RE: Problem with snmptrap
>I don't think that this is the problem - I've had a quick look at the 5.6.x >code >that displays the source/destination addresses, and this appears to be >hardcoded to be"remote -> local" (i.e. the correct order for dumping >*received* traffic, but the wrong order for sending). > >The thing that springs out in your dump is the port number being used. > >The 5.4.x version is fine: >> Sending 110 bytes to UDP: [0.0.0.0]->[172.22.227.66]:162 > >but the 5.6.x version is using the 'query' port of 161 >> Sending 111 bytes to UDP: [172.22.227.66]:161->[0.0.0.0]:0 > >It's possibly worth specifying the port explicitly (i.e. $trap_dest:162) >[Though that doesn't explain why this should be necessary] > > >Give that a go, and let us know if it makes a difference > >Dave Adding :162 to the $trap_dest variable (traptarget:162) did result in correct behavior. I've not found anything in any of the config files that would indicate an over-ride. The source in the 5.6.1.rc2 /include directory does have: ./net-snmp/library/snmp.h:#define SNMP_TRAP_PORT162 /* standard UDP port for SNMP Though I don't see where in snmptrap code that gets used in either version Very odd! Thanks for your help - if there's someplace else to look to try to understand why adding the :162 is necessary, please let me know. Al T. Rowe Price (including T. Rowe Price Group, Inc. and its affiliates) and its associates do not provide legal or tax advice. Any tax-related discussion contained in this e-mail, including any attachments, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding any tax penalties or (ii) promoting, marketing, or recommending to any other party any transaction or matter addressed herein. Please consult your independent legal counsel and/or professional tax advisor regarding any legal or tax issues raised in this e-mail. The contents of this e-mail and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or privileged information. Any unauthorized use, copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On 14 August 2012 21:06, Sorrell, Al wrote: > Anyone seen anything like this before using snmptrap? I have an app running on > Solaris8 NET-SNMP 5.4.2.1 (I know it's old - that system is going away) which > seems to > work correctly, but under Solaris 10/NET-SNMP V5.6.1rc2 it fails. It appears > that snmptrap > is using the destination as the source and leaving the destination blank > according > to the -d packet dump. I don't think that this is the problem - I've had a quick look at the 5.6.x code that displays the source/destination addresses, and this appears to be hardcoded to be"remote -> local" (i.e. the correct order for dumping *received* traffic, but the wrong order for sending). The thing that springs out in your dump is the port number being used. The 5.4.x version is fine: > Sending 110 bytes to UDP: [0.0.0.0]->[172.22.227.66]:162 but the 5.6.x version is using the 'query' port of 161 > Sending 111 bytes to UDP: [172.22.227.66]:161->[0.0.0.0]:0 It's possibly worth specifying the port explicitly (i.e. $trap_dest:162) [Though that doesn't explain why this should be necessary] Give that a go, and let us know if it makes a difference Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: Problem with snmptrap
> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Eduardo Saavedra Cea > I tried to configure ACCESS CONTROL with the follow lines in the > snmpd.conf file: The snmptrapd is configured in the snmptrapd.conf file, not snmpd.conf. You can test this: condor:/etc/snmp # snmptrapd -m all -Le -f -d -C -c snmpd.conf HTH, Mike - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
First al all thanks for your help.
But the problem is yet unresolved.
I know that my problem is ACCESS CONTROL. I read this section, but I
dont understand very well.
I found out that snmptrap loads the mibs from
/usr/local/share/snmp/mibs not /usr/share/snmp/mibs/ where I thought.
When I changed my mib I obtained the line "No access configuration -
dropping trap":
condor:~ # snmptrapd -m all -Lo -f
Warning: no access control information configured.
This receiver will *NOT* accept any incoming notifications.
NET-SNMP version 5.4
No access configuration - dropping trap.
But the problem of ACCESS CONTROL is yet unresolved.
Whit the option -d I obtain:
condor:/etc/snmp # snmptrapd -m all -Le -f -d
Warning: no access control information configured.
This receiver will *NOT* accept any incoming notifications.
NET-SNMP version 5.4
Received 52 bytes from UDP: [192.168.1.168]:1096
: 30 32 02 01 00 04 0D 7A 77 65 69 63 6F 6D 5F 6E02.zweicom_n
0016: 6F 74 61 76 A4 1E 06 0A 2B 06 01 04 01 81 97 50otav+..P
0032: 02 01 40 04 7F 00 00 01 02 01 06 02 02 01 2F 43[EMAIL PROTECTED]/C
0048: 01 00 30 00 ..0.
No access configuration - dropping trap.
I tried to configure ACCESS CONTROL with the follow lines in the
snmpd.conf file:
# sec.name source community
com2sec local localhost zweicom_notav
com2sec mynetwork 192.168.1.0/24 zweicom_notav
# Second, map the security names into group names:
# sec.model sec.name
group MyRWGroup v1 local
group MyRWGroup v2clocal
group MyRWGroup usmlocal
group MyROGroup v1 mynetwork
group MyROGroup v2cmynetwork
group MyROGroup usmmynetwork
# Third, create a view for us to let the groups have rights to:
# incl/excl subtree mask
view allincluded .1 80
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:
#context sec.model sec.level match read write notif
#access MyROGroup "" any noauthexact allnone none
#access MyRWGroup "" any noauthexact allallnone
access MyROGroup "" any authexact allallall
access MyRWGroup "" any authexact allallall
But Its doesnt work.
Thanks a lot.
On 16/07/07, Thomas Anders <[EMAIL PROTECTED]> wrote:
> Eduardo Saavedra Cea wrote:
> > I want to receive traps with snmptrapd, but It doesn't work.
> > This demon dont print anything to standar out neither to syslog when I
> > send the trap whit sendtrap:
> > snmptrap -v 1 -c zweicom_notav 192.168.1.168:162
> > .1.3.6.1.4.1.19408.2.1 localhost 6 303 .1.3.6.1.4.1.19408.1.1.2.0
> >
> > I start with:
> > condor:~ # snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf
> > NET-SNMP version 5.4
> >
> > I know the traps arrive because I try strace:
> > condor:~ # strace snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf
> > .
>
> What's the content of /etc/snmp/snmpd.conf (a somewhat strange config
> file name for snmptrapd, btw) and /etc/hosts.{allow,deny}? If you add
> "-d" to the snmptrapd invocation, does it log the incoming packet? Have
> you read the "ACCESS CONTROL" section in the snmptrapd manual page?
>
>
> +Thomas
>
> --
> Thomas Anders (thomas.anders at blue-cable.de)
>
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Thank you very very much. You are rigth. I should have read the manual better, but the information is too much that I was a bit lost. Thank you very very much again. On 17/07/07, Thomas Anders <[EMAIL PROTECTED]> wrote: Eduardo Saavedra Cea wrote: > I know that my problem is ACCESS CONTROL. I read this section, but I > dont understand very well. Are you sure you've read the *snmptrapd.conf* manual page? Because the config file you posted only contains config settings for *snmpd*. Create /etc/snmp/snmptrapd.conf with just the line authcommunity log,execute zweicom_notav and run snmptrapd as "snmptrapd -f -Le" (assumed that /etc/snmp is in your SNMPCONFPATH, see "net-snmp-config --snmpconfpath"). Now fire your trap and you should see it logged. +Thomas - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Eduardo Saavedra Cea wrote: > I know that my problem is ACCESS CONTROL. I read this section, but I > dont understand very well. Are you sure you've read the *snmptrapd.conf* manual page? Because the config file you posted only contains config settings for *snmpd*. Create /etc/snmp/snmptrapd.conf with just the line authcommunity log,execute zweicom_notav and run snmptrapd as "snmptrapd -f -Le" (assumed that /etc/snmp is in your SNMPCONFPATH, see "net-snmp-config --snmpconfpath"). Now fire your trap and you should see it logged. +Thomas - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
Eduardo Saavedra Cea wrote:
> I want to receive traps with snmptrapd, but It doesn't work.
> This demon dont print anything to standar out neither to syslog when I
> send the trap whit sendtrap:
> snmptrap -v 1 -c zweicom_notav 192.168.1.168:162
> .1.3.6.1.4.1.19408.2.1 localhost 6 303 .1.3.6.1.4.1.19408.1.1.2.0
>
> I start with:
> condor:~ # snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf
> NET-SNMP version 5.4
>
> I know the traps arrive because I try strace:
> condor:~ # strace snmptrapd -m all -f -Lo -C -c /etc/snmp/snmpd.conf
> .
What's the content of /etc/snmp/snmpd.conf (a somewhat strange config
file name for snmptrapd, btw) and /etc/hosts.{allow,deny}? If you add
"-d" to the snmptrapd invocation, does it log the incoming packet? Have
you read the "ACCESS CONTROL" section in the snmptrapd manual page?
+Thomas
--
Thomas Anders (thomas.anders at blue-cable.de)
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Wed, 2005-12-07 at 20:59 +0100, Thomas Anders wrote: > Andrei Pisau wrote: > > On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: > >>It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... > >> > > > > I have tried and it works with 5.2.1, but not with 5.2.2. > > Just in case you haven't noticed, there's an official patch for 5.2.2 > that fixes this: > >http://sf.net/support/tracker.php?aid=1374087 > I didn't notice the patch when I have sent the previous email. I have tested the patch with net-snmp version 5.2.2.pre1 and it works to send V3 TRAPs. Thank you for your quick responses and advices. signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
Andrei Pisau wrote: On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... I have tried and it works with 5.2.1, but not with 5.2.2. Just in case you haven't noticed, there's an official patch for 5.2.2 that fixes this: http://sf.net/support/tracker.php?aid=1374087 +Thomas -- Thomas Anders (thomas.anders at blue-cable.de) --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Tue, 2005-12-06 at 11:26 +0200, Andrei Pisau wrote: > Also, I have tried the latest release 5.3.pre5 and I have > problems when sending all kind of alerts. Even v1 TRAP or > V2c TRAP or INFORM are not logged, snmptrapd receives them > but some way, it discards them after some VACM checks. Yes - the 5.3 release will require explicit access configuration for the trap handler to accept traps. > I am using the simple configuration with > ro/rwcommunity in snmpd.conf. Is that not supported anymore? > Should I use only com2sec, group &co ...? No - this is nothing to do with your 'snmpd.conf' settings. What you'll need is similar entries in your 'snmptrapd.conf' file - something along the lines of authcommunity log,execute,net public We'll document this properly before 5.3 is fully released. Dave --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Wed, 2005-11-30 at 11:08 -0800, Wes Hardaker wrote: > Ok... I misdiagnosed the problem. The problem is that snmptrap > itself is complaining that the user doesn't exist, not the agent which > is what I originally thought. > > I do suspect a new bug. > > I'm going to bet it stems from the delayed engineid probing introduced > a while ago. sigh. > > It is definitely a new bug. It works in 5.1.x code, but not 5.2.x... > I have tried and it works with 5.2.1, but not with 5.2.2. Also, I have tried the latest release 5.3.pre5 and I have problems when sending all kind of alerts. Even v1 TRAP or V2c TRAP or INFORM are not logged, snmptrapd receives them but some way, it discards them after some VACM checks. I am using the simple configuration with ro/rwcommunity in snmpd.conf. Is that not supported anymore? Should I use only com2sec, group &co ...? Kind regards, Andrei Pisau signature.asc Description: This is a digitally signed message part -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
> On Wed, 30 Nov 2005 12:10:53 +0200, Andrei Pisau <[EMAIL PROTECTED]> said:
Andrei> Let me put it this way. I do the followings:
Andrei> 1. stop snmptrapd
Andrei> 2. edit /var/net-snmp/snmptrapd.conf to have
Andrei> createUser -e myengineID username MD5 authpass DES privpass
Andrei> myengineID = 0xbd224466 , I tried values even bigger, but still had the
Andrei> same result
Andrei> 3. start snmptrapd
Andrei> 4. snmpinform or snmptrap for this user doesn't work, I try this with
Andrei> the cmd:
Andrei> snmp{trap|inform} -e myengineID -v 3 -u username -a MD5 -A authpass -l
Andrei> authPriv -x DES -X privpass localhost 42 coldStart.0
Andrei> =>
Andrei> snmptrap: USM unknown security name (no such user exists) (Sub-id not
Andrei> found: (top) -> coldStart)
Ok... I misdiagnosed the problem. The problem is that snmptrap
itself is complaining that the user doesn't exist, not the agent which
is what I originally thought.
I do suspect a new bug.
I'm going to bet it stems from the delayed engineid probing introduced
a while ago. sigh.
It is definitely a new bug. It works in 5.1.x code, but not 5.2.x...
--
Wes Hardaker
Sparta, Inc.
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
On Tue, 2005-11-29 at 10:27 -0800, Wes Hardaker wrote:
> > On Tue, 29 Nov 2005 09:39:37 -0800, Wes Hardaker <[EMAIL PROTECTED]>
> > said:
>
> Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5
> Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0
>
> Wes> 1) that engineid is not a legal one... Not that it should matter much
> Wes> for our tools, as we're fairly liberal in what we accept. However,
> Wes> for others it might cause them to fail.
>
OK. For this moment I am trying to make it work on local host, but still
I don't get this correspondence user <=> engine ID. 0xbd224466 might not
be a valid value, but still is accepted.
> Wes> 2) The engineID *MUST* match the engineID of the trap receiver. It
> Wes> can't be arbitrary. do a "grep oldEngineID
> Wes> /var/net-snmp/snmptrapd.conf" and use the engineID from that line
> Wes> for *both* the createUser line and the snmptrap line.
>
> whoops. #2 is a lie. It should only match for an INFORM my bad.
>
> As long as the createuser line matches the -e switch, it should work...
>
> --
> Wes Hardaker
> Sparta, Inc.
>
Let me put it this way. I do the followings:
1. stop snmptrapd
2. edit /var/net-snmp/snmptrapd.conf to have
createUser -e myengineID username MD5 authpass DES privpass
myengineID = 0xbd224466 , I tried values even bigger, but still had the
same result
3. start snmptrapd
4. snmpinform or snmptrap for this user doesn't work, I try this with
the cmd:
snmp{trap|inform} -e myengineID -v 3 -u username -a MD5 -A authpass -l
authPriv -x DES -X privpass localhost 42 coldStart.0
=>
snmptrap: USM unknown security name (no such user exists) (Sub-id not
found: (top) -> coldStart)
As I see this steps are also in the tutorial from the site.
I have observed that if I do a createuser without -e, snmpinform
succeds, but snmptrap does not. The debug shows me that snmpinform or
snmptrap -Ci do a GET message before, snmptrap does only TRAP2 message,
and I fails to verify the user.
Can anybody explain me what I misunderstood here?
I can't make it work together, the username and the engineID.
Thanks!
signature.asc
Description: This is a digitally signed message part
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/
Re: Problem with snmptrap
> On Tue, 29 Nov 2005 09:39:37 -0800, Wes Hardaker <[EMAIL PROTECTED]> said: Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 Wes> 1) that engineid is not a legal one... Not that it should matter much Wes> for our tools, as we're fairly liberal in what we accept. However, Wes> for others it might cause them to fail. Wes> 2) The engineID *MUST* match the engineID of the trap receiver. It Wes> can't be arbitrary. do a "grep oldEngineID Wes> /var/net-snmp/snmptrapd.conf" and use the engineID from that line Wes> for *both* the createUser line and the snmptrap line. whoops. #2 is a lie. It should only match for an INFORM my bad. As long as the createuser line matches the -e switch, it should work... -- Wes Hardaker Sparta, Inc. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Problem with snmptrap
> On Tue, 29 Nov 2005 16:49:33 +0200, Andrei Pisau <[EMAIL PROTECTED]> said: Andrei> snmptrap -Ddumph_send,dumpv_send,usm -e 0xbd224466-v 3 -u root -a MD5 Andrei> -A authpass -l authPriv -x DES -X privpass localhost 42 coldStart.0 1) that engineid is not a legal one... Not that it should matter much for our tools, as we're fairly liberal in what we accept. However, for others it might cause them to fail. 2) The engineID *MUST* match the engineID of the trap receiver. It can't be arbitrary. do a "grep oldEngineID /var/net-snmp/snmptrapd.conf" and use the engineID from that line for *both* the createUser line and the snmptrap line. -- Wes Hardaker Sparta, Inc. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
