snmptrapd catch and forward?
Hi All, I've got a pair of servers behind a load balancer which I'm using to process a very large volume of traps... in the order of 1.5 million per day. I want to also forward a subset of these back to a third party vendor black box, which does some additional processing, but it seems that my configuration in snmptrapd isn't working for this. My configuration looks like this... note the line commented out - this is what I don't want to go to the black box. traphandle 1.3.6.1.4.1.193.72.* /some/custom/script traphandle 1.3.6.1.4.1.193.109.* /some/custom/script forward 1.3.6.1.4.1.193.72.300.1.* vendor-black-box forward 1.3.6.1.4.1.193.72.300.10.2.1.* vendor-black-box forward 1.3.6.1.4.1.193.72.300.10.2.2.* vendor-black-box forward 1.3.6.1.4.1.193.72.300.10.2.3.* vendor-black-box forward 1.3.6.1.4.1.193.72.300.20.* vendor-black-box forward 1.3.6.1.4.1.193.72.300.35.* vendor-black-box #forward 1.3.6.1.4.1.193.72.300.50.* vendor-black-box forward 1.3.6.1.4.1.193.72.400.* vendor-black-box forward 1.3.6.1.4.1.193.72.600.* vendor-black-box forward 1.3.6.1.4.1.193.72.602.* vendor-black-box forward 1.3.6.1.4.1.193.72.700.* vendor-black-box forward 1.3.6.1.4.1.193.72.800.* vendor-black-box forward 1.3.6.1.4.1.193.72.850.* vendor-black-box forward 1.3.6.1.4.1.193.72.900.* vendor-black-box forward 1.3.6.1.4.1.193.72.1000.* vendor-black-box forward 1.3.6.1.4.1.193.72.1200.* vendor-black-box forward 1.3.6.1.4.1.193.72.1400.* vendor-black-box forward 1.3.6.1.4.1.193.109.* vendor-black-box Are there any options in snmptrapd that will allow the above traps to forward correctly? Additionally, if there was some way to specify everything *but* the OID commented above is to be forwarded, that would help significantly. Thanks -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
5.3.3.rc2 available
This ia a list of specific bugs that have been fixed, and patches that have been applied in released versions. Please see the NEWS file for a summary of the major changes, and the ChangeLog file for a comprehensive listing of all changes made to the code. *5.3.3.rc2* snmplib: - [PATCH 2505488]: to fix alarms not being triggered at the right times due to large clock skews. build: - [BUG 2782700]: build failure when using --with-pkcs on Solaris - [PATCH 2184039]: misc fixes for freeing memory during error conditions. mib2c: - [PATCH 2136437]: make FLAG defines more 64bit friendly when huge tables are encountered perl: - [PATCH 2361712]: to fix getbulk optimization during walks where end conditionns are met on middle OIDs first. ports: - [PATCH 2688342]: to fix various compiler warnings solaris: - [PATCH 2012404]: deal with more than 10 interfaces. New hardcoded limit is 50. A better scaling patch would be appreciated :-) AIX: - [BUG 2712670]: Agent crashes on AIX with hrStorage HP: - UX: BUG: 2779472: Filesystems missing in hrStorage table on HP-UX 11.31 (allow for mnttab that is a character special device) Solaris: - [PATCH 2751588]: Inconsistent data (e.g. UDP/TCP MIB scalar values of zero) can be reported on Solaris 10U4+ Patch provided by Anders Persson -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: problem using snmp_parse_args
string, security name or the two pass phrases).
This is to avoid them being visible in the output of "ps" or in core dumps.
Untested, but you might want to try setting the first parameter
to be "snmpd-proxy". This will suppress the clearing of these
sensitive parameters.
(We could perhaps do with a better way to handle this!)
char com[] = "public";
char *argv[] = {"snmpd-proxy", "-v", "1", "-c", com, "172.22.92.10", "", "6",
"17", "", "", "MY-TEST-GRP::myLocation", "s", "HERE", "MY-TEST-GRP::myId", "i",
"1000"}; // 17 args
After the call to snmp_parse_args, I observed that the stack frame gets
corrupted.
I tried passing "snmpd-proxy" as the first parameter. But that didn't help
either.
As a workaround, I am saving the argv pointer and using that later.
But now I am not able to send an enterprise specific trap with arguments as
shown in argv above.
It fails to resolve the MY-TEST-GRP::myLocation and I get the following error:
MY-TEST-GRP::myLocation: Unknown Object Identifier
(MY-TEST-GRP::myLocation)
I even tried adding the MIB file to snmp.conf.
Am I missing out something in the request or am I not giving it correctly?
Regards,
Vinod
http://www.mindtree.com/email/disclaimer.html
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: subagent and EndOfSubtree event
2009/5/20 Sergey Matveychuk : >> This should be handled automatically by the subagent framework. >> All your MIB module handler typically needs to do is return without >> setting a value. > > I've tried it, but snmpwalk got a timeout: > > NET-SNMP-MIB::netSnmp.2.1.2.0.5.98 = INTEGER: 0 > NET-SNMP-MIB::netSnmp.2.1.2.0.5.99 = INTEGER: 0 > Timeout: No Response from localhost Hmmm What range of OIDs is your subagent registering for? What comes next in the MIB tree? I've also checked the NET-SNMP-EXAMPLES-MIB, and netSnmp.2.1.2 is a scalar object (netSnmpExampleSleeper) So the output above doesn't really make sense. You should be seeing netSnmp.2.1.1.0 netSnmp.2.1.2.0 netSnmp.2.1.3.0 netSnmp.2.2.1.1.2."name" etc or something similar. Anyway, what happens if you do "snmpgetnext" on netSnmp.2.1.2.1 ? (both with and without your subagent running) Dave -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: subagent and EndOfSubtree event
Dave Shield wrote: > 2009/5/20 Sergey Matveychuk : >> What is a correct way to say we're reached End Of Subtree by subagent >> for GETNEXT request? > > Return the 'endOfMibView' exception - see RFC 2741, section 7.3.2.2. > > This should be handled automatically by the subagent framework. > All your MIB module handler typically needs to do is return without > setting a value. I've tried it, but snmpwalk got a timeout: NET-SNMP-MIB::netSnmp.2.1.2.0.5.98 = INTEGER: 0 NET-SNMP-MIB::netSnmp.2.1.2.0.5.99 = INTEGER: 0 Timeout: No Response from localhost Waiting is even worse than immediately returns with an error. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: subagent and EndOfSubtree event
2009/5/20 Sergey Matveychuk : > What is a correct way to say we're reached End Of Subtree by subagent > for GETNEXT request? Return the 'endOfMibView' exception - see RFC 2741, section 7.3.2.2. This should be handled automatically by the subagent framework. All your MIB module handler typically needs to do is return without setting a value. Dave -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
subagent and EndOfSubtree event
Hi! What is a correct way to say we're reached End Of Subtree by subagent for GETNEXT request? Most natural way I see - to return error. But it does not look good by snmpwalk: NET-SNMP-MIB::netSnmp.2.1.2.0.5.98 = INTEGER: 0 NET-SNMP-MIB::netSnmp.2.1.2.0.5.99 = INTEGER: 0 NET-SNMP-MIB::netSnmp.2.1.2.0.5.99 = No Such Instance currently exists at this OID OK. I opened snmpwalk sources and made a hack - decremented BaseOID length (with snmp_set_var_objid()). snmpwalk looks good with it: NET-SNMP-MIB::netSnmp.2.1.2.0.5.98 = INTEGER: 0 NET-SNMP-MIB::netSnmp.2.1.2.0.5.99 = INTEGER: 0 But php-snmp's snmprealwalk() drives crazy - loops forever. What is a correct way to say we're out of band? -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: problem using snmp_parse_args
2009/5/19 Vinod Nanjaiah :
> When control comes to snmp_parse_args, it messes up the argc and argv
> parameters and the
> program seg faults at a later point when the argv is referenced.
> This is the argv that I am using
>
> char com[] = ”public”;
> char *argv[] = {"", "-v", "1", "-c", com, "172.22.92.10", "", "", "2", "",
> ""};
I've had a quick look at the code for snmp_parse_args.
The most likely issue here is that this routine attempts to
zero out "sensitive" parameters (such as the community
string, security name or the two pass phrases).
This is to avoid them being visible in the output of "ps" or in core dumps.
Untested, but you might want to try setting the first parameter
to be "snmpd-proxy". This will suppress the clearing of these
sensitive parameters.
(We could perhaps do with a better way to handle this!)
Dave
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
