RE: Problem with snmptrap
>I don't think that this is the problem - I've had a quick look at the 5.6.x >code >that displays the source/destination addresses, and this appears to be >hardcoded to be"remote -> local" (i.e. the correct order for dumping >*received* traffic, but the wrong order for sending). > >The thing that springs out in your dump is the port number being used. > >The 5.4.x version is fine: >> Sending 110 bytes to UDP: [0.0.0.0]->[172.22.227.66]:162 > >but the 5.6.x version is using the 'query' port of 161 >> Sending 111 bytes to UDP: [172.22.227.66]:161->[0.0.0.0]:0 > >It's possibly worth specifying the port explicitly (i.e. $trap_dest:162) >[Though that doesn't explain why this should be necessary] > > >Give that a go, and let us know if it makes a difference > >Dave Adding :162 to the $trap_dest variable (traptarget:162) did result in correct behavior. I've not found anything in any of the config files that would indicate an over-ride. The source in the 5.6.1.rc2 /include directory does have: ./net-snmp/library/snmp.h:#define SNMP_TRAP_PORT162 /* standard UDP port for SNMP Though I don't see where in snmptrap code that gets used in either version Very odd! Thanks for your help - if there's someplace else to look to try to understand why adding the :162 is necessary, please let me know. Al T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On 14 August 2012 21:06, Sorrell, Al wrote: > Anyone seen anything like this before using snmptrap? I have an app running on > Solaris8 NET-SNMP 5.4.2.1 (I know it's old - that system is going away) which > seems to > work correctly, but under Solaris 10/NET-SNMP V5.6.1rc2 it fails. It appears > that snmptrap > is using the destination as the source and leaving the destination blank > according > to the -d packet dump. I don't think that this is the problem - I've had a quick look at the 5.6.x code that displays the source/destination addresses, and this appears to be hardcoded to be"remote -> local" (i.e. the correct order for dumping *received* traffic, but the wrong order for sending). The thing that springs out in your dump is the port number being used. The 5.4.x version is fine: > Sending 110 bytes to UDP: [0.0.0.0]->[172.22.227.66]:162 but the 5.6.x version is using the 'query' port of 161 > Sending 111 bytes to UDP: [172.22.227.66]:161->[0.0.0.0]:0 It's possibly worth specifying the port explicitly (i.e. $trap_dest:162) [Though that doesn't explain why this should be necessary] Give that a go, and let us know if it makes a difference Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem with snmptrap
Anyone seen anything like this before using snmptrap? I have an app running on Solaris8 NET-SNMP 5.4.2.1 (I know it's old - that system is going away) which seems to work correctly, but under Solaris 10/NET-SNMP V5.6.1rc2 it fails. It appears that snmptrap is using the destination as the source and leaving the destination blank according to the -d packet dump. Using NET-SNMP V5.4.2.1 under Solaris 8, this seems to work OK: $ uname -a SunOS tcnetops 5.8 Generic_117350-38 sun4u sparc SUNW,Sun-Fire-V440 $ /usr/local/bin/snmptrap -V NET-SNMP version: 5.4.2.1 trap_dest=172.22.227.66 sourceIP=10.102.16.26 eventId="EvID" eventDescr="EvDesc" eventSubject="EvSubj" /usr/local/bin/snmptrap -v1 -d -c public $trap_dest 1.3.6.1.4.1.33544.1 $sourceIP 6 1 "" \ 1.3.6.1.4.1.33544.1.1 s "$eventId" \ 1.3.6.1.4.1.33544.1.2 s "$eventDescr" \ 1.3.6.1.4.1.33544.1.3 s "$eventSubject" Sending 110 bytes to UDP: [0.0.0.0]->[172.22.227.66]:162 : 30 6C 02 01 00 04 06 70 75 62 6C 69 63 A4 5F 060l.public¤_. 0016: 09 2B 06 01 04 01 82 86 08 01 40 04 0A 66 10 1A.+@..f.. 0032: 02 01 06 02 01 01 43 04 25 A6 F7 1B 30 40 30 12..C.%¦÷.0@0. 0048: 06 0A 2B 06 01 04 01 82 86 08 01 01 04 04 45 76..+...Ev 0064: 49 44 30 14 06 0A 2B 06 01 04 01 82 86 08 01 02ID0...+. 0080: 04 06 45 76 44 65 73 63 30 14 06 0A 2B 06 01 04..EvDesc0...+... 0096: 01 82 86 08 01 03 04 06 45 76 53 75 62 6A EvSubj On 172.22.227.66 (running HP OpenView/NNM) the trap is received as expected: 1344974076 2 Tue Aug 14 15:54:36 2012 omt2netops.troweprice.com - Received event .1.3.6.1.4.1.33544.1.0.1 (enterprise:.1.3.6.1.4.1.33544.1 generic:6 specific:1), no format in trapd.conf. 3 args: [1] private.enterprises.33544.1.1 (OctetString): EvID [2] private.enterprises.33544.1.2 (OctetString): EvDesc [3] private.enterprises.33544.1.3 (OctetString): EvSubj;1 .1.3.6.1.4.1.33544.1.0.1 0 The same command executed under 5.6.1rc2 on Solaris 10 doesn't seem to work (i.e., no trap is received). NOTE the difference in the packet dump where it seems to have used the destination as the source! $ uname -a SunOS omt2netops 5.10 Generic_142900-02 sun4v sparc SUNW,SPARC-Enterprise-T5120 $ snmptrap -V NET-SNMP version: 5.6.1.rc2 trap_dest=172.22.227.66 sourceIP=10.102.16.26 eventId="EvID" eventDescr="EvDesc" eventSubject="EvSubj" $ /usr/local/bin/snmptrap -v1 -d -c public $trap_dest 1.3.6.1.4.1.33544.1 $sourceIP 6 1 "" \ > 1.3.6.1.4.1.33544.1.1 s "$eventId" \ > 1.3.6.1.4.1.33544.1.2 s "$eventDescr" \ > 1.3.6.1.4.1.33544.1.3 s "$eventSubject" Sending 111 bytes to UDP: [172.22.227.66]:161->[0.0.0.0]:0 : 30 6D 02 01 00 04 06 70 75 62 6C 69 63 A4 60 060m.public.`. 0016: 09 2B 06 01 04 01 82 86 08 01 40 04 0A 66 10 1A.+@..f.. 0032: 02 01 06 02 01 01 43 05 00 A2 35 3C 8B 30 40 30..C...5<.0@0 0048: 12 06 0A 2B 06 01 04 01 82 86 08 01 01 04 04 45...+...E 0064: 76 49 44 30 14 06 0A 2B 06 01 04 01 82 86 08 01vID0...+ 0080: 02 04 06 45 76 44 65 73 63 30 14 06 0A 2B 06 01...EvDesc0...+.. 0096: 04 01 82 86 08 01 03 04 06 45 76 53 75 62 6A .EvSubj _ Almon (Al) Sorrell Global Business Solutions and Technology Services Corporate Network Services | Network Engineering Consultant T. Rowe Price 4515 Painters Mill Road, TE9008 Owings Mills, MD 21117 Phone: (410) 345-3042 Cell:(443) 527-2398 Fax:(410) 345-3135 Email: al_sorr...@troweprice.com T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263
RE: Problem with snmptrap
> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Eduardo Saavedra Cea > I tried to configure ACCESS CONTROL with the follow lines in the > snmpd.conf file: The snmptrapd is configured in the snmptrapd.conf file, not snmpd.conf. You can test this: condor:/etc/snmp # snmptrapd -m all -Le -f -d -C -c snmpd.conf HTH, Mike - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
First al all thanks for your help. But the problem is yet unresolved. I know that my problem is ACCESS CONTROL. I read this section, but I dont understand very well. I found out that snmptrap loads the mibs from /usr/local/share/snmp/mibs not /usr/share/snmp/mibs/ where I thought. When I changed my mib I obtained the line "No access configuration - dropping trap": condor:~ # snmptrapd -m all -Lo -f Warning: no access control information configured. This receiver will *NOT* accept any incoming notifications. NET-SNMP version 5.4 No access configuration - dropping trap. But the problem of ACCESS CONTROL is yet unresolved. Whit the option -d I obtain: condor:/etc/snmp # snmptrapd -m all -Le -f -d Warning: no access control information configured. This receiver will *NOT* accept any incoming notifications. NET-SNMP version 5.4 Received 52 bytes from UDP: [192.168.1.168]:1096 : 30 32 02 01 00 04 0D 7A 77 65 69 63 6F 6D 5F 6E02.zweicom_n 0016: 6F 74 61 76 A4 1E 06 0A 2B 06 01 04 01 81 97 50otav+..P 0032: 02 01 40 04 7F 00 00 01 02 01 06 02 02 01 2F 43[EMAIL PROTECTED]/C 0048: 01 00 30 00 ..0. No access configuration - dropping trap. I tried to configure ACCESS CONTROL with the follow lines in the snmpd.conf file: # sec.name source community com2sec local localhost zweicom_notav com2sec mynetwork 192.168.1.0/24 zweicom_notav # Second, map the security names into group names: # sec.model sec.name group MyRWGroup v1 local group MyRWGroup v2clocal group MyRWGroup usmlocal group MyROGroup v1 mynetwork group MyROGroup v2cmynetwork group MyROGroup usmmynetwork # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask view allincluded .1 80 # Finally, grant the 2 groups access to the 1 view with different # write permissions: #context sec.model sec.level match read write notif #access MyROGroup "" any noauthexact allnone none #access MyRWGroup "" any noauthexact allallnone access MyROGroup "" any authexact allallall access MyRWGroup "" any authexact allallall But Its doesnt work. Thanks a lot. On 16/07/07, Thomas Anders <[EMAIL PROTECTED]> wrote: > Eduardo Saavedra Cea wrote: > > I want to receive traps with snmptrapd, but It doesn't work. > > This demon dont print anything to standar out neither to syslog when I > > send the trap whit sendtrap: > > snmptrap -v 1 -c zweicom_notav 192.168.1.168:162 > > .1.3.6.1.4.1.19408.2.1 localhost 6 303 .1.3.6.1.4.1.19408.1.1.2.0 > > > > I start with: > > condor:~ # snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf > > NET-SNMP version 5.4 > > > > I know the traps arrive because I try strace: > > condor:~ # strace snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf > > . > > What's the content of /etc/snmp/snmpd.conf (a somewhat strange config > file name for snmptrapd, btw) and /etc/hosts.{allow,deny}? If you add > "-d" to the snmptrapd invocation, does it log the incoming packet? Have > you read the "ACCESS CONTROL" section in the snmptrapd manual page? > > > +Thomas > > -- > Thomas Anders (thomas.anders at blue-cable.de) > - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Thank you very very much. You are rigth. I should have read the manual better, but the information is too much that I was a bit lost. Thank you very very much again. On 17/07/07, Thomas Anders <[EMAIL PROTECTED]> wrote: Eduardo Saavedra Cea wrote: > I know that my problem is ACCESS CONTROL. I read this section, but I > dont understand very well. Are you sure you've read the *snmptrapd.conf* manual page? Because the config file you posted only contains config settings for *snmpd*. Create /etc/snmp/snmptrapd.conf with just the line authcommunity log,execute zweicom_notav and run snmptrapd as "snmptrapd -f -Le" (assumed that /etc/snmp is in your SNMPCONFPATH, see "net-snmp-config --snmpconfpath"). Now fire your trap and you should see it logged. +Thomas - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Eduardo Saavedra Cea wrote: > I know that my problem is ACCESS CONTROL. I read this section, but I > dont understand very well. Are you sure you've read the *snmptrapd.conf* manual page? Because the config file you posted only contains config settings for *snmpd*. Create /etc/snmp/snmptrapd.conf with just the line authcommunity log,execute zweicom_notav and run snmptrapd as "snmptrapd -f -Le" (assumed that /etc/snmp is in your SNMPCONFPATH, see "net-snmp-config --snmpconfpath"). Now fire your trap and you should see it logged. +Thomas - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem with snmptrap
I know that my problem is ACCESS CONTROL. I read this section, but I dont understand very well. I found out that snmptrap loads the mibs from /usr/local/share/snmp/mibs not /usr/share/snmp/mibs/ where I thought. When I changed my mib I obtained the line "No access configuration - dropping trap": condor:~ # snmptrapd -m all -Lo -f Warning: no access control information configured. This receiver will *NOT* accept any incoming notifications. NET-SNMP version 5.4 No access configuration - dropping trap. But the problem of ACCESS CONTROL is yet unresolved. Whit the option -d I obtain: condor:/etc/snmp # snmptrapd -m all -Le -f -d Warning: no access control information configured. This receiver will *NOT* accept any incoming notifications. NET-SNMP version 5.4 Received 52 bytes from UDP: [192.168.1.168]:1096 : 30 32 02 01 00 04 0D 7A 77 65 69 63 6F 6D 5F 6E02.zweicom_n 0016: 6F 74 61 76 A4 1E 06 0A 2B 06 01 04 01 81 97 50otav+..P 0032: 02 01 40 04 7F 00 00 01 02 01 06 02 02 01 2F 43[EMAIL PROTECTED]/C 0048: 01 00 30 00 ..0. No access configuration - dropping trap. I tried to configure ACCESS CONTROL with the follow lines in the snmpd.conf file: # sec.name source community com2sec local localhost zweicom_notav com2sec mynetwork 192.168.1.0/24 zweicom_notav # Second, map the security names into group names: # sec.model sec.name group MyRWGroup v1 local group MyRWGroup v2clocal group MyRWGroup usmlocal group MyROGroup v1 mynetwork group MyROGroup v2cmynetwork group MyROGroup usmmynetwork # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask view allincluded .1 80 # Finally, grant the 2 groups access to the 1 view with different # write permissions: #context sec.model sec.level match read write notif #access MyROGroup "" any noauthexact allnone none #access MyRWGroup "" any noauthexact allallnone access MyROGroup "" any authexact allallall access MyRWGroup "" any authexact allallall But Its doesnt work. Thanks a lot. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Eduardo Saavedra Cea wrote: > I want to receive traps with snmptrapd, but It doesn't work. > This demon dont print anything to standar out neither to syslog when I > send the trap whit sendtrap: > snmptrap -v 1 -c zweicom_notav 192.168.1.168:162 > .1.3.6.1.4.1.19408.2.1 localhost 6 303 .1.3.6.1.4.1.19408.1.1.2.0 > > I start with: > condor:~ # snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf > NET-SNMP version 5.4 > > I know the traps arrive because I try strace: > condor:~ # strace snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf > . What's the content of /etc/snmp/snmpd.conf (a somewhat strange config file name for snmptrapd, btw) and /etc/hosts.{allow,deny}? If you add "-d" to the snmptrapd invocation, does it log the incoming packet? Have you read the "ACCESS CONTROL" section in the snmptrapd manual page? +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem with snmptrap
Hello. I want to receive traps with snmptrapd, but It doesn't work. This demon dont print anything to standar out neither to syslog when I send the trap whit sendtrap: snmptrap -v 1 -c zweicom_notav 192.168.1.168:162 .1.3.6.1.4.1.19408.2.1 localhost 6 303 .1.3.6.1.4.1.19408.1.1.2.0 I start with: condor:~ # snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf NET-SNMP version 5.4 I know the traps arrive because I try strace: condor:~ # strace snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf . recvmsg(7, {msg_name(16)={sa_family=AF_INET, sin_port=htons(1079), sin_addr=inet_addr("192.168.1.168")}, msg_iov(1)=[{"02\2\1\0\4\rzweicom_notav\244\36\6\n+\6\1\4\1\201\227P"..., 65536}], msg_controllen=24, {cmsg_len=24, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, 0) = 52 open("/etc/hosts.allow", O_RDONLY) = 8 fstat64(8, {st_mode=S_IFREG|0644, st_size=2639, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ee4000 read(8, "# /etc/hosts.allow\n# See \'man tc"..., 4096) = 2639 read(8, "", 4096) = 0 close(8)= 0 munmap(0xb7ee4000, 4096)= 0 open("/etc/hosts.deny", O_RDONLY) = 8 fstat64(8, {st_mode=S_IFREG|0644, st_size=149, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ee4000 read(8, "# /etc/hosts.deny\n# See \'man tcp"..., 4096) = 149 read(8, "", 4096) = 0 close(8)= 0 munmap(0xb7ee4000, 4096)= 0 brk(0x800ae000) = 0x800ae000 gettimeofday({1184347136, 897238}, NULL) = 0 gettimeofday({1184347136, 897302}, NULL) = 0 gettimeofday({1184347136, 897358}, NULL) = 0 Thanks a lot. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Wed, 2005-12-07 at 20:59 +0100, Thomas Anders wrote: > Andrei Pisau wrote: > > On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: > >>It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... > >> > > > > I have tried and it works with 5.2.1, but not with 5.2.2. > > Just in case you haven't noticed, there's an official patch for 5.2.2 > that fixes this: > >http://sf.net/support/tracker.php?aid=1374087 > I didn't notice the patch when I have sent the previous email. I have tested the patch with net-snmp version 5.2.2.pre1 and it works to send V3 TRAPs. Thank you for your quick responses and advices. signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
Andrei Pisau wrote: On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... I have tried and it works with 5.2.1, but not with 5.2.2. Just in case you haven't noticed, there's an official patch for 5.2.2 that fixes this: http://sf.net/support/tracker.php?aid=1374087 +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Tue, 2005-12-06 at 11:26 +0200, Andrei Pisau wrote: > Also, I have tried the latest release 5.3.pre5 and I have > problems when sending all kind of alerts. Even v1 TRAP or > V2c TRAP or INFORM are not logged, snmptrapd receives them > but some way, it discards them after some VACM checks. Yes - the 5.3 release will require explicit access configuration for the trap handler to accept traps. > I am using the simple configuration with > ro/rwcommunity in snmpd.conf. Is that not supported anymore? > Should I use only com2sec, group &co ...? No - this is nothing to do with your 'snmpd.conf' settings. What you'll need is similar entries in your 'snmptrapd.conf' file - something along the lines of authcommunity log,execute,net public We'll document this properly before 5.3 is fully released. Dave --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: > Ok... I misdiagnosed the problem. The problem is that snmptrap > itself is complaining that the user doesn't exist, not the agent which > is what I originally thought. > > I do suspect a new bug. > > I'm going to bet it stems from the delayed engineid probing introduced > a while ago. sigh. > > It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... > I have tried and it works with 5.2.1, but not with 5.2.2. Also, I have tried the latest release 5.3.pre5 and I have problems when sending all kind of alerts. Even v1 TRAP or V2c TRAP or INFORM are not logged, snmptrapd receives them but some way, it discards them after some VACM checks. I am using the simple configuration with ro/rwcommunity in snmpd.conf. Is that not supported anymore? Should I use only com2sec, group &co ...? Kind regards, Andrei Pisau signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
> On Wed, 30 Nov 2005 12:10:53 +0200, Andrei Pisau <[EMAIL PROTECTED]> said: Andrei> Let me put it this way. I do the followings: Andrei> 1. stop snmptrapd Andrei> 2. edit /var/net-snmp/snmptrapd.conf to have Andrei> createUser -e myengineID username MD5 authpass DES privpass Andrei> myengineID = 0xbd224466 , I tried values even bigger, but still had the Andrei> same result Andrei> 3. start snmptrapd Andrei> 4. snmpinform or snmptrap for this user doesn't work, I try this with Andrei> the cmd: Andrei> snmp{trap|inform} -e myengineID -v 3 -u username -a MD5 -A authpass -l Andrei> authPriv -x DES -X privpass localhost 42 coldStart.0 Andrei> => Andrei> snmptrap: USM unknown security name (no such user exists) (Sub-id not Andrei> found: (top) -> coldStart) Ok... I misdiagnosed the problem. The problem is that snmptrap itself is complaining that the user doesn't exist, not the agent which is what I originally thought. I do suspect a new bug. I'm going to bet it stems from the delayed engineid probing introduced a while ago. sigh. It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... -- Wes Hardaker Sparta, Inc. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Tue, 2005-11-29 at 10:27 -0800, Wes Hardaker wrote: > > On Tue, 29 Nov 2005 09:39:37 -0800, Wes Hardaker <[EMAIL PROTECTED]> > > said: > > Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 > Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 > > Wes> 1) that engineid is not a legal one... Not that it should matter much > Wes> for our tools, as we're fairly liberal in what we accept. However, > Wes> for others it might cause them to fail. > OK. For this moment I am trying to make it work on local host, but still I don't get this correspondence user <=> engine ID. 0xbd224466 might not be a valid value, but still is accepted. > Wes> 2) The engineID *MUST* match the engineID of the trap receiver. It > Wes> can't be arbitrary. do a "grep oldEngineID > Wes> /var/net-snmp/snmptrapd.conf" and use the engineID from that line > Wes> for *both* the createUser line and the snmptrap line. > > whoops. #2 is a lie. It should only match for an INFORM my bad. > > As long as the createuser line matches the -e switch, it should work... > > -- > Wes Hardaker > Sparta, Inc. > Let me put it this way. I do the followings: 1. stop snmptrapd 2. edit /var/net-snmp/snmptrapd.conf to have createUser -e myengineID username MD5 authpass DES privpass myengineID = 0xbd224466 , I tried values even bigger, but still had the same result 3. start snmptrapd 4. snmpinform or snmptrap for this user doesn't work, I try this with the cmd: snmp{trap|inform} -e myengineID -v 3 -u username -a MD5 -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 => snmptrap: USM unknown security name (no such user exists) (Sub-id not found: (top) -> coldStart) As I see this steps are also in the tutorial from the site. I have observed that if I do a createuser without -e, snmpinform succeds, but snmptrap does not. The debug shows me that snmpinform or snmptrap -Ci do a GET message before, snmptrap does only TRAP2 message, and I fails to verify the user. Can anybody explain me what I misunderstood here? I can't make it work together, the username and the engineID. Thanks! signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
> On Tue, 29 Nov 2005 09:39:37 -0800, Wes Hardaker <[EMAIL PROTECTED]> said: Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 Wes> 1) that engineid is not a legal one... Not that it should matter much Wes> for our tools, as we're fairly liberal in what we accept. However, Wes> for others it might cause them to fail. Wes> 2) The engineID *MUST* match the engineID of the trap receiver. It Wes> can't be arbitrary. do a "grep oldEngineID Wes> /var/net-snmp/snmptrapd.conf" and use the engineID from that line Wes> for *both* the createUser line and the snmptrap line. whoops. #2 is a lie. It should only match for an INFORM my bad. As long as the createuser line matches the -e switch, it should work... -- Wes Hardaker Sparta, Inc. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
> On Tue, 29 Nov 2005 16:49:33 +0200, Andrei Pisau <[EMAIL PROTECTED]> said: Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 1) that engineid is not a legal one... Not that it should matter much for our tools, as we're fairly liberal in what we accept. However, for others it might cause them to fail. 2) The engineID *MUST* match the engineID of the trap receiver. It can't be arbitrary. do a "grep oldEngineID /var/net-snmp/snmptrapd.conf" and use the engineID from that line for *both* the createUser line and the snmptrap line. -- Wes Hardaker Sparta, Inc. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem with snmptrap
Hi net-snmp users! I use SNMP v3 for sending enterprise traps to localhost. I have checked the documentation: http://net-snmp.sourceforge.net/tutorial/tutorial-5/commands/snmptrap-v3.html and also the man pages, but still I don't understand something. If I want to walk on my MIB using snmpv3 I put rwuser username in /usr/local/share/snmp/snmpd.conf. and a createUser directive in /var/net-snmp/snmpd.conf createUser username MD5 authpass DES privpass snmpwalk works fine getting the right keys from the MIB. When it comes to sending traps to the same username works only for informs, I meen snmpinform cmd works fine and sends the alert to localhost. I have the same createUser directive from above in /var/net-snmp/snmptrapd.conf. If I want to send TRAP2 with snmptrap I get: snmptrap: USM unknown security name (no such user exists) (Sub-id not found: (top) -> coldStart) Ok. I have checked the link written above, and there I found that I need to modify the createUser directive using an engine ID , I've done that, restarted the snmptrapd, in order to take the new user with this new engine ID, and run again snmptrap, this time with the -e engineID from the persistent file in the command line, but sadly same behavoir, USM unknown security name. What do I do wrong? Here is some debug from snmptrap: snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 dumph_send: SNMPv3 Message dumph_send: TRAP2 dumph_send: VarBind dumph_send: ValueObjID: SNMPv2-MIB::coldStart.0 dumph_send: NameObjID: SNMPv2-MIB::snmpTrapOID.0 dumph_send: VarBind dumph_send: ValueUInteger:42 (0x2A) dumph_send: NameObjID: RFC1213-MIB::sysUpTime.0 dumph_send: error indexInteger: 0 (0x00) dumph_send: error statusInteger: 0 (0x00) dumph_send: request_idInteger:253202694 (0xF179106) dumph_send: ScopedPdu dumph_send: contextNameString: [NULL] dumph_send: contextEngineIDString: .ò..Qih.C dumph_send: msgSecurityModelInteger:3 (0x03) dumph_send: msgFlagsString: . dumph_send: msgMaxSizeInteger: 65507 (0xFFE3) dumph_send: msgIDInteger: 1331985359 (0x4F647BCF) dumph_send: SNMP Version NumberInteger: 3 (0x03) dumph_send: SM msgSecurityParameters usm: USM processing has begun (offset 76) usm: getting user root usm: Unknown User snmptrap: USM unknown security name (no such user exists) (Sub-id not found: (top) -> coldStart) I have in /var/net-snmp/snmptrapd.conf and snmpd.conf createUser -e 0xbd224466 root MD5 "authpass" DES "privpass" I have observed that snmpinform, or snmptrap -Ci which is the same, does a SNMP GET message before, I suspect that it takes the remote engineID. But if I configure as above, I am working on localhost only, snmptrap fails to identify the user even I specify the engine ID in the cmd line. I am using net-snmp5.2.2.pre1 signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/