Re: Cannot Process SNMP Traps

Russ Woodman Wed, 29 Dec 2004 15:02:06 -0800

Dave,

Thanks for the update. However, using the options to snmptrapd below, it would appear that snmptrapd is in fact receiving the packets. The hex dumps from /var/log/syslog are shown below. Apparently there is some other problem. I'm not sure what the pre-parse fail means, but I just know that even though snmptrapd is receiving trap packets, it is doing nothing at all with them (except, apparently, discarding them).

Regards,
Russ

Dec 29 16:59:02 ldhl-sentry snmptrapd[4146]: Starting snmptrapd 5.1.2 Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: Received 123 bytes from 205.167.142.15 Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0000: 30 79 02 01 00 04 05 4E 61 74 63 6F A4 6D 06 09 0y.....Natco.m.. Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0016: 2B 06 01 04 01 09 01 81 5F 40 04 CD A7 8E 0F 02 [EMAIL PROTECTED] Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0032: 01 02 02 01 00 43 04 0E AF D0 0E 30 4E 30 0F 06 .....C.....0N0.. Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0048: 0A 2B 06 01 02 01 02 02 01 01 02 02 01 02 30 14 .+............0. Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0064: 06 0A 2B 06 01 02 01 02 02 01 02 02 04 06 41 54 ..+...........AT Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0080: 4D 32 2F 30 30 0F 06 0A 2B 06 01 02 01 02 02 01 M2/00...+....... Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0096: 03 02 02 01 1E 30 14 06 0C 2B 06 01 04 01 09 02 .....0...+...... Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: 0112: 02 01 01 14 02 04 04 64 6F 77 6E .......down Dec 29 16:59:49 ldhl-sentry snmptrapd[4146]: Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: Received 236 bytes from 205.167.142.15 Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0000: 30 81 E9 02 01 00 04 05 4E 61 74 63 6F A4 81 DC 0.......Natco... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0016: 06 06 2B 06 01 04 01 09 40 04 CD A7 8E 0F 02 01 [EMAIL PROTECTED] Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0032: 06 02 01 01 43 04 0E AF D2 61 30 81 BF 30 12 06 ....C....a0..0.. Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0048: 0D 2B 06 01 04 01 09 02 09 03 01 01 02 01 02 01 .+.............. Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0064: 05 30 21 06 1C 2B 06 01 02 01 06 0D 01 01 81 4D .0!..+.........M Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0080: 81 27 81 0E 0F 17 81 4D 81 27 81 0E 81 16 83 D2 .'.....M.'...... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0096: 4E 02 01 04 30 24 06 1E 2B 06 01 04 01 09 02 06 N...0$..+....... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0112: 01 01 05 81 4D 81 27 81 0E 0F 17 81 4D 81 27 81 ....M.'.....M.'. Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0128: 0E 81 16 83 D2 4E 02 02 08 6E 30 24 06 1E 2B 06 .....N...n0$..+. Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0144: 01 04 01 09 02 06 01 01 01 81 4D 81 27 81 0E 0F ..........M.'... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0160: 17 81 4D 81 27 81 0E 81 16 83 D2 4E 02 02 00 A5 ..M.'......N.... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0176: 30 24 06 1E 2B 06 01 04 01 09 02 06 01 01 02 81 0$..+........... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0192: 4D 81 27 81 0E 0F 17 81 4D 81 27 81 0E 81 16 83 M.'.....M.'..... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0208: D2 4E 02 02 06 33 30 14 06 0C 2B 06 01 04 01 09 .N...30...+..... Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]: 0224: 02 09 02 01 12 02 04 04 72 75 73 73 ........russ Dec 29 16:59:55 ldhl-sentry snmptrapd[4146]:

Dave Shield wrote:

When I run snmptrapd with the options specified below, I get:

read_config:traphandle: registering handler for: default
2004-12-15 13:20:19 NET-SNMP version 5.1.2 Started.

When I send a trap.....
There is no debugging output at all.

That would tend to imply that the trap handler is not actually
receiving these traps.  Either because it's not receiving them
at all, or because of that "pre-parse fail" problem.

I know the packets are being received because tcpdump shows them

That doesn't necessarily mean that the traps are being received by
the trap handler.

I'd check this by running
         "snmptrapd -f -Lo -d"
              and seeing whether the incoming traps are dumped
(which happens *before* any trap handling processing is done)

If you don't see the incoming packet dumps, then have a look at
any firewall filtering that might be done.  If you do, then
have a look at the /etc/hosts.{allow,deny} files.  I'm wondering
whether there is some tcp wrapper filtering that's rejecting these
traps.

Dave


--
Russ Woodman
Systems Administrator
Northern Arkansas Telephone Co.
PO Box 209
Flippin AR 72634
+1-870-453-8811 (Tel)
+1-870-453-9286 (Fax)


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Cannot Process SNMP Traps

Reply via email to