into one the following directories to no avail: /var/agentx/ /var/snmp/ Var/net-snmp/ Where should the agentx.conf file go? I did a search on this topic and couldn’t find an answer. It is still 15 seconds of disconnection. Thanks again, Mostafa From: Anders Wallin mailto:walli...@gmail.com>> Sent: Thursday, February 21, 2019 2:57 AM To: Mostafa Kassem mailto:mosta...@danlawinc.com>> Cc: net-snmp-users@lists.sourceforge.net<mailto:net-snmp-users@lists.sourceforge.net> Subject: Re: AgentX reconnect time Hi Mostafa, you need to set it in the config file for your agentx(e.g agentx.conf), not in snmpd.conf Regards Anders Wallin On Thu, Feb 21, 2019 at 1:22 AM Mostafa Kassem mailto:mosta...@danlawinc.com>> wrote: When we restart the snmpd, the agent detects that the snmpd is no longer running and disconnects, waits 15 seconds and then connects to the snmpd again. AgentX master disconnected us, reconnecting in 15 I would like to reduce this time to 5 seconds. Is this time specifieded in agentXPingInterval as described here? http://www.net-snmp.org/docs/man/snmpd.conf.html However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error: /var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval. I found this code in agentx_config.c which leads me to believe that this value is hardcoded and not set in any configuration file. So changing it requires editing and recompile of the code. #ifdef USING_AGENTX_SUBAGENT_MODULE /* * tokens for master agent */ if (SUB_AGENT == agent_role) { /* * set up callbacks to initiate master agent pings for this session */ netsnmp_ds_register_config(ASN_INTEGER, netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_APPTYPE), "agentxPingInterval", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL); /* ping and/or reconnect by default every 15 seconds */ netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTER
RE: AgentX reconnect time
Thank you for your reply, Anders. I created an agentx.conf file with this single line: agentxPingInterval 5 I tried putting agentx.conf into one the following directories to no avail: /var/agentx/ /var/snmp/ Var/net-snmp/ Where should the agentx.conf file go? I did a search on this topic and couldn’t find an answer. It is still 15 seconds of disconnection. Thanks again, Mostafa From: Anders Wallin Sent: Thursday, February 21, 2019 2:57 AM To: Mostafa Kassem Cc: net-snmp-users@lists.sourceforge.net Subject: Re: AgentX reconnect time Hi Mostafa, you need to set it in the config file for your agentx(e.g agentx.conf), not in snmpd.conf Regards Anders Wallin On Thu, Feb 21, 2019 at 1:22 AM Mostafa Kassem mailto:mosta...@danlawinc.com>> wrote: When we restart the snmpd, the agent detects that the snmpd is no longer running and disconnects, waits 15 seconds and then connects to the snmpd again. AgentX master disconnected us, reconnecting in 15 I would like to reduce this time to 5 seconds. Is this time specifieded in agentXPingInterval as described here? http://www.net-snmp.org/docs/man/snmpd.conf.html However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error: /var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval. I found this code in agentx_config.c which leads me to believe that this value is hardcoded and not set in any configuration file. So changing it requires editing and recompile of the code. #ifdef USING_AGENTX_SUBAGENT_MODULE /* * tokens for master agent */ if (SUB_AGENT == agent_role) { /* * set up callbacks to initiate master agent pings for this session */ netsnmp_ds_register_config(ASN_INTEGER, netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_APPTYPE), "agentxPingInterval", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL); /* ping and/or reconnect by default every 15 seconds */ netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL, 15); } #endif /* USING_AGENTX_SUBAGENT_MODULE */ Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net<mailto:Net-snmp-users@lists.sourceforge.net> Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
AgentX reconnect time
When we restart the snmpd, the agent detects that the snmpd is no longer running and disconnects, waits 15 seconds and then connects to the snmpd again. AgentX master disconnected us, reconnecting in 15 I would like to reduce this time to 5 seconds. Is this time specifieded in agentXPingInterval as described here? http://www.net-snmp.org/docs/man/snmpd.conf.html However if I add agentXPingInterval 5 to the snmpd.conf file, I get this error: /var/snmp/snmpd.conf: line 35: Warning: Unknown token:agentXPingInterval. I found this code in agentx_config.c which leads me to believe that this value is hardcoded and not set in any configuration file. So changing it requires editing and recompile of the code. #ifdef USING_AGENTX_SUBAGENT_MODULE /* * tokens for master agent */ if (SUB_AGENT == agent_role) { /* * set up callbacks to initiate master agent pings for this session */ netsnmp_ds_register_config(ASN_INTEGER, netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_APPTYPE), "agentxPingInterval", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL); /* ping and/or reconnect by default every 15 seconds */ netsnmp_ds_set_int(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_AGENTX_PING_INTERVAL, 15); } #endif /* USING_AGENTX_SUBAGENT_MODULE */ Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem sending traps
Greetings, Our trap sink parameters are modified per 2 MIB entries, one for the IP address and one for the port. We would like to set the trap sink programmatically on powerup and when we receive an snmp request. On powerup and every time we receive a request to change the trap sink IP address or port, we parse the snmpd.conf file to get the username, authentication and privacy protocols and passwords. Our snmpd.conf file looks like this: # setup authorization CreateUser myUserName SHA "myAuthenticationPassword" AES " myPrivacyPassword " rwuser myUserName authPriv # include Agentx setup master agentx authtrapenable 1 And our code to set the trap session on power up, is written in C++ and is as follows: bool TrapSession::createSnmpV3TrapSession() { std::stringstream connectingString; netsnmp_session session, *sesp; memset(, 0, sizeof(netsnmp_session)); snmp_sess_init (); // Set up defaults session.version = SNMP_VERSION_3; // Peer name std::stringstream connectionString; connectionString << "udp6:[" << ipV6AddressAsString << "]:" << sinkPort; session.peername = strdup(connectionString.str().c_str()); // set the SNMPV3 user name session.securityName = strdup( userName.c_str()); session.securityNameLen = strlen(userName.c_str()); // Security session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV; session.securityModel = SNMP_SEC_MODEL_USM; // Authentication Protocol session.securityAuthKeyLen = USM_AUTH_KU_LEN; session.securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol, USM_AUTH_PROTO_SHA_LEN); session.securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN; if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (const uint8_t *) authenticationPassword.c_str(), authenticationPassword.length(), session.securityAuthKey, ) != SNMPERR_SUCCESS) { LOG_ERROR("Error generating authentication KU for authentication password: " << authenticationPassword); return false; } // Privacy Protocol session.securityPrivKeyLen = USM_PRIV_KU_LEN; session.securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol, USM_PRIV_PROTO_AES_LEN); session.securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN; if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (const uint8_t *)privacyPassword.c_str(), privacyPassword.length(), session.securityPrivKey, ) != SNMPERR_SUCCESS) { LOG_ERROR("Error generating privacy KU for privacy password: " << privacyPassword); return false; } // open the session sesp = snmp_open(); if (!sesp) { LOG_ERROR("Unable to open a trap session to: " << session.peername << " with user: " << userName); throw std::runtime_error("Unable to open SNMP session!"); return false; } add_trap_session(sesp, SNMP_MSG_TRAP2, FALSE, SNMP_VERSION_3); return true; } However, we are getting this error: [SNMP 3] : snmpd: send_trap: USM unknown security name (no such user exists) What are we doing wrong? If we add this line to the snmpd.conf and not use the above-mentioned code, we have no problem sending traps. trapsess -v 3 -u myUserName -l authPriv -a SHA -A " myAuthenticationPassword " -x AES -X " myPrivacyPassword " udp6:[2001:bb::f8]:162 Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users