Geoff Kingsmill | 1 Sep 04:27 2014
Picon

snmptrapd snmpv3 trap forwarding

NET-SNMP version 5.7.2.1.

 

I currently have an snmp trap relay configured for SNMPv1. All configured devices send traps to the trap relay. The trap relay running snmptrapd then forwards these traps to the required trap receivers. This all works nicely.

 

I now have a security requirement to migrate to SNMPv3. If I configure the snmp trap sender to send traps directly to the trap receiver (HP NNM or HP SIM) then everything works as expected after configuring the just the SNMPv3 username and password.

 

Ideally I would like to configure the existing trap relay running snmptrapd to also forward SNMPv3 traps. I have added the line "createUser myuser MD5 "mypassword" DES "mypassword" to snmptrapd.conf. The snmp trap sender is configured with the same credentials. If the trap sender is configured with a dummy EngineID of say 0x0102030405 then snmptrapd forwards the trap to the trap receiver. If the EngineID on the trap sender is not manually defined then the EgineID on the test trap sender I am using  is "0x80001f888003440000c1c40355". If I leave the EngineID undefined on the trap sender or manually set the EngineID to the default value, then snmptrapd will only forward the trap when I add the EngineID to the createUser line in snmptrapd.conf. For example "createUser -e 0x80001f888003440000c1c40355 myuser MD5 "mypassword" DES "mypassword".

 

Why does the trap relay running snmptrapd require an EngineID yet the trap receiver work without having to define a corresponding EngineID?



Why does the trap relay not require an EngineID when the trap sender has an EngineID of say 0x0102030405 but does require an EngineID when the EngineID is similar to "0x80001f888003440000c1c40355"?



Do I really need to add a unique createUser EngineID for every SNMPv3 trap sender or is there a way to configure the trap relay to forward traps using just the username and password credentials and ignore the EngineID. Alternatively is there a way to simply forward all traps received on port 162 without the need for any authentication?



Thanks,

Geoff.

 

 

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Miguel Angel Torres Santos | 29 Aug 12:46 2014
Picon

How to get vendor MIB when snmpwalk from "enterprises"

Hi all,

I've been looking around about how to add a enterprise MIB into the tree MIB of a linux server, but I don't know if I'm asking with the adequate question or might it is not possible what I want. 

I have developed with perl an agent which is working well and also I have defined a MIB in SMI v1, so I can query for elements names also. The agent manage the OID  iso.3.6.1.4.1.34567 (It's an example), an enterprises branch.   

What I want is to get my enterprise MIB when I snmpwalk starting from "enterprises" (.1.3.6.1.4.1). Now when I launch: 

snmpwalk -On -v2c -c public localhost enterprises


I get:

.1.3.6.1.4.1.2021.2.1.1.1 = INTEGER: 1

.1.3.6.1.4.1.2021.2.1.1.2 = INTEGER: 2

.1.3.6.1.4.1.2021.2.1.1.3 = INTEGER: 3

....

....

....

.1.3.6.1.4.1.8072.1.2.1.1.4.0.1.0.0 = STRING: 

.1.3.6.1.4.1.8072.1.2.1.1.4.0.1.1.0 = STRING: 

.1.3.6.1.4.1.8072.1.2.1.1.4.0.1.2.0 = STRING: 

.1.3.6.1.4.1.8072.1.2.1.1.4.0.7.1.3.6.1.2.1.4.127 = STRING: ip

....

....

....


.1.3.6.1.4.1.8072.1.9.1.1.5.15.103.114.112.105.110.116.101.114.110.97.108.85.115.101.114.0.3.2.6.110.111.116.105.102.121 = INTEGER: active(1)


So ¿where is my the MIB branch of my company (34567)? it would be after 8072 ¿wouldn't be?


¿It's posible to do what I want?


 I have added the next line to the snmp.conf

mibs +MY-ENTERPRISE-MIB

so the MIB is loaded by the tools, so when I ask for an element of MY-ENTERPRISE-MIB  I have the correct answer.

Thanks in advance,
Miguel
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Peter Kaagman | 28 Aug 14:03 2014
Picon

Formating the return value

Hi there list,

 

I’ve been toying around with an example script I’ve found online (thank you rhys) which uses the Perl SNMP module and was wondering a bit about the formatting of the return value

 

Say I query a meru controller for mwApOperationalState I get a list of values for the different devices controlled by the device

 

Setting “UseEnum” or “UseSprintValue” to 0 wil give me an integer (0,1,2,… depending on the state)

Setting “UseEnum” or “UseSprintValue” to 1 wil give me  the integer translated to a string (unknown, online, unlicensed and so on)

 

The integer value is just fine for logging purposed (use RRD fort hat), but for a userinterface te translated value is mucht nices.

 

When running a query from the command line wil give a value like Online (1)

 

So I started looking for a way to controll the format returned myself. Found params like VarFormats and TypeFormats which seem to promise tob e just what I would like to do. But I can’t make head or tail from the description in the Man page.

 

Does anyone of you have a – pointer to – example on how to do this, how to use the VarFormats or TypeFormats?

 

Peter

 

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Muharrem AYDIN | 23 Aug 20:27 2014

snmptrapd problem

Hi,

 

My problem with the SNMP-Trap. snmptt active THAT I said though there is an error log, do not fix it. 

I'm running snmptt service in the following way. 

 

/etc/init.d/snmptt restart 

Restarting SNMP trap translator: snmpttPID file: /var/run/snmptt.pid

.

 

 

 

and 

 

/etc/init.d/snmpd restart

Restarting network management services: snmpd.

 

 

Log :

 

/var/log# nano snmptrapd.log

 

 

2014-07-29 07:39:57 192.168.200.181 [UDP: [192.168.200.181]:54394->[192.168.200.244]]:

iso.3.6.1.2.1.1.3.0 = Timeticks: (89493698) 10 days, 8:35:36.98 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.6.3.1.1.5.5    iso.3.6.1.4.1.9.2.1.5.0 = IpAddress: 192.168.200.4      iso.3.6.1.4.1.9.9.412.1.1.1.0 $

2014-07-30 07:39:47 192.168.200.181 [UDP: [192.168.200.181]:54394->[192.168.200.244]]:

iso.3.6.1.2.1.1.3.0 = Timeticks: (98097897) 11 days, 8:29:38.97 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.6.3.1.1.5.5    iso.3.6.1.4.1.9.2.1.5.0 = IpAddress: 192.168.200.4      iso.3.6.1.4.1.9.9.412.1.1.1.0 $

2014-07-31 07:30:27 NET-SNMP version 5.4.3 Stopped.

Stopping snmptrapd

 

 

Do you have a solution, this issue recommendations

 

Thanks

 

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Muharrem Aydin | 22 Aug 10:47 2014

SNMP-Trap Eror

Hi,

My problem with the SNMP-Trap. snmptt active THAT I said though there is an error log, do not fix it. 
I'm running snmptt service in the following way. 

/etc/init.d/snmptt restart 
Restarting SNMP trap translator: snmpttPID file: /var/run/snmptt.pid
.


and 

/etc/init.d/snmpd restart
Restarting network management services: snmpd.


Log :

/var/log# nano snmptrapd.log


2014-07-29 07:39:57 192.168.200.181 [UDP: [192.168.200.181]:54394->[192.168.200.244]]:
iso.3.6.1.2.1.1.3.0 = Timeticks: (89493698) 10 days, 8:35:36.98 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.6.3.1.1.5.5    iso.3.6.1.4.1.9.2.1.5.0 = IpAddress: 192.168.200.4      iso.3.6.1.4.1.9.9.412.1.1.1.0 $
2014-07-30 07:39:47 192.168.200.181 [UDP: [192.168.200.181]:54394->[192.168.200.244]]:
iso.3.6.1.2.1.1.3.0 = Timeticks: (98097897) 11 days, 8:29:38.97 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.6.3.1.1.5.5    iso.3.6.1.4.1.9.2.1.5.0 = IpAddress: 192.168.200.4      iso.3.6.1.4.1.9.9.412.1.1.1.0 $
2014-07-31 07:30:27 NET-SNMP version 5.4.3 Stopped.
Stopping snmptrapd

Do you have a solution, this issue recommendations

Thanks
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Matt Kappel | 21 Aug 03:05 2014
Picon

Can not find "/usr/include/net-snmp/net-snmp-config.h". The net-snmp development files seems to be missing.

Hello,

I'm very much an SNMP noob, but I would like to implement a subagent for a custom device.  I'm running into an issue while trying to do the agentx subagent tutorial[1]  where I get the following error:

> net-snmp-config --cflags
Can not find "/usr/include/net-snmp/net-snmp-config.h". The net-snmp development files seems to be missing. Exiting
-DNETSNMP_ENABLE_IPV6 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing -fstack-protector-all -Ulinux -Dlinux=linux -I/usr/include/rpm -D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -DDEBUGGING -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi/CORE -I. -I/usr/include

I'm running on SUSE Linux Enterprise Server 11 SP 3, and I'm using the following rpms:

snmp-mibs-5.4.2.1-8.12.20.1
perl-SNMP-5.4.2.1-8.12.20.1
libsnmp15-5.4.2.1-8.12.20.1
net-snmp-5.4.2.1-8.12.20.1

I would like to be able to use the provided rpm for the server if possible.  Is there a way to avoid having to install from source perhaps by 'reconstructing' the necessary headers?

Thanks,
Matt

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Yurkov, Vyacheslav | 20 Aug 09:00 2014

How to use variables list in Net-SNMP library

Hi,

I'm doing some stuff with Net-SNMP library. Basically what I do is based on the sample application Simple_Application. What is not clear for me though is that part of code:

for (vars = response->variables; vars; vars = vars->next_variable) {

   // process variable

}

I did a lot of testing, read this post as well and it seems to me that you mostly get a scalar value with SNMP request. So the question is: when can you get more than one variable as a response?

Thanks.

--

Yours sincerely,

Vyacheslav Yurkov

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Roger Meier | 19 Aug 17:00 2014
Picon

Support for ipv6AddrTable missing in Net-SNMP agent?

Hi SNMP users,

It seems that the agent supports the ipv6Interfaces MIB, but not the ipv6AddrTable MIB.

I tried this using the following versions:

- Net-SNMP 5.7.2.1 on a home brewed Linux, the daemon built from source,
- Net-SNMP 5.4.3 on Ubuntu, using the packages which come with 12.04.

First the ipv6Interfaces:

# snmpwalk -mALL -Os -v 3 -p 234 -t 6 -u <deleted> -l authPriv -a MD5 -A <deleted> -x DES -X <deleted>
172.27.x.x .1.3.6.1.2.1.55    
ipv6Forwarding.0 = notForwarding(2)
ipv6DefaultHopLimit.0 = 64
ipv6Interfaces.0 = Gauge32: 4
ipv6IfDescr.1 = lo
ipv6IfDescr.2 = eth0
[...]
ipv6IfLowerLayer.1 = OID: zeroDotZero
ipv6IfLowerLayer.2 = OID: zeroDotZero
[...]
ipv6IfEffectiveMtu.1 = Gauge32: 16436 octets
ipv6IfEffectiveMtu.2 = Gauge32: 1500 octets
[...]
ipv6IfPhysicalAddress.1 = 
ipv6IfPhysicalAddress.2 = 0:c:29:13:9b:5e
[...]
ipv6IfAdminStatus.1 = up(1)
ipv6IfAdminStatus.2 = up(1)
[...]
ipv6IfOperStatus.1 = up(1)
ipv6IfOperStatus.2 = up(1)
[...]

As one would expect.  But the ipv6AddrTable is missing:

# snmpwalk -mALL -Os -v 3 -p 234 -t 6 -u <deleted> -l authPriv -a MD5 -A <deleted> -x DES -X <deleted>
172.27.x.x .1.3.6.1.2.1.55.1.8
ipv6AddrTable = No Such Object available on this agent

Is it really true that the ipv6AddrTable is not supported by the Net-SNMP 5.7.2.1 agent, or am I missing something?

Thanks for any hint.

Regards

-- Roger
Attachment (smime.p7s): application/pkcs7-signature, 3878 bytes
------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Dhanasekaran Anbalagan | 18 Aug 02:10 2014
Picon

How to find what are the modules loaded in net-snmp

Hi Guys,

I am new to net-snmp project. I like now know what are modules loaded in net-snmp. I installed via source code compilation, I seen lot's modules will available.

net-snmp-5.7.2.1/agent/mibgroup

Please guide me.

-Dhanasekaran.

Did I learn something today? If not, I wasted it.
------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Vince Hurst | 13 Aug 19:32 2014

SNMPSET data resets on hardware reboot

I can set data fine.  (ie:  sysName.0 ; sysContact.0 ; sysLocation.0) When I re-probe the devices with my NMS, the data I set shows up. However, if I reboot the device, the data fields return to the default values.

 

I’ve seen this with a couple different devices. The example I’ll use in this case is a Vivotek IP8133 IP Camera (firmware: 0200a).

 

I tried using the device’s web GUI “Save” button to save the current configuration to the device while the data was active, but it still clears.

 

Are there any SNMP commands to invoke a “Save”? Someone must have run into this before. Suggestion? Thanks!

 

-Vince

------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Bill Fenner | 11 Aug 15:32 2014
Picon
Picon

Re: [net-snmp:bugs] #2567 Unknown Security Model

On Fri, Aug 8, 2014 at 3:11 AM, Ajay Tiwari <ajay-ti <at> users.sf.net> wrote:

[bugs:#2567] Unknown Security Model

Status: open
Group: 64-bit
Created: Fri Aug 08, 2014 07:11 AM UTC by Ajay Tiwari
Last Updated: Fri Aug 08, 2014 07:11 AM UTC
Owner: nobody

The bug tracker is not a place to get support. Try the mailing list as mentioned at https://sourceforge.net/projects/net-snmp/support or http://www.net-snmp.org/support/

When I am sending the trap using command line, I am getting the error in My Application as "Unknown Security Model : 3". My application code uses net-snmp library.

Are you sure you are linking against the right version of the library?  Could you accidentally have different versions installed, perhaps one that doesn't support USM?

  Bill

------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Gmane