Re: wrong MAC int the trap
> Maybe this is a Bug?
It sounds like one, but I don't know. Hopefully someone else on the
list can say if snmptrapd printing a trap one way & logging it another
is by design, config option or what.
Regards,
Lee
On 3/8/13, Meike Stone wrote:
> Hello Lee,
>
>> It looks like you're still missing some MIB files. I'm guessing
>> S5-SWITCH-BAYSECURE-MIB (I'm not good at searching - the only places
>> I've found that might let me download the file want javascript &
>> cookies enabled & that ain't happening)
>> get the file and add the line
>> DISPLAY-HINT "2x:"
>> in the section where s5SbsViolationStatusMACAddress is defined.
>> Restart the trap daemon & try again...
>>
>
> Seems, that you are right.
> After adding this MIB, snmptrapd resolves the MAC. But in different ways.
> In the syslog, the MAC is properly decoded:
>
> snmptrapd[20224]: 10.160.22.100: Enterprise Specific Trap (.5) Uptime:
> 34 days, 0:08:26.79,
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusBrdIndx.1.22 = 1,
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusPortIndx.1.22 = 22,
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusMACAddress.1.22 =
> 60:73:5c:2f:63:28
>
> But internal, it use the same string again. If I start the snmptrapd with
> /usr/sbin/snmptrapd -nf -mALL -OQ
> it gives following output:
>
> Loaded the perl snmptrapd handler
> notificationtype TRAP
> receivedfrom UDP:
> [192.168.111.233]:3812->[10.160.22.59]
> version0
> errorstatus0
> messageid 0
> community public
> transactionid 1
> errorindex 0
> requestid 0
> DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=34:0:08:26.79
> SNMPv2-MIB::snmpTrapOID.0 type=6 value=S5-ROOT-MIB::s5EthTrap.0.5
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusBrdIndx.1.22 type=2 value=1
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusPortIndx.1.22 type=2
> value=22
> S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusMACAddress.1.22 type=4
> value="`s\\/c("
> SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=10.160.22.100
> SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value="public"
> SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=S5-ROOT-MIB::s5EthTrap
>
> The same wrong thing, the address as string. I use the snmptrapd, to
> call a perlscript and this also get this wrong value.
> Maybe this is a Bug?
>
> Thanks Meike
>
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
Hello Lee,
> It looks like you're still missing some MIB files. I'm guessing
> S5-SWITCH-BAYSECURE-MIB (I'm not good at searching - the only places
> I've found that might let me download the file want javascript &
> cookies enabled & that ain't happening)
> get the file and add the line
> DISPLAY-HINT "2x:"
> in the section where s5SbsViolationStatusMACAddress is defined.
> Restart the trap daemon & try again...
>
Seems, that you are right.
After adding this MIB, snmptrapd resolves the MAC. But in different ways.
In the syslog, the MAC is properly decoded:
snmptrapd[20224]: 10.160.22.100: Enterprise Specific Trap (.5) Uptime:
34 days, 0:08:26.79,
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusBrdIndx.1.22 = 1,
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusPortIndx.1.22 = 22,
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusMACAddress.1.22 =
60:73:5c:2f:63:28
But internal, it use the same string again. If I start the snmptrapd with
/usr/sbin/snmptrapd -nf -mALL -OQ
it gives following output:
Loaded the perl snmptrapd handler
notificationtype TRAP
receivedfrom UDP: [192.168.111.233]:3812->[10.160.22.59]
version0
errorstatus0
messageid 0
community public
transactionid 1
errorindex 0
requestid 0
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=34:0:08:26.79
SNMPv2-MIB::snmpTrapOID.0 type=6 value=S5-ROOT-MIB::s5EthTrap.0.5
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusBrdIndx.1.22 type=2 value=1
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusPortIndx.1.22 type=2 value=22
S5-SWITCH-BAYSECURE-MIB::s5SbsViolationStatusMACAddress.1.22 type=4
value="`s\\/c("
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=10.160.22.100
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value="public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=S5-ROOT-MIB::s5EthTrap
The same wrong thing, the address as string. I use the snmptrapd, to
call a perlscript and this also get this wrong value.
Maybe this is a Bug?
Thanks Meike
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
On 3/6/13, Meike Stone wrote:
> 2013/3/5 Meike Stone :
>> 2013/3/1 Lee :
>>> Adding a display-hint to the mib file might work. But with snmptrapd
>>> printing out
22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
>>> it doesn't look like it's found the mibs.
>
>
> The SNMP trap from a Nortel Switch and uses SNMPv1. This nortel Switch
> can only be configured to send Traps SNMPv1.
> I don't no, if it would work With SNMPv2. I only see, that the
> Display-Hint is defined in a MIB-file called "SNMPv2-TC.txt.
>
>
> TRAP decoded by snmpdtrapd with problematic MAC:
>
> notificationtype TRAP
> receivedfrom UDP:
> [192.168.111.233]:3812->[10.160.22.59]
> version0
> errorstatus0
> messageid 0
> community public
> transactionid 1
> errorindex 0
> requestid 0
> DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks:
> (293810679) 34 days, 0:08:26.79
> SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID:
> S5-ROOT-MIB::s5EthTrap.0.5
> S5-ROOT-MIB::s5Com.3.12.1.1.1.22 type=2 value=INTEGER: 1
> S5-ROOT-MIB::s5Com.3.12.1.2.1.22 type=2 value=INTEGER: 22
> S5-ROOT-MIB::s5Com.3.12.1.3.1.22 type=4 value=STRING: "`s\\/c("
It looks like you're still missing some MIB files. I'm guessing
S5-SWITCH-BAYSECURE-MIB (I'm not good at searching - the only places
I've found that might let me download the file want javascript &
cookies enabled & that ain't happening)
get the file and add the line
DISPLAY-HINT "2x:"
in the section where s5SbsViolationStatusMACAddress is defined.
Restart the trap daemon & try again...
> What algorithm uses snmptrapd to determine, whether it is a sting or
> hex-string?
I have no idea
Regards,
Lee
> SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=IpAddress:
> 10.160.22.100
> SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
> SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID:
> S5-ROOT-MIB::s5EthTrap
>
>
> with other MAC-Address, it decodes not as STING, instead as Hex-String:
>
> receivedfrom UDP:
> [192.168.111.233]:3812->[10.160.22.59]
> version0
> errorstatus0
> messageid 0
> community public
> transactionid 2
> errorindex 0
> requestid 0
> DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks:
> (293810679) 34 days, 0:08:26.79
> SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID:
> S5-ROOT-MIB::s5EthTrap.0.5
> S5-ROOT-MIB::s5Com.3.12.1.1.1.22 type=2 value=INTEGER: 1
> S5-ROOT-MIB::s5Com.3.12.1.2.1.22 type=2 value=INTEGER: 22
> S5-ROOT-MIB::s5Com.3.12.1.3.1.22 type=4 value=Hex-STRING: 10 73 5C 2F 63
> 28
> SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=IpAddress:
> 10.160.22.100
> SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
> SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID:
> S5-ROOT-MIB::s5EthTrap
>
>
> With the output option -Ox, it is decoded well (from manual page snmpcmd):
> -OxDisplay string values as Hex strings (unless there is a
> DISPLAY-HINT defined for the corresponding MIB object).
> By default, the library attempts to determine whether the
> value is a printable or binary string, and displays it accordingly.
> This option does not affect objects that do have a Display Hint.
>
> What algorithm uses snmptrapd to determine, whether it is a sting or
> hex-string?
> because of statement from man page : "By default, the library attempts
> to determine whether the value is a printable or binary string, and
> displays it accordingly."
>
>
> Don't know, how to solve this problem ..
>
> Thanks Meike
>
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
2013/3/5 Meike Stone :
> 2013/3/1 Lee :
>> Adding a display-hint to the mib file might work. But with snmptrapd
>> printing out
>>> 22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
>> it doesn't look like it's found the mibs.
The SNMP trap from a Nortel Switch and uses SNMPv1. This nortel Switch
can only be configured to send Traps SNMPv1.
I don't no, if it would work With SNMPv2. I only see, that the
Display-Hint is defined in a MIB-file called "SNMPv2-TC.txt.
TRAP decoded by snmpdtrapd with problematic MAC:
notificationtype TRAP
receivedfrom UDP: [192.168.111.233]:3812->[10.160.22.59]
version0
errorstatus0
messageid 0
community public
transactionid 1
errorindex 0
requestid 0
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks:
(293810679) 34 days, 0:08:26.79
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: S5-ROOT-MIB::s5EthTrap.0.5
S5-ROOT-MIB::s5Com.3.12.1.1.1.22 type=2 value=INTEGER: 1
S5-ROOT-MIB::s5Com.3.12.1.2.1.22 type=2 value=INTEGER: 22
S5-ROOT-MIB::s5Com.3.12.1.3.1.22 type=4 value=STRING: "`s\\/c("
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=IpAddress: 10.160.22.100
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID: S5-ROOT-MIB::s5EthTrap
with other MAC-Address, it decodes not as STING, instead as Hex-String:
receivedfrom UDP: [192.168.111.233]:3812->[10.160.22.59]
version0
errorstatus0
messageid 0
community public
transactionid 2
errorindex 0
requestid 0
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks:
(293810679) 34 days, 0:08:26.79
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: S5-ROOT-MIB::s5EthTrap.0.5
S5-ROOT-MIB::s5Com.3.12.1.1.1.22 type=2 value=INTEGER: 1
S5-ROOT-MIB::s5Com.3.12.1.2.1.22 type=2 value=INTEGER: 22
S5-ROOT-MIB::s5Com.3.12.1.3.1.22 type=4 value=Hex-STRING: 10 73 5C 2F 63 28
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=IpAddress: 10.160.22.100
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4 value=STRING: "public"
SNMPv2-MIB::snmpTrapEnterprise.0 type=6 value=OID: S5-ROOT-MIB::s5EthTrap
With the output option -Ox, it is decoded well (from manual page snmpcmd):
-OxDisplay string values as Hex strings (unless there is a
DISPLAY-HINT defined for the corresponding MIB object).
By default, the library attempts to determine whether the
value is a printable or binary string, and displays it accordingly.
This option does not affect objects that do have a Display Hint.
What algorithm uses snmptrapd to determine, whether it is a sting or
hex-string?
because of statement from man page : "By default, the library attempts
to determine whether the value is a printable or binary string, and
displays it accordingly."
Don't know, how to solve this problem ..
Thanks Meike
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
2013/3/5 Meike Stone :
> 2013/3/1 Lee :
>> Adding a display-hint to the mib file might work. But with snmptrapd
>> printing out
>>> 22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
>> it doesn't look like it's found the mibs.
>
> strace -f -eopen snmptrapd -nf
> .
> .
> .
> pen("/etc/snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No such file
> or directory)
> open("/usr/share/snmp/snmp.conf", O_RDONLY) = -1 ENOENT (No such file
> or directory)
> open("/usr/share/snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> open("/var/lib/net-snmp/snmp.conf", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> open("/var/lib/net-snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No
> such file or directory)
> open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 7
> open("/root/.snmp/mibs", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) =
> -1 ENOENT (No such file or directory)
> open("/usr/share/snmp/mibs/.index", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/SNMPv2-TC.txt", O_RDONLY) = 8
> open("/usr/share/snmp/mibs/UCD-SNMP-MIB.txt", O_RDONLY) = 8
> open("/usr/share/snmp/mibs/SNMPv2-SMI.txt", O_RDONLY) = 9
> open("/usr/share/snmp/mibs/UCD-DISKIO-MIB.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/EtherLike-MIB.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/IF-MIB.txt", O_RDONLY) = 8
> open("/usr/share/snmp/mibs/SNMPv2-MIB.txt", O_RDONLY) = 9
> open("/usr/share/snmp/mibs/IANAifType-MIB.txt", O_RDONLY) = 9
> open("/usr/share/snmp/mibs/RMON-MIB.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt", O_RDONLY) = 7
> open("/usr/share/snmp/mibs/VELOCITY-MIB.txt", O_RDONLY) = 7
> .
> .
> .
>
>
>> The default location for the mib files is /usr/local/share/snmp/mibs
> Here on SLES11 it is /usr/share/snmp/mibs/
>
>> In any case, once you've got snmptrapd reading the mibs try adding
>> DISPLAY-HINT "2x:"
>
> I found a display-hint in SNMPv2-TC.txt:
>
> MacAddress ::= TEXTUAL-CONVENTION
> DISPLAY-HINT "1x:"
> STATUS current
> DESCRIPTION
> "Represents an 802 MAC address represented in the
> `canonical' order defined by IEEE 802.1a, i.e., as if it
> were transmitted least significant bit first, even though
> 802.5 (in contrast to other 802.x protocols) requires MAC
> addresses to be transmitted most significant bit first."
> SYNTAX OCTET STRING (SIZE (6))
>
> This file is loaded, see strace above.
.. and I started snmptrapd -nf -DALL, here the part from the syslog:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Parsing file:
/usr/share/snmp/mibs/SNMPv2-TC.txt...
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse(): parse.c, 4345:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-mibs:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Parsing MIB: 7 SNMPv2-TC
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: do_linkup(): parse.c, 1677:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-mibs:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Processing IMPORTS for
module 7 SNMPv2-TC
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: do_linkup(): parse.c, 1690:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-mibs:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Processing import: joint-iso-ccitt
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: do_linkup(): parse.c, 1690:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-mibs:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Processing import: ccitt
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: do_linkup(): parse.c, 1690:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-mibs:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: Processing import: iso
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: trace:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse(): parse.c, 4462:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: parse-file:
Feb 28 01:51:39 sles11sp2 snmptrapd[13944]: End of file
(/usr/share/snmp/mibs/SNMPv2-TC.txt)
>
> Hmm,..
>
> Thanks Meike
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
2013/3/1 Lee :
> Adding a display-hint to the mib file might work. But with snmptrapd
> printing out
>> 22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
> it doesn't look like it's found the mibs.
strace -f -eopen snmptrapd -nf
.
.
.
pen("/etc/snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/share/snmp/snmp.conf", O_RDONLY) = -1 ENOENT (No such file
or directory)
open("/usr/share/snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/var/lib/net-snmp/snmp.conf", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/var/lib/net-snmp/snmp.local.conf", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 7
open("/root/.snmp/mibs", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) =
-1 ENOENT (No such file or directory)
open("/usr/share/snmp/mibs/.index", O_RDONLY) = 7
open("/usr/share/snmp/mibs/UCD-IPFWACC-MIB.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/SNMPv2-TC.txt", O_RDONLY) = 8
open("/usr/share/snmp/mibs/UCD-SNMP-MIB.txt", O_RDONLY) = 8
open("/usr/share/snmp/mibs/SNMPv2-SMI.txt", O_RDONLY) = 9
open("/usr/share/snmp/mibs/UCD-DISKIO-MIB.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/EtherLike-MIB.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/IF-MIB.txt", O_RDONLY) = 8
open("/usr/share/snmp/mibs/SNMPv2-MIB.txt", O_RDONLY) = 9
open("/usr/share/snmp/mibs/IANAifType-MIB.txt", O_RDONLY) = 9
open("/usr/share/snmp/mibs/RMON-MIB.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/HOST-RESOURCES-TYPES.txt", O_RDONLY) = 7
open("/usr/share/snmp/mibs/VELOCITY-MIB.txt", O_RDONLY) = 7
.
.
.
> The default location for the mib files is /usr/local/share/snmp/mibs
Here on SLES11 it is /usr/share/snmp/mibs/
> In any case, once you've got snmptrapd reading the mibs try adding
> DISPLAY-HINT "2x:"
I found a display-hint in SNMPv2-TC.txt:
MacAddress ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1x:"
STATUS current
DESCRIPTION
"Represents an 802 MAC address represented in the
`canonical' order defined by IEEE 802.1a, i.e., as if it
were transmitted least significant bit first, even though
802.5 (in contrast to other 802.x protocols) requires MAC
addresses to be transmitted most significant bit first."
SYNTAX OCTET STRING (SIZE (6))
This file is loaded, see strace above.
Hmm,..
Thanks Meike
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: wrong MAC int the trap
Adding a display-hint to the mib file might work. But with snmptrapd
printing out
> 22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
it doesn't look like it's found the mibs.
> I also installed the needed MIBs in /usr/share/snmp/mibs
The default location for the mib files is /usr/local/share/snmp/mibs
In any case, once you've got snmptrapd reading the mibs try adding
DISPLAY-HINT "2x:"
to the definition of the variable. For example:
Ipv6Address ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2x:"
STATUS current
DESCRIPTION
"This data type is used to model IPv6 addresses.
This is a binary string of 16 octets in network
byte-order."
SYNTAX OCTET STRING (SIZE (16))
Regards,
Lee
On 2/28/13, Meike Stone wrote:
> Hello dear list,
>
> I'm using snmptrapd and get link up/down from a Nortel Networks switch:
> The snmptrapd logs the traps in the logfile. But sometime, the value
> from the MAC-Address is misinterpreted (as string, eg. "`s\\/c(")
> In the network capture from tcpdump, the bytecode from a working trap
> and a not working trap looks like the same, except the bytes from the
> MAC itself.
>
> Working trap:
> 10.32.12.240(via UDP: [10.32.12.240]:4682->[10.216.17.90]) TRAP, SNMP
> v1, community public#012#011.1.3.6.1.4.1.45.1.6.2.1 Enterprise
> Specific Trap (5) Uptime:
> 48:17:31:03.16#012#011.1.3.6.1.4.1.45.1.6.5.3.12.1.1.1.2 =
> 1#011.1.3.6.1.4.1.45.1.6.5.3.12.1.2.1.2 =
> 2#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.2 = "50 26 90 9E 66 44 "
>
>
> Not working trap with wrong interpreted MAC:
> 10.22.2.240 (via UDP: [10.22.2.240]:2925->[10.216.17.90]) TRAP, SNMP
> v1, community public#012#011.1.3.6.1.4.1.45.1.6.2.1 Enterprise
> Specific Trap (5) Uptime:
> 33:21:06:58.47#012#011.1.3.6.1.4.1.45.1.6.5.3.12.1.1.1.22 =
> 1#011.1.3.6.1.4.1.45.1.6.5.3.12.1.2.1.22 =
> 22#011.1.3.6.1.4.1.45.1.6.5.3.12.1.3.1.22 = "`s\\/c("
>
>
> I straced the snmptrapd while recvmsg:
> recvmsg(8, {msg_name(16)={sa_family=AF_INET, sin_port=htons(3705),
> sin_addr=inet_addr("10.22.2.240")},
> msg_iov(1)=[{"0t\2\1\0\4\6public\244g\6\n+\6\1\4\1-\1\6\2\1@\4\n\26\2\360\2\1\6\2\1\5C\4\21\201\\V0G0\24\6\17+\6\1\4\1-\1\6\5\3\f\1\1\1\26\2\1\0010\24\6\17+\6\1\4\1-\1\6\5\3\f\1\2\1\26\2\1\0260\31\6\17+\6\1\4\1-\1\6\5\3\f\1\3\1\26\4\6`s\\/c(\5\21\1\5\4\0\4\6\0\37<\262\205w\1\1\3\1\2\1\1\1\3\201\23\2\1\23\0
>
>
> I also installed the needed MIBs in /usr/share/snmp/mibs
> - S5-ROOT-MIB.mib
> - SYNOPTICS-ROOT-MIB.mib
> and started the snmptrapd with -m ALL. But nothing changed (I used
> strace -f -e open to exterminate, if the MIBs are loaded).
> With this MIBs, I can use
>
> snmptranslate -m ALL .1.3.6.1.4.1.45.1.6.2.1
> S5-ROOT-MIB::s5EthTrap
>
> What is going wrong, does anyone has a clue?
>
> Thanks, Meike
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> ___
> Net-snmp-users mailing list
> [email protected]
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
