RE: nsNotifyRestart traps generated in place of link up/down.
2019-02-11
Thread
Kiran Kumar Pamula -X (kpamula - HCL TECHNOLOGIES LIMITED at Cisco) via Net-snmp-users
Hi Experts, Could you kindly help with your inputs on this and how to recover from the problem. Thanks, Kiran From: Kiran Kumar Pamula -X (kpamula - HCL TECHNOLOGIES LIMITED at Cisco) Sent: 08 February 2019 23:49 To: 'net-snmp-users@lists.sourceforge.net' Cc: Sreenivasa Reddy Pappuri -X (spappuri - HCL TECHNOLOGIES LIMITED at Cisco) ; Apparao Podile -X (apodile - HCL TECHNOLOGIES LIMITED at Cisco) ; Mathuvappan Sokkalingam -X (msokkali - HCL AMERICA INC at Cisco) ; Naresh Pindukuru -X (narpindu - HCL TECHNOLOGIES LIMITED at Cisco) ; Saravanan Adhikesavan -X (sadhikes - HCL TECHNOLOGIES LIMITED at Cisco) ; Kondalraj Kosalram -X (kkosalra - HCL TECHNOLOGIES LIMITED at Cisco) Subject: nsNotifyRestart traps generated in place of link up/down. Hi Experts, In our product we are using Net-snmp 5.7.3 and today a customer is hitting a strange issue with some undesired nsNotifyRestart traps being generated, in place of link up/down traps, when performed shut/noshut operations on selected intetrface. Here is the SNMP v1 config Used by Customer: snmp-server host x.y.z.w snmpComm1ab snmp-server enable traps snmp linkup snmp-server enable traps snmp linkdown Here is the Unwanted nsNotifyRestart trap getting generated when performed interface shut/noshut operations 2019-02-08 17:07:19 x.x.x.x(via UDP: [x.x.x.x]:x->[x.x.x.x]:x) TRAP, SNMP v1, community snmpComm1ab NET-SNMP-MIB::netSnmpNotificationPrefix Enterprise Specific Trap (NET-SNMP-AGENT-MIB::nsNotifyRestart) Uptime: 0:00:05.44 Any thoughts when "nsNotifyRestart" traps are generated and why they are blocking the expected link up/down traps here ? And how to proceed forward on this case with customer ? Could you please advise. Thanks, Kiran ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Unsubscribe
___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Problem sending traps
Greetings, Our trap sink parameters are modified per 2 MIB entries, one for the IP address and one for the port. We would like to set the trap sink programmatically on powerup and when we receive an snmp request. On powerup and every time we receive a request to change the trap sink IP address or port, we parse the snmpd.conf file to get the username, authentication and privacy protocols and passwords. Our snmpd.conf file looks like this: # setup authorization CreateUser myUserName SHA "myAuthenticationPassword" AES " myPrivacyPassword " rwuser myUserName authPriv # include Agentx setup master agentx authtrapenable 1 And our code to set the trap session on power up, is written in C++ and is as follows: bool TrapSession::createSnmpV3TrapSession() { std::stringstream connectingString; netsnmp_session session, *sesp; memset(&session, 0, sizeof(netsnmp_session)); snmp_sess_init (&session); // Set up defaults session.version = SNMP_VERSION_3; // Peer name std::stringstream connectionString; connectionString << "udp6:[" << ipV6AddressAsString << "]:" << sinkPort; session.peername = strdup(connectionString.str().c_str()); // set the SNMPV3 user name session.securityName = strdup( userName.c_str()); session.securityNameLen = strlen(userName.c_str()); // Security session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV; session.securityModel = SNMP_SEC_MODEL_USM; // Authentication Protocol session.securityAuthKeyLen = USM_AUTH_KU_LEN; session.securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol, USM_AUTH_PROTO_SHA_LEN); session.securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN; if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (const uint8_t *) authenticationPassword.c_str(), authenticationPassword.length(), session.securityAuthKey, &session.securityAuthKeyLen) != SNMPERR_SUCCESS) { LOG_ERROR("Error generating authentication KU for authentication password: " << authenticationPassword); return false; } // Privacy Protocol session.securityPrivKeyLen = USM_PRIV_KU_LEN; session.securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol, USM_PRIV_PROTO_AES_LEN); session.securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN; if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (const uint8_t *)privacyPassword.c_str(), privacyPassword.length(), session.securityPrivKey, &session.securityPrivKeyLen) != SNMPERR_SUCCESS) { LOG_ERROR("Error generating privacy KU for privacy password: " << privacyPassword); return false; } // open the session sesp = snmp_open(&session); if (!sesp) { LOG_ERROR("Unable to open a trap session to: " << session.peername << " with user: " << userName); throw std::runtime_error("Unable to open SNMP session!"); return false; } add_trap_session(sesp, SNMP_MSG_TRAP2, FALSE, SNMP_VERSION_3); return true; } However, we are getting this error: [SNMP 3] : snmpd: send_trap: USM unknown security name (no such user exists) What are we doing wrong? If we add this line to the snmpd.conf and not use the above-mentioned code, we have no problem sending traps. trapsess -v 3 -u myUserName -l authPriv -a SHA -A " myAuthenticationPassword " -x AES -X " myPrivacyPassword " udp6:[2001:bb::f8]:162 Thanks, Mostafa ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users