nsNotifyRestart trap raised frequently

2019-04-24 Thread Krishna Vivek Vitta 
Hello experts,

We found that nsNotifyRestart is thrown frequently(every 2 hrs) and same has 
been reported in snmpd.log. There are no changes in snmp configuration in the 
SNMP manager and process id of SNMP is also not altering.


NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted

NET-SNMP version 5.5 restarted



Customer using third party syslog WhatsUpGold.



Given below is the TRAP details which customer getting in email:



PassiveMonitor.Payload.TrapName=nsNotifyRestart

PassiveMonitor.Payload.TrapMajor=6

PassiveMonitor.Payload.TrapMinor=3

PassiveMonitor.Payload.ObjectLong=1.3.6.1.4.1.8072.4 (netSnmpNotificationPrefix)

PassiveMonitor.Payload.snmpTrapOID.0=1.3.6.1.4.1.8072.4.0.3 (nsNotifyRestart) 
PassiveMonitor.Payload.1.3.6.1.2.1.1.3.0=10days 16:00:33.69

PassiveMonitor.Payload.snmpTrapEnterprise.0=1.3.6.1.4.1.8072.4 
(netSnmpNotificationPrefix) 
PassiveMonitor.Payload.Object=netSnmpNotificationPrefix

PassiveMonitor.Payload.Timetick=10days 16:00:33.69 
PassiveMonitor.Payload.Packet Type=SNMPv2 Trap

PassiveMonitor.Payload.1.3.6.1.6.3.1.1.4.1.0=1.3.6.1.4.1.8072.4.0.3

PassiveMonitor.Payload.Protocol Version=SNMPv2 
PassiveMonitor.Payload.CommunityName=_9TikE06:wvtXG_4X_G

PassiveMonitor.Payload.1.3.6.1.6.3.1.1.4.3.0=1.3.6.1.4.1.8072.4

PassiveMonitor.Payload.sysUpTimeInstance=10days 16:00:33.69



Can you tell on what cases this trap is raised and what are the steps that can 
be taken to prevent from being raised.


Thank you
Krishna Vivek

___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: Help required for "snmpwalk: Authentication failure "

2019-04-24 Thread Krishna Vivek Vitta 
Any update on the behaviour ?


Thank you
Krishna Vivek

From: Krishna Vivek Vitta
Sent: 23 April 2019 11:43
To: net-snmp-users@lists.sourceforge.net
Subject: Help required for "snmpwalk: Authentication failure "

Hi expert,

We have a case where snmpwalk fails after snmpv3 user is added to trap 
destination. Net-SNMP version being used is 5.5 on FreeBSD setup

We start with a configured user for SNMPv3. We used SHA1 and AES for the auth 
and privacy protocols:
add snmpuser name=test auth_password=testtest privacy_password=testtest 
auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View 
security_level=authPriv
add snmpview name=SNMP-View subtree=1.3.6.1 type=Include

The above steps:
Adds a createUser directive in /var/mps/netsnmp/snmpd.conf and restarts snmpd
1.  SNMPD replaces the createUser directive with a usmUser directive in 
persistent conf

All this is normal. The configuration in the persistent snmpd.conf is correct. 
This is our test entry:

bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf
usmUser 1 3 0x80001f88809c0a3f394b485c56 0x4e65747363616c657200 
0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 
0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.4 
0x06be7a79a8108ccde730455187973c07 ""


bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch 
--command=/root/print_users.gdb | awk '/test/,/privKey:/'

name: 0x801c6fac0:   "test"

secName: 0x801c6fad0:"test"

authProtocol: .1.3.6.1.6.3.10.1.1.3 << This means SHA1

privProtocol: .1.3.6.1.6.3.10.1.2.4 << This means AES

authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e460

privKey: 0x6be7a79a8108ccd 0xe730455187973c07



And of course the queries work:



vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x 
AES -X 'testtest'  10.91.16.71:161 1.3.6.1.2.1.1.1

SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD nssdx-mgmt 8.4-NETSCALER-12.0 FreeBSD 
8.4-NETSCALER-12.0 #0: Wed Sep 12 06:47:55 PDT 2018 
root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM[https://issues.citrite.net/images/icons/mail_small.gif]amd64



Then I add an snmptrap destination that uses this user:



add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3

 And the queries fail with authentication failure:

 vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x 
AES -X 'testtest'  10.91.16.71:161 1.3.6.1.2.1.1.1

snmpwalk: Authentication failure (incorrect password, community or key)



This time although the configuration is the same, snmpd internally has set the 
wrong protocols:



bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf

usmUser 1 3 0x80001f88809c0a3f394b485c56 0x4e65747363616c657200 
0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 
0x06be7a79a8108ccde730455187973c0719b3e460 
.1.3.6.1.6.3.10.1.2.40x06be7a79a8108ccde730455187973c07 0x

bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch 
--command=/root/print_users.gdb | awk '/Netscaler/,/privKey:/'

name: 0x801c6fac0:   "test"

secName: 0x801c6fad0:"test"

authProtocol: .1.3.6.1.6.3.10.1.1.2 << This means MD5

privProtocol: .1.3.6.1.6.3.10.1.2.2 << This means DES

authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e460

privKey: 0x6be7a79a8108ccd 0xe730455187973c07


Kindly provide assistance in resolving the case.

Thank you
Krishna Vivek

___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users