Re: snmptrap + tables

[Cyrus]

Thanks to Dave Shield for having the patience to explain this 10 years ago:

https://sourceforge.net/p/net-snmp/mailman/message/28774933/

With the explanation and hints, I could fix my MIB file definition.
Now moving to the implementation. :)

Regards,
CI.-

El dom, 11 sept 2022 a las 21:49, Cyrus () escribió:
>
> Hello!,
>
> I'm trying to integrate LibreNMS with a northbound manager through
> SNMP traps using snmptrap@net-snmp.
>
> The way notifications work in that tool is that you can have a
> notification event, which has several faults (event interface errors
> that applies to 4 ports out of the 48 a device may have).
> Notifications are not per port, but per alarm rule on a device.
>
> I'm writing a MIB file to implement that trap, but I see traps don't
> allow tables since validation fails with:
>
> Error (level 3), line 284: [notification-object-type] object
> `daFaultTable' of notification `daEvent' must be a scalar or column
>
> Events may have N faults, with N starting in 0 (CLEAR events) or any
> other number depending on affected entities within a node.
>
> What would be the best approach to send that multientry object table
> (faults) in a trap with a parent entity (event)?
>
> For reference, current version of the MIB file:  https://pastebin.com/CZE0FYEU
>
> Regards,
> CI.-



-- 
Ciro Iriarte
http://iriarte.it
--


___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap Buffer Error

[Feroz]

Can you share your snmptrapd.conf file contents?

On Wed, 7 Apr, 2021, 4:51 pm Ahmet Muzaffer Dülger, <
ahmetmuzafferdul...@gmail.com> wrote:

> Hi,
>
> I use net-snmp 5.7.3 and I want to send snmptrap continuously on OpenWrt.
> First trap message is OK. But I'm getting error when sending a second trap
> message ( buffer too small to read octet string (13 < 13) ).
>
> The command is as follows;
> snmptrap -m ALL -v 2c -c public :' 
>  s 'text message'
>
> I noticed that I got the error when the oldEngineID parameter was added to
> the snmpapp.conf file. I am not sure if there is an error I made while
> running the command, or if there is an error caused by net-snmp.
>
> Can you help with this topic?
> Best regards.
>
> --
>
> *Ahmet Muzaffer DULGER*
> ___
> Net-snmp-users mailing list
> Net-snmp-users@lists.sourceforge.net
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Re: Re: snmptrap v3 how to specify source IP

[Anders Wallin]

Hi,

that was one of the cases that failed for me.
You can try to have  'clientaddr 10.2.24.121" $HOME/.snmp/snmp.conf
and run
"snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest  -x AES -X
usertest  10.2.24.18 84100 …… "
(w/o -s 10.2.24.121)

I hope to get some time to dig into the issue later this week

Regards
Anders Wallin


On Sat, May 25, 2019 at 5:13 AM ww  wrote:

> Hi，Anders
>
> I am Chinese，and the website was blocked by the government.
> You know the "996.icu"..
> When I login the website，it will prompt that:
> The sourceforge.net website is temporarily in static offline mode.
>
> Only a very limited set of project pages are available until the main
> website returns to service.
> May I ask a question?
> My eth0 ip 10.2.24.81, eth1 ip 10.2.24.121 .
> My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest  -x
> AES -X usertest  -s 10.2.24.121  10.2.24.18 84100 …… ".
> Why is  the IP received by the client is 10.2.24.81?
>
>
> At 2019-05-24 19:44:52, "Anders Wallin"  wrote:
>
> Hi,
>
> I found two issues using latest git repo master branch;
> IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip -
> OK
> IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip
> - OK
> IPv4, using "snmptrap -s srcip" to a local ip - OK
> IPv4, using "snmptrap -s srcip" to a remote ip - FAILS
>
> IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip -
> OK
> IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip
> - OK
> IPv6, using "snmptrap -s srcip" to a local ip - OK
> IPv6, using "snmptrap -s srcip" to a remote ip - FAILS
>
> IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local
> ip - OK
> IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a
> remote ip - OK
> IPv4, using "trapsess -s srcip ..." to a local ip - OK
> IPv4, using "trapsess -s srcip" to a remote ip - OK
>
> IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local
> ip - OK
> IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a
> remote ip - OK
> IPv6, using "trapsess -s srcip ..." to a local ip - OK
> IPv6, using "trapsess -s srcip" to a remote ip - OK
>
> NOTE: clientaddrs sucks if you want to use IPv4 AND IPv6 since it can only
> have one value, either an IPv4 or an IPv6 value
>
> "ww"; can you file a bug on this problem?
> https://sourceforge.net/p/net-snmp/bugs/
>
> I will try to fix it, but it will be next week.
>
> Regards
> Anders
>
> On Fri, May 24, 2019 at 5:23 AM ww  wrote:
>
>> Hi.
>> Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose
>> not work.
>> My version is net-snmp-5.8.
>> My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest
>> -x AES -X usertest  -s 10.2.24.121  10.2.24.18 84100 …… ".
>> May I ask you how the snmptrap chooses the network interface by it self?
>> Is it polling all the enable ports?
>>
>> Regards
>>
>> At 2019-05-23 15:54:28, "Klemen Sladic"  wrote:
>>
>> Hi.
>>
>> Any traffic originating from snmpd will have src IP of outgoing network
>> interface.
>> From my experience "clientaddr" helps for replies generated by snmpd. For
>> example,
>> if you have multiple interfaces and "clientaddr" is set, any snmpd
>> response, like response to
>> snmpget, snmpwalk etc. will have desired src IP.
>>
>> But this won't work for packets initiated by snmpd, like traps.
>> What I did, was changing the route src settings.
>> For example, if you have eth0 in 192.168.0.0/24 and eth1 in
>> 192.168.1.0/24 and you want any traffic to
>> have source of 192.168.0.0/24, then change eth1 subnet route like:
>>
>> ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1
>>
>> if 192.168.0.1 is eth0 IP.
>>
>> Of course this may have other side effects on routing in your system.
>>
>> RegK
>>
>> On Thu, May 23, 2019 at 6:30 PM Anders Wallin  wrote:
>>
>>> You can use "clientaddr" in snmp.conf or snmpd.conf,
>>> https://linux.die.net/man/5/snmp.conf
>>>
>>> In 5.8 you also have the possibility to use "-s" with trapsess, but I
>>> did not found any documentation on it.
>>> but check the test
>>> code, testing/fulltests/default/T184trapsesssource_simple
>>>
>>> Regards
>>> Anders Wallin
>>>
>>>
>>> On Wed, May 22, 2019 at 5:21 PM ww  wrote:
>>>
 Hello, Thank you for reading my email. Can I specify the source IP
 when send a V2/V3 trap like V1?




 ___
 Net-snmp-users mailing list
 Net-snmp-users@lists.sourceforge.net
 Please see the following page to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users

>>> ___
>>> Net-snmp-users mailing list
>>> Net-snmp-users@lists.sourceforge.net
>>> Please see the following page to unsubscribe or change other options:
>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>>
>>
>>
>>
>>
>
>
>
>

Re: Re: snmptrap v3 how to specify source IP

[Anders Wallin]

Hi,

I found two issues using latest git repo master branch;
IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip -
OK
IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip -
OK
IPv4, using "snmptrap -s srcip" to a local ip - OK
IPv4, using "snmptrap -s srcip" to a remote ip - FAILS

IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip -
OK
IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip -
OK
IPv6, using "snmptrap -s srcip" to a local ip - OK
IPv6, using "snmptrap -s srcip" to a remote ip - FAILS

IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local
ip - OK
IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a remote
ip - OK
IPv4, using "trapsess -s srcip ..." to a local ip - OK
IPv4, using "trapsess -s srcip" to a remote ip - OK

IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local
ip - OK
IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a remote
ip - OK
IPv6, using "trapsess -s srcip ..." to a local ip - OK
IPv6, using "trapsess -s srcip" to a remote ip - OK

NOTE: clientaddrs sucks if you want to use IPv4 AND IPv6 since it can only
have one value, either an IPv4 or an IPv6 value

"ww"; can you file a bug on this problem?
https://sourceforge.net/p/net-snmp/bugs/

I will try to fix it, but it will be next week.

Regards
Anders

On Fri, May 24, 2019 at 5:23 AM ww  wrote:

> Hi.
> Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose
> not work.
> My version is net-snmp-5.8.
> My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest  -x
> AES -X usertest  -s 10.2.24.121  10.2.24.18 84100 …… ".
> May I ask you how the snmptrap chooses the network interface by it self?
> Is it polling all the enable ports?
>
> Regards
>
> At 2019-05-23 15:54:28, "Klemen Sladic"  wrote:
>
> Hi.
>
> Any traffic originating from snmpd will have src IP of outgoing network
> interface.
> From my experience "clientaddr" helps for replies generated by snmpd. For
> example,
> if you have multiple interfaces and "clientaddr" is set, any snmpd
> response, like response to
> snmpget, snmpwalk etc. will have desired src IP.
>
> But this won't work for packets initiated by snmpd, like traps.
> What I did, was changing the route src settings.
> For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24
> and you want any traffic to
> have source of 192.168.0.0/24, then change eth1 subnet route like:
>
> ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1
>
> if 192.168.0.1 is eth0 IP.
>
> Of course this may have other side effects on routing in your system.
>
> RegK
>
> On Thu, May 23, 2019 at 6:30 PM Anders Wallin  wrote:
>
>> You can use "clientaddr" in snmp.conf or snmpd.conf,
>> https://linux.die.net/man/5/snmp.conf
>>
>> In 5.8 you also have the possibility to use "-s" with trapsess, but I did
>> not found any documentation on it.
>> but check the test
>> code, testing/fulltests/default/T184trapsesssource_simple
>>
>> Regards
>> Anders Wallin
>>
>>
>> On Wed, May 22, 2019 at 5:21 PM ww  wrote:
>>
>>> Hello, Thank you for reading my email. Can I specify the source IP when
>>> send a V2/V3 trap like V1?
>>>
>>>
>>>
>>>
>>> ___
>>> Net-snmp-users mailing list
>>> Net-snmp-users@lists.sourceforge.net
>>> Please see the following page to unsubscribe or change other options:
>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>>
>> ___
>> Net-snmp-users mailing list
>> Net-snmp-users@lists.sourceforge.net
>> Please see the following page to unsubscribe or change other options:
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>
>
>
>
>
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Re: snmptrap v3 how to specify source IP

[Klemen Sladic]

By routing decision, as I noted before.

RegK

On Fri, May 24, 2019 at 3:23 PM ww  wrote:

> Hi.
> Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose
> not work.
> My version is net-snmp-5.8.
> My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest  -x
> AES -X usertest  -s 10.2.24.121  10.2.24.18 84100 …… ".
> May I ask you how the snmptrap chooses the network interface by it self?
> Is it polling all the enable ports?
>
> Regards
>
> At 2019-05-23 15:54:28, "Klemen Sladic"  wrote:
>
> Hi.
>
> Any traffic originating from snmpd will have src IP of outgoing network
> interface.
> From my experience "clientaddr" helps for replies generated by snmpd. For
> example,
> if you have multiple interfaces and "clientaddr" is set, any snmpd
> response, like response to
> snmpget, snmpwalk etc. will have desired src IP.
>
> But this won't work for packets initiated by snmpd, like traps.
> What I did, was changing the route src settings.
> For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24
> and you want any traffic to
> have source of 192.168.0.0/24, then change eth1 subnet route like:
>
> ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1
>
> if 192.168.0.1 is eth0 IP.
>
> Of course this may have other side effects on routing in your system.
>
> RegK
>
> On Thu, May 23, 2019 at 6:30 PM Anders Wallin  wrote:
>
>> You can use "clientaddr" in snmp.conf or snmpd.conf,
>> https://linux.die.net/man/5/snmp.conf
>>
>> In 5.8 you also have the possibility to use "-s" with trapsess, but I did
>> not found any documentation on it.
>> but check the test
>> code, testing/fulltests/default/T184trapsesssource_simple
>>
>> Regards
>> Anders Wallin
>>
>>
>> On Wed, May 22, 2019 at 5:21 PM ww  wrote:
>>
>>> Hello, Thank you for reading my email. Can I specify the source IP when
>>> send a V2/V3 trap like V1?
>>>
>>>
>>>
>>>
>>> ___
>>> Net-snmp-users mailing list
>>> Net-snmp-users@lists.sourceforge.net
>>> Please see the following page to unsubscribe or change other options:
>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>>
>> ___
>> Net-snmp-users mailing list
>> Net-snmp-users@lists.sourceforge.net
>> Please see the following page to unsubscribe or change other options:
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>
>
>
>
>
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap v3 how to specify source IP

[Klemen Sladic]

Hi.

Any traffic originating from snmpd will have src IP of outgoing network
interface.
>From my experience "clientaddr" helps for replies generated by snmpd. For
example,
if you have multiple interfaces and "clientaddr" is set, any snmpd
response, like response to
snmpget, snmpwalk etc. will have desired src IP.

But this won't work for packets initiated by snmpd, like traps.
What I did, was changing the route src settings.
For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24
and you want any traffic to
have source of 192.168.0.0/24, then change eth1 subnet route like:

ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1

if 192.168.0.1 is eth0 IP.

Of course this may have other side effects on routing in your system.

RegK

On Thu, May 23, 2019 at 6:30 PM Anders Wallin  wrote:

> You can use "clientaddr" in snmp.conf or snmpd.conf,
> https://linux.die.net/man/5/snmp.conf
>
> In 5.8 you also have the possibility to use "-s" with trapsess, but I did
> not found any documentation on it.
> but check the test
> code, testing/fulltests/default/T184trapsesssource_simple
>
> Regards
> Anders Wallin
>
>
> On Wed, May 22, 2019 at 5:21 PM ww  wrote:
>
>> Hello, Thank you for reading my email. Can I specify the source IP when
>> send a V2/V3 trap like V1?
>>
>>
>>
>>
>> ___
>> Net-snmp-users mailing list
>> Net-snmp-users@lists.sourceforge.net
>> Please see the following page to unsubscribe or change other options:
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>>
> ___
> Net-snmp-users mailing list
> Net-snmp-users@lists.sourceforge.net
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap v3 how to specify source IP

[Anders Wallin]

You can use "clientaddr" in snmp.conf or snmpd.conf,
https://linux.die.net/man/5/snmp.conf

In 5.8 you also have the possibility to use "-s" with trapsess, but I did
not found any documentation on it.
but check the test code, testing/fulltests/default/T184trapsesssource_simple

Regards
Anders Wallin


On Wed, May 22, 2019 at 5:21 PM ww  wrote:

> Hello, Thank you for reading my email. Can I specify the source IP when
> send a V2/V3 trap like V1?
>
>
>
>
> ___
> Net-snmp-users mailing list
> Net-snmp-users@lists.sourceforge.net
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: [snmptrap] : source ip 0.0.0.0

[Bill Fenner]

On Wed, Oct 10, 2018 at 4:35 AM Pushpa Thimmaiah 
wrote:

> Hi All,
> Following is debug/trace message of tool 'snmptrap' while sending
> snmpv2c traps.  What does '0.0.0.0' means here?
> Does the data sent to all interfaces of device (snmpagent) ?
> 172.16.4.12 is trap destination.
>
> ---
> trace: netsnmp_udpipv4base_transport():
> transports/snmpUDPIPv4BaseDomain.c, 163:
> netsnmp_udpbase: client open UDP: [172.16.4.12]:162->[0.0.0.0]:56615
>
>
> transport:send: 89 bytes to UDP: [172.16.4.12]:162->[0.0.0.0]:56615
>
> 
>

The arrow is in the wrong direction in those debug messages.  It means, you
are sending from any local address, 0.0.0.0 means you don't care, port
56615, to 172.16.4.12 port 162.

  Bill
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap unsigned type not working as expected

[Bill Fenner]

On Sun, Feb 1, 2015 at 5:40 AM, Ashwini Pagade ashwinipag...@gmail.com
wrote:

 Hi Bill,

 Thank you for your response.

 I think it is not just the dump/log error and incorrect value is
 propagated further down the line. I have an snmpV3 adapter which receives
 the value. This adapter too gets the incorrect value.


Did you consider the possibility that a similar bug exists in the snmpV3
adapter?

  Bill
--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap unsigned type not working as expected

[Ashwini Pagade]

Hi Bill,

I found below line is priting the wroung value.
 DEBUGMSG((dumpv_recv,   UInteger:\t%ld (0x%.2lX)\n, value, value));

Changing %ld to %lu in above line worked for me.

I am also considering SNMPV3 adapter code which might be doing the wrong
conversion.

Thank you..!!

Ashwini

On 2 February 2015 at 20:42, Bill Fenner fen...@gmail.com wrote:

 On Sun, Feb 1, 2015 at 5:40 AM, Ashwini Pagade ashwinipag...@gmail.com
 wrote:

 Hi Bill,

 Thank you for your response.

 I think it is not just the dump/log error and incorrect value is
 propagated further down the line. I have an snmpV3 adapter which receives
 the value. This adapter too gets the incorrect value.


 Did you consider the possibility that a similar bug exists in the snmpV3
 adapter?

   Bill


--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap unsigned type not working as expected

[Ashwini Pagade]

Hi Bill,

Thank you for your response.

I think it is not just the dump/log error and incorrect value is propagated
further down the line. I have an snmpV3 adapter which receives the value.
This adapter too gets the incorrect value.

I think below line in function asn_parse_unsigned_int() in file asn1.c is
printing the incorrect value:
DEBUGMSG((dumpv_recv,   UInteger:\t%ld (0x%.2lX)\n, value, value));

However I am not sure how this could be fixed. Data type of 'value' looks
correct which is u_long.

Any idea?

Thanks.

On 30 January 2015 at 02:51, Bill Fenner fen...@gmail.com wrote:

 I think that looks like a bug in dumpv_recv.  Note that the hex value is
 correct.

   Bill

 On Thu, Jan 29, 2015 at 1:02 PM, Ashwini Pagade ashwinipag...@gmail.com
 wrote:

 Hi,

 I am using snmpV3 adapter and passing V2 traps to it by using commands as
 below. It looks like the range for type *u* (i.e. unsigned) is upto
 (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e.
 4294967295).

 snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5
 1.3.6.1.4.1.12345.1 u 2147483647

 Above command generates following log:
 trace:  ..\..\snmplib\snmp_api.c, 5293:
 dumph_recv: Value
 dumpx_recv:  42 04 7F FF FF FF
 dumpv_recv:UInteger:2147483647 (0x7FFF)


 snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5
 1.3.6.1.4.1.12345.1 u 2147483648

 Above command generates following log:
 trace:  ..\..\snmplib\snmp_api.c, 5293:
 dumph_recv: Value
 dumpx_recv:  42 05 00 80 00 00 00
 dumpv_recv:UInteger:-2147483648 (0x8000)

 Refer to:
 http://www.net-snmp.org/docs/man/snmptrap.html

 I am using net-snmp v5.5.

 Is this the correct behavior or am I missing something?

 Thanks.


 --
 Dive into the World of Parallel Programming. The Go Parallel Website,
 sponsored by Intel and developed in partnership with Slashdot Media, is
 your
 hub for all things parallel software development, from weekly thought
 leadership blogs to news, videos, case studies, tutorials and more. Take a
 look and join the conversation now. http://goparallel.sourceforge.net/
 ___
 Net-snmp-users mailing list
 Net-snmp-users@lists.sourceforge.net
 Please see the following page to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users



--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap unsigned type not working as expected

[Bill Fenner]

I think that looks like a bug in dumpv_recv.  Note that the hex value is
correct.

  Bill

On Thu, Jan 29, 2015 at 1:02 PM, Ashwini Pagade ashwinipag...@gmail.com
wrote:

 Hi,

 I am using snmpV3 adapter and passing V2 traps to it by using commands as
 below. It looks like the range for type *u* (i.e. unsigned) is upto
 (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e.
 4294967295).

 snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5
 1.3.6.1.4.1.12345.1 u 2147483647

 Above command generates following log:
 trace:  ..\..\snmplib\snmp_api.c, 5293:
 dumph_recv: Value
 dumpx_recv:  42 04 7F FF FF FF
 dumpv_recv:UInteger:2147483647 (0x7FFF)


 snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5
 1.3.6.1.4.1.12345.1 u 2147483648

 Above command generates following log:
 trace:  ..\..\snmplib\snmp_api.c, 5293:
 dumph_recv: Value
 dumpx_recv:  42 05 00 80 00 00 00
 dumpv_recv:UInteger:-2147483648 (0x8000)

 Refer to:
 http://www.net-snmp.org/docs/man/snmptrap.html

 I am using net-snmp v5.5.

 Is this the correct behavior or am I missing something?

 Thanks.


 --
 Dive into the World of Parallel Programming. The Go Parallel Website,
 sponsored by Intel and developed in partnership with Slashdot Media, is
 your
 hub for all things parallel software development, from weekly thought
 leadership blogs to news, videos, case studies, tutorials and more. Take a
 look and join the conversation now. http://goparallel.sourceforge.net/
 ___
 Net-snmp-users mailing list
 Net-snmp-users@lists.sourceforge.net
 Please see the following page to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users


--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap under IPv6 after setting clientaddr

[Wes Hardaker]

Rizwan Ansari rans...@mvista.com writes:

 I looked into IPv4 code and feel like same code is missing under IPv6
 section.

Thanks for the patch!  Can you submit it to our patch database to make
sure it doesn't get lost?

  http://www.net-snmp.org/patches/

-- 
Wes Hardaker
Parsons

--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap : snmp_build: unknown failure and Can't build OID mesasges CLOSED

[dave]

We've figured this out.  Thanks.

D.

 Hi All,

 I have a kind of baffling situation here.

 We have been successfuly sending traps to a Nagios client for a couple of
 months.  The trap command has the form.

 snmptrap -M /usr/local/share/snmp/mibs -v 3 -n \\ [authorization stuff]
 [ip number] 0 1.3.6.1.4.1.36070.0.1 0 s string0 1 s string1 2 s string2

 Nagios/nsti have been processing them just fine.

 We added another argument, as in:

 snmptrap -M /usr/local/share/snmp/mibs -v 3 -n \\ [authorization stuff]
 [ip number] 0 1.3.6.1.4.1.36070.0.1 0 s string0 1 s string1 2 s string2 3
 s string3

 and we start seeing the messages I mentioned in the subject:

 snmp_build: unknown failuresnmptrap: Error building ASN.1 representation
 (Can't build OID for variable)

 Further, it seems that if we use an index = 3, the message appears no
 matter how many arguments we send, i.e., this wont work either:

 snmptrap [snip snip] 0 s string0 3 s string3

 We have updated the MIB in Nagios to reflect the change, but either it is
 irrelevant to do so or the changes aren't being noticed.  snmptranslate on
 the Nagios client box shows that the MIB changes to the notificationGroup,
 etc. have worked and the updated MIB is good.  We have tried both sending
 and receiving the traps on multiple machines.

 Thought this would be a ten minute task -- adding a couple of arguments to
 a command.  One day down (for two developers) so far!!

 Googling the messages returns a suspicious scarcity of finds.

 We are running 5.6.2pre1.

 Any ideas?  Please keep in mind that the version with three arguments at
 the top of this posting ran just fine for a long time, but adding that
 triplet of arguments to the end OR using an index = 3 breaks it.  We have
 adjusted the MIB and even restarted the Nagios box.

 Thank you very much!

 Dave












 --
 Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
 Discover the easy way to master current and previous Microsoft
 technologies
 and advance your career. Get an incredible 1,500+ hours of step-by-step
 tutorial videos with LearnDevNow. Subscribe today and save!
 http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk
 ___
 Net-snmp-users mailing list
 Net-snmp-users@lists.sourceforge.net
 Please see the following page to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users




--
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap using SSL

[mohamad hosein jafari]

HI

 I used snmptrap to send trap from Agent to server . and I use it on linux
 Agent and Windows Agent .

 Now I want to encrypt Trap sending By SSL . So when I send trap from agent
 to server it should use SSL for trap Data .

 Do you know How Can I do it ?

 Thanks

--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thank you so much again

Basically, just copy the new MIB files into the directory
where the rest of them live.
   Typically this will be something like  /usr/share/snmp/mibs
for a vendor-supplied setup

for example for my work that I said you before should I do anything about
MIB?
(receive some IDS log from windows or liux agent and save them on my linux
serever )

On Fri, Jul 27, 2012 at 12:45 AM, mohamad hosein jafari 
smhjafar...@gmail.com wrote:

 Thank you so much again

 Basically, just copy the new MIB files into the directory
 where the rest of them live.
Typically this will be something like  /usr/share/snmp/mibs
 for a vendor-supplied setup

 for example for my work that I said you before should I do anything about
 MIB?
 (receive some IDS log from windows or liux agent and save them on my linux
 serever )


 On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  If you have the relevant MIB files, then you can install these
 on the linux side in the usual manner.   See the on-line
 documentation for details.
 
  Can you help me about this more??

 Basically, just copy the new MIB files into the directory
 where the rest of them live.
Typically this will be something like  /usr/share/snmp/mibs
 for a vendor-supplied setup.


  And I have another question : Is any script for windows to set all snmp
  config that we can use it to set all config on windows?

 Sorry - I've no idea.
 I don't have much to do with Windows administration.

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 05:51, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I set my snmp service to send trap on my IP then I went to my linux (VmWare)
 and I do setting about IPtable but I didn't see anything in linux log file

Did you restart the Windows SNMP agent *after* running the iptables command?


 So I have a question:
 IS THERE any different between Linux MIB file and windows MIB file?

I'm sorry - that question just doesn't make sense.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes I did
but I didn't see anything in log file again
what is problem?


excuse me why my question doesn't make sense ??
I want to know should I do any config in my linux serever for receiving
trap from windows agent?

thanks
On Thu, Jul 26, 2012 at 12:04 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 05:51, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I set my snmp service to send trap on my IP then I went to my linux
 (VmWare)
  and I do setting about IPtable but I didn't see anything in linux log
 file

 Did you restart the Windows SNMP agent *after* running the iptables
 command?


  So I have a question:
  IS THERE any different between Linux MIB file and windows MIB file?

 I'm sorry - that question just doesn't make sense.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes I did
 but I didn't see anything in log file again
 what is problem?

I don't know - that's what we need to work out.

I seem to remember you saying that you have two Linux systems available
(one running CentOS, and one running Debian).   Is that correct?

If so, can you please try the following:

On the trap receiver system, run the following:
  tail -f /var/log/messages

   On the same system (in another window), run the command
  snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
\netSnmpExampleInteger i 123456
   (we know this ought to work - this is just to confirm that you're
seeing the traps)
   What do you see reported by the tail command?

   Now on the other (Debian?) system, run the same
  snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
\netSnmpExampleInteger i 123456
   command.
   What do you see reported by the tail command?


Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes that is right . that was my friend system that I checked on . but now I
don't have that system .
Is our problem is running snmptrap and receiver on one system??

thnks but can't you help me in our question about linux config? dosn't have
any difference between these two system?

thnks

On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes I did
  but I didn't see anything in log file again
  what is problem?

 I don't know - that's what we need to work out.

 I seem to remember you saying that you have two Linux systems available
 (one running CentOS, and one running Debian).   Is that correct?

 If so, can you please try the following:

 On the trap receiver system, run the following:
   tail -f /var/log/messages

On the same system (in another window), run the command
   snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
 \netSnmpExampleInteger i 123456
(we know this ought to work - this is just to confirm that you're
 seeing the traps)
What do you see reported by the tail command?

Now on the other (Debian?) system, run the same
   snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
 \netSnmpExampleInteger i 123456
command.
What do you see reported by the tail command?


 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes that is right . that was my friend system that I checked on . but now I
don't have that system .
Is our problem is running snmptrap and receiver on one system??

thnks but can't you help me in our question about linux config? dosn't have
any difference between these two system?

thnks

On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes I did
  but I didn't see anything in log file again
  what is problem?

 I don't know - that's what we need to work out.

 I seem to remember you saying that you have two Linux systems available
 (one running CentOS, and one running Debian).   Is that correct?

 If so, can you please try the following:

 On the trap receiver system, run the following:
   tail -f /var/log/messages

On the same system (in another window), run the command
   snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
 \netSnmpExampleInteger i 123456
(we know this ought to work - this is just to confirm that you're
 seeing the traps)
What do you see reported by the tail command?

Now on the other (Debian?) system, run the same
   snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
 \netSnmpExampleInteger i 123456
command.
What do you see reported by the tail command?


 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes that is right . that was my friend system that I checked on . but now I
 don't have that system .
 Is our problem is running snmptrap and receiver on one system??

No - there is no problem with running both trap sender and trap receiver
on the same system.   You've already seen that this works.
The current issue is with running trap sender and trap receiver on
*different* systems.   This ought to be fine as well, but there's clearly a
problem somewhere, becuase it's currently not working.

  That's what I'm trying to help you sort out.


 thnks but can't you help me in our question about linux config? dosn't have
 any difference between these two system?

I will help you with that *AFTER* we've fixed whatever is wrong with the
trap communication.   As you should have realised by now, this is
painstaking work - and I do not have the time (or patience) to lead you
through both of these at the same time.
   We're making progress on this one, so let's concentrate on it and get
it finished before getting distracted elsewhere.




Are you sure that you don't have access to any other Linux or Unix based
system that can talk to your CentOS box?It doesn't need any special
level of privilege - an ordinary account would be fine.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Yes

I test It AND I saw log in my log file :)

Thank you . I got result

Is there any work to do?

On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes that is right . that was my friend system that I checked on . but
 now I
  don't have that system .
  Is our problem is running snmptrap and receiver on one system??

 No - there is no problem with running both trap sender and trap receiver
 on the same system.   You've already seen that this works.
 The current issue is with running trap sender and trap receiver on
 *different* systems.   This ought to be fine as well, but there's clearly a
 problem somewhere, becuase it's currently not working.

   That's what I'm trying to help you sort out.


  thnks but can't you help me in our question about linux config? dosn't
 have
  any difference between these two system?

 I will help you with that *AFTER* we've fixed whatever is wrong with the
 trap communication.   As you should have realised by now, this is
 painstaking work - and I do not have the time (or patience) to lead you
 through both of these at the same time.
We're making progress on this one, so let's concentrate on it and get
 it finished before getting distracted elsewhere.




 Are you sure that you don't have access to any other Linux or Unix based
 system that can talk to your CentOS box?It doesn't need any special
 level of privilege - an ordinary account would be fine.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

but what is problem in running it in one system?

On Thu, Jul 26, 2012 at 1:02 PM, mohamad hosein jafari 
smhjafar...@gmail.com wrote:

 Yes

 I test It AND I saw log in my log file :)

 Thank you . I got result

 Is there any work to do?


 On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes that is right . that was my friend system that I checked on . but
 now I
  don't have that system .
  Is our problem is running snmptrap and receiver on one system??

 No - there is no problem with running both trap sender and trap receiver
 on the same system.   You've already seen that this works.
 The current issue is with running trap sender and trap receiver on
 *different* systems.   This ought to be fine as well, but there's clearly
 a
 problem somewhere, becuase it's currently not working.

   That's what I'm trying to help you sort out.


  thnks but can't you help me in our question about linux config? dosn't
 have
  any difference between these two system?

 I will help you with that *AFTER* we've fixed whatever is wrong with the
 trap communication.   As you should have realised by now, this is
 painstaking work - and I do not have the time (or patience) to lead you
 through both of these at the same time.
We're making progress on this one, so let's concentrate on it and get
 it finished before getting distracted elsewhere.




 Are you sure that you don't have access to any other Linux or Unix based
 system that can talk to your CentOS box?It doesn't need any special
 level of privilege - an ordinary account would be fine.

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 09:37, mohamad hosein jafari smhjafar...@gmail.com wrote:
 but what is problem in running it in one system?

There isn't.   What makes you think there might be?

We've already shown that this works.
Why do you think there's still a problem?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I test It AND I saw log in my log file :)
 Thank you . I got result

 Is there any work to do?

You could start by telling me *what* you tested,
and what you saw?

Is this from another Linux system?
Sending traps from the Windows box?
or what?

I cannot read your mind - if you don't tell me the details
of what you're doing, it is very hard to help you.
   And it's also much slower - you claim to be in a hurry,
and working to a deadline,   but this sort of vague report
just makes things worse.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

excuse me

I send trap with other windows agent and saw log file in my linux log file

On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I test It AND I saw log in my log file :)
  Thank you . I got result
 
  Is there any work to do?

 You could start by telling me *what* you tested,
 and what you saw?

 Is this from another Linux system?
 Sending traps from the Windows box?
 or what?

 I cannot read your mind - if you don't tell me the details
 of what you're doing, it is very hard to help you.
And it's also much slower - you claim to be in a hurry,
 and working to a deadline,   but this sort of vague report
 just makes things worse.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

the output is :

2012-07-24 19:15:42 192.168.1.2(via UDP: [192.168.1.2]:58885) TRAP, SNMP
v1, community public
SNMPv2-SMI::enterprises.311.1.1.3.1.1 Link Up Trap (0) Uptime:
0:00:17.63
IF-MIB::ifIndex.37 = INTEGER: 37

in my log file

On Thu, Jul 26, 2012 at 1:16 PM, mohamad hosein jafari 
smhjafar...@gmail.com wrote:

 excuse me

 I send trap with other windows agent and saw log file in my linux log file


 On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I test It AND I saw log in my log file :)
  Thank you . I got result
 
  Is there any work to do?

 You could start by telling me *what* you tested,
 and what you saw?

 Is this from another Linux system?
 Sending traps from the Windows box?
 or what?

 I cannot read your mind - if you don't tell me the details
 of what you're doing, it is very hard to help you.
And it's also much slower - you claim to be in a hurry,
 and working to a deadline,   but this sort of vague report
 just makes things worse.

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 09:46, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I send trap with other windows agent and saw log file in my linux log file


So you are now in a state where you can send traps from your
Windows box to a trap receiver.   Good

*NOW* you can start to think about what traps you want to generate
and when they should be sent.Given that you're using the Microsoft
SNMP agent,  I'm not sure how much further help we can give you.
But I'm happy to help you clarify your ideas before going to someone
who understands the MS system better than we do.

So what are you trying to do here?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thank you so much for your helps

Now I set snmptrap config on my first windows system like this link
http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper


and I selected all service under the agent tab . I want agent that send
trap to my server every time continually . and I receive that log by my
server and save them on server system . So what configs should I do on my
linux server or windows agent  in addition of this link ?

thnks

On Thu, Jul 26, 2012 at 1:34 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 09:46, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I send trap with other windows agent and saw log file in my linux log
 file


 So you are now in a state where you can send traps from your
 Windows box to a trap receiver.   Good

 *NOW* you can start to think about what traps you want to generate
 and when they should be sent.Given that you're using the Microsoft
 SNMP agent,  I'm not sure how much further help we can give you.
 But I'm happy to help you clarify your ideas before going to someone
 who understands the MS system better than we do.

 So what are you trying to do here?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 10:14, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I want agent that send trap to my server every time continually.

But *what* traps do you want the agent to send?
An SNMP trap is used to report some event or condition.
What events and conditions are you interested in?


 and I receive that log by my 
 server
 and save them on server system . So what configs should I do on my linux
 server or windows agent  in addition of this link ?

You've got the configuration in place on the Linux side to receive traps.
You've got the configuration in place on the Windows side about
   *where* to send the traps.
All you are missing now is the information about *what* traps to send
   (and hence when to send them)

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

This work is in other step of our works
but I think we should get IDS logs from other agent and save them in our
log file(server log file)

so I should configure server completely for getting trap from linux and
windows agents  continually

because of this I asked you is any difference between linux MIB and
windows? . I think now is time for this question and config our server
completely .


On Thu, Jul 26, 2012 at 1:48 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 10:14, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I want agent that send trap to my server every time continually.

 But *what* traps do you want the agent to send?
 An SNMP trap is used to report some event or condition.
 What events and conditions are you interested in?


  and I receive that log by my
 server
  and save them on server system . So what configs should I do on my linux
  server or windows agent  in addition of this link ?

 You've got the configuration in place on the Linux side to receive traps.
 You've got the configuration in place on the Windows side about
*where* to send the traps.
 All you are missing now is the information about *what* traps to send
(and hence when to send them)

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 10:39, mohamad hosein jafari smhjafar...@gmail.com wrote:
 because of this I asked you is any difference between linux MIB and windows?

OK - let's address that question, then.

What do you mean by Linux MIB   and   Windows MIB ?

The reason that I said the question didn't make sense, is
that as far as I'm aware there is no such thing as a Linux MIB.
There may be a Windows MIB (though frankly I'd be surprised)

There are a whole lot of MIBs that have been defined (both standard
and private), each concerned with a small, relatively focussed area of
infomation.Any given SNMP agent will implement a number of these
MIBs - depending on exactly how it has been coded/configured/etc.
(And it's also possible for this collection of supported MIBs to change
dynamically, as subagents are added/removed).


But there's no such thing (AFAIK) as a Linux MIB or a Windows MIB.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes My means by saying linux MIB is MIB format for linux system

I asked when windows agent send snmp trap as MIB files Is any configure for
my linux server for getting it or no?
Or is linux MIB format is equal to windows MIB format or no?
and my config for getting trap from windows agent was finishe?


 On Thu, Jul 26, 2012 at 2:20 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 10:39, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  because of this I asked you is any difference between linux MIB and
 windows?

 OK - let's address that question, then.

 What do you mean by Linux MIB   and   Windows MIB ?

 The reason that I said the question didn't make sense, is
 that as far as I'm aware there is no such thing as a Linux MIB.
 There may be a Windows MIB (though frankly I'd be surprised)

 There are a whole lot of MIBs that have been defined (both standard
 and private), each concerned with a small, relatively focussed area of
 infomation.Any given SNMP agent will implement a number of these
 MIBs - depending on exactly how it has been coded/configured/etc.
 (And it's also possible for this collection of supported MIBs to change
 dynamically, as subagents are added/removed).


 But there's no such thing (AFAIK) as a Linux MIB or a Windows MIB.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com wrote:
 My means by saying linux MIB is MIB format for linux system

The format of MIB files is standard - it will be the same on
Linux, Windows, Mac OS, etc, etc.



 I asked when windows agent send snmp trap as MIB files

Again - that doesn't make send.
An agent doesn't send an SNMP trap as a MIB file.
The MIB file defines the name, contents and meaning of the trap.

But a trap is perfectly valid without the corresponding MIB file.
You can detect and log it, even if you don't have the MIB file.
   The only difference is that things will be recorded using
numeric OIDs rather than MIB names.   (And named values
will use the numeric value, rather than the corresponding name).

You get the same information regardless - you just lose some
of the readability.


 Is any configure for my linux server for getting it or no?

If you have the relevant MIB files, then you can install these
on the linux side in the usual manner.   See the on-line
documentation for details.


 Or is linux MIB format is equal to windows MIB format or no?

Yes - the format is the same.


 and my config for getting trap from windows agent was finishe?

If you are now receiving traps from your Windows agent
(such as the coldStart trap when the agent first starts up)
then yes - I believe the configuration is finished.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thanks

 If you have the relevant MIB files, then you can install these
on the linux side in the usual manner.   See the on-line
documentation for details.

Can you help me about this more??

And I have another question : Is any script for windows to set all snmp
config that we can use it to set all config on windows?

Thanks

On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  My means by saying linux MIB is MIB format for linux system

 The format of MIB files is standard - it will be the same on
 Linux, Windows, Mac OS, etc, etc.



  I asked when windows agent send snmp trap as MIB files

 Again - that doesn't make send.
 An agent doesn't send an SNMP trap as a MIB file.
 The MIB file defines the name, contents and meaning of the trap.

 But a trap is perfectly valid without the corresponding MIB file.
 You can detect and log it, even if you don't have the MIB file.
The only difference is that things will be recorded using
 numeric OIDs rather than MIB names.   (And named values
 will use the numeric value, rather than the corresponding name).

 You get the same information regardless - you just lose some
 of the readability.


  Is any configure for my linux server for getting it or no?

 If you have the relevant MIB files, then you can install these
 on the linux side in the usual manner.   See the on-line
 documentation for details.


  Or is linux MIB format is equal to windows MIB format or no?

 Yes - the format is the same.


  and my config for getting trap from windows agent was finishe?

 If you are now receiving traps from your Windows agent
 (such as the coldStart trap when the agent first starts up)
 then yes - I believe the configuration is finished.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

thanks
But a trap is perfectly valid without the corresponding MIB file.
You can detect and log it, even if you don't have the MIB file.
   The only difference is that things will be recorded using
numeric OIDs rather than MIB names.   (And named values
will use the numeric value, rather than the corresponding name).

You get the same information regardless - you just lose some
of the readability.

 If you have the relevant MIB files, then you can install these
 on the linux side in the usual manner.   See the on-line
 documentation for details.

 Can you help me about this more??

 And I have another question : Is any script for windows to set all snmp
 config that we can use it to set all config on windows?

 Thanks

 On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  My means by saying linux MIB is MIB format for linux system

 The format of MIB files is standard - it will be the same on
 Linux, Windows, Mac OS, etc, etc.



  I asked when windows agent send snmp trap as MIB files

 Again - that doesn't make send.
 An agent doesn't send an SNMP trap as a MIB file.
 The MIB file defines the name, contents and meaning of the trap.

 But a trap is perfectly valid without the corresponding MIB file.
 You can detect and log it, even if you don't have the MIB file.
The only difference is that things will be recorded using
 numeric OIDs rather than MIB names.   (And named values
 will use the numeric value, rather than the corresponding name).

 You get the same information regardless - you just lose some
 of the readability.


  Is any configure for my linux server for getting it or no?

 If you have the relevant MIB files, then you can install these
 on the linux side in the usual manner.   See the on-line
 documentation for details.


  Or is linux MIB format is equal to windows MIB format or no?

 Yes - the format is the same.


  and my config for getting trap from windows agent was finishe?

 If you are now receiving traps from your Windows agent
 (such as the coldStart trap when the agent first starts up)
 then yes - I believe the configuration is finished.

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com wrote:
 If you have the relevant MIB files, then you can install these
on the linux side in the usual manner.   See the on-line
documentation for details.

 Can you help me about this more??

Basically, just copy the new MIB files into the directory
where the rest of them live.
   Typically this will be something like  /usr/share/snmp/mibs
for a vendor-supplied setup.


 And I have another question : Is any script for windows to set all snmp
 config that we can use it to set all config on windows?

Sorry - I've no idea.
I don't have much to do with Windows administration.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thank you so much again

Basically, just copy the new MIB files into the directory
where the rest of them live.
   Typically this will be something like  /usr/share/snmp/mibs
for a vendor-supplied setup

for example for my work that I said you before should I do anything about
MIB?
(receive some IDS log from windows or liux agent and save them on my linux
serever )


On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  If you have the relevant MIB files, then you can install these
 on the linux side in the usual manner.   See the on-line
 documentation for details.
 
  Can you help me about this more??

 Basically, just copy the new MIB files into the directory
 where the rest of them live.
Typically this will be something like  /usr/share/snmp/mibs
 for a vendor-supplied setup.


  And I have another question : Is any script for windows to set all snmp
  config that we can use it to set all config on windows?

 Sorry - I've no idea.
 I don't have much to do with Windows administration.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 04:56, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes I did it

 and in the first window I got Log of my snmptrap instruction

Good - that's progress


 But excuse me I have another question :
 How I can senf snmptrap by windows Agent?
 can you help me?

Too hasty you are, young padawan.
Much to learn, you still have.
Rome, built in a day, wasn't
   [Hmmm...  that last one doesn't quite work somehow!]

You've taken the first step in setting up the receipt of traps,
but there's still a way to go.
   The next two tasks (which are complementary, but
independent, so can be tackled in either order) are:

-  sending a trap from the (local) agent
   (rather than the command line 'snmptrap')
-  running the trap receiver as a daemon,
   not via the command line.

Let's look at the first one first.

Is there a file /etc/snmp/snmpd.conf ?
If so, does it contain a link of the form
trapsink 
or
trap2sink .
If so - what exactly does this look like?

If there isn't a file /etc/snmp/snmpd.conf,
then can you find a file called 'snmpd.conf'
somewhere else on the system?
   If so, where?
Note that there may be more than one. Try
running   locate snmpd.conf which should
report all of them  (assuming this is set up right)
Same question - do any of these contain
'trapsink' (or similar) lines?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes :) I think I,m too  hasty

because I have a limit time

I have snmpd.conf in this path and contain

# where to send v2 traps:

trap2sink   (server_ip_address) public

# send traps on authentication failures

authtrapenable  1


But I have a force to send a trap by windows Agent (without get by
server Only sending trap by win agent)

can you help me in this step before continue?

I read this link and do config But I don't know how to manage MIB file
to sent as a trap

http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper


ThankS






On Wed, Jul 25, 2012 at 12:29 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 04:56, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes I did it
 
  and in the first window I got Log of my snmptrap instruction

 Good - that's progress


  But excuse me I have another question :
  How I can senf snmptrap by windows Agent?
  can you help me?

 Too hasty you are, young padawan.
 Much to learn, you still have.
 Rome, built in a day, wasn't
[Hmmm...  that last one doesn't quite work somehow!]

 You've taken the first step in setting up the receipt of traps,
 but there's still a way to go.
The next two tasks (which are complementary, but
 independent, so can be tackled in either order) are:

 -  sending a trap from the (local) agent
(rather than the command line 'snmptrap')
 -  running the trap receiver as a daemon,
not via the command line.

 Let's look at the first one first.

 Is there a file /etc/snmp/snmpd.conf ?
 If so, does it contain a link of the form
 trapsink 
 or
 trap2sink .
 If so - what exactly does this look like?

 If there isn't a file /etc/snmp/snmpd.conf,
 then can you find a file called 'snmpd.conf'
 somewhere else on the system?
If so, where?
 Note that there may be more than one. Try
 running   locate snmpd.conf which should
 report all of them  (assuming this is set up right)
 Same question - do any of these contain
 'trapsink' (or similar) lines?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 09:33, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes :) I think I,m too  hasty
 because I have a limit time

In which case, you can't affort to race ahead of yourself!

You should also get in the habit of providing the *full* information
that I ask for.   That will save time currently wasted in forcing me to
ask additional questions to find out the details that you have omitted.


 I have snmpd.conf in this path

In which path?
What is the full location of this file?


 # where to send v2 traps:

 trap2sink   (server_ip_address) public

Is this the exact line as it appears in the file?
Or is there an actual IP address there?
If so - what is it?


 But I have a force to send a trap by windows Agent (without get by server
 Only sending trap by win agent)

 can you help me in this step before continue?

No.
We can get there, but only by taking things in the correct order.
We need to ensure that sending/receipt of traps is working properly,
before looking at automatically generating traps from the agent.


 I read this link and do config But I don't know how to manage MIB file to
 sent as a trap

 http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper

Don't be so impatient!
Let's get the basic configuration correct first.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

 In which path?
 What is the full location of this file?

in the path that you said
  /etc/snmp/snmpd.conf


 Is this the exact line as it appears in the file?
 Or is there an actual IP address there?
 If so - what is it?

 No I replaced my system IP address like 192. by IP ADDRESS name

Thnks

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 10:35, mohamad hosein jafari smhjafar...@gmail.com wrote:
 Is this the exact line as it appears in the file?
 Or is there an actual IP address there?
 If so - what is it?

 No I replaced my system IP address like 192. by IP ADDRESS name

sigh
When I ask for the exact line - then that is what I need to see.
Not something vague like my system IP addres like 192
the *ACTUAL* IP address!
   Please don't omit information just because you don't think it's
important.   Give me the exact details - then I can ignore the
bits I don't need.

Given that the command-line 'snmptrap' was using the IP address
192.168.150.227,  then I assume that the line in /etc/snmp/snmpd.conf
actually reads

  trap2sink   192.168.150.227public

Is this correct?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 10:54, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes . this is exactly :
 # where to send v2 traps:
 trap2sink   192.168.150.227  public
 # send traps on authentication failures
 authtrapenable  1

Right.

Assuming that the 'snmptrapd' command is still running in your first window,
(and if not, then restart this first, and check it's working using the
same 'snmptrap' command as before).
then please try restarting the 'snmp' agent.

I seem to remember that you said you were working with a CentOS box.
In which case, the command to do this should be

 service   snmpd   restart

What do you see in the snmptrapd output?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

I restart it
and I saw in first window:

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
 SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10


On Wed, Jul 25, 2012 at 2:28 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 10:54, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes . this is exactly :
  # where to send v2 traps:
  trap2sink   192.168.150.227  public
  # send traps on authentication failures
  authtrapenable  1

 Right.

 Assuming that the 'snmptrapd' command is still running in your first
 window,
 (and if not, then restart this first, and check it's working using the
 same 'snmptrap' command as before).
 then please try restarting the 'snmp' agent.

 I seem to remember that you said you were working with a CentOS box.
 In which case, the command to do this should be

  service   snmpd   restart

 What do you see in the snmptrapd output?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I restart it
 and I saw in first window:

 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
 SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10

Good - so that's shown that agent - manual snmptrapd   is working properly.
The next thing is to look at getting the trap receiver to run as a daemon.

Kill off the snmptrapd command that you started earlier  (using Ctrl-C
should do)
and run the command

 service  snmptrapd   start

(as root).   Then immediately afterwards, run the command

ls -ltr /var/log   | tail

You should find that one or more of the files listed there have only just been
changed.   Have a look at each of these - particularly the end of each file.
tail -20 /var/log/messages or similar should do the trick.


Can you find mention of 'snmptrapd' in any of these files?
If so, which?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Yes I did it and I found this line
when I type this command :   ls -ltr /var/log   | tail

-rw-r--r-- 1 root  root   25 Jul 24 14:09 snmptraps.log



On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I restart it
  and I saw in first window:
 
  DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
  SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
  SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10

 Good - so that's shown that agent - manual snmptrapd   is working
 properly.
 The next thing is to look at getting the trap receiver to run as a daemon.

 Kill off the snmptrapd command that you started earlier  (using Ctrl-C
 should do)
 and run the command

  service  snmptrapd   start

 (as root).   Then immediately afterwards, run the command

 ls -ltr /var/log   | tail

 You should find that one or more of the files listed there have only just
 been
 changed.   Have a look at each of these - particularly the end of each
 file.
 tail -20 /var/log/messages or similar should do the trick.


 Can you find mention of 'snmptrapd' in any of these files?
 If so, which?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

and when I use this command :
tail -20 /var/log/messages

I found :
Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2

as the last line

On Wed, Jul 25, 2012 at 3:09 PM, mohamad hosein jafari 
smhjafar...@gmail.com wrote:

 Yes I did it and I found this line
 when I type this command :   ls -ltr /var/log   | tail

 -rw-r--r-- 1 root  root   25 Jul 24 14:09 snmptraps.log



 On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I restart it
  and I saw in first window:
 
  DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
  SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
  SNMPv2-MIB::snmpTrapEnterprise.0 = OID:
 NET-SNMP-MIB::netSnmpAgentOIDs.10

 Good - so that's shown that agent - manual snmptrapd   is working
 properly.
 The next thing is to look at getting the trap receiver to run as a daemon.

 Kill off the snmptrapd command that you started earlier  (using Ctrl-C
 should do)
 and run the command

  service  snmptrapd   start

 (as root).   Then immediately afterwards, run the command

 ls -ltr /var/log   | tail

 You should find that one or more of the files listed there have only just
 been
 changed.   Have a look at each of these - particularly the end of each
 file.
 tail -20 /var/log/messages or similar should do the trick.


 Can you find mention of 'snmptrapd' in any of these files?
 If so, which?

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 11:52, mohamad hosein jafari smhjafar...@gmail.com wrote:
 and when I use this command :
 tail -20 /var/log/messages

 I found :
 Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2

 as the last line


Right - so that's where incoming traps are being logged.
Now try the following:

* In one window, run
  tail -f  /var/log/messages

 This command will show the last ten lines, and then hang.
 This is perfectly normal - just leave it hanging

   * In a second window, restart the SNMP agent again
  (service snmpd restart),  just as you did before.

You should see a trap logged in the first window,
with the same message as you saw earlier.

Does this happen?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes it happened

On Wed, Jul 25, 2012 at 3:45 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 11:52, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  and when I use this command :
  tail -20 /var/log/messages
 
  I found :
  Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2
 
  as the last line


 Right - so that's where incoming traps are being logged.
 Now try the following:

 * In one window, run
   tail -f  /var/log/messages

  This command will show the last ten lines, and then hang.
  This is perfectly normal - just leave it hanging

* In a second window, restart the SNMP agent again
   (service snmpd restart),  just as you did before.

 You should see a trap logged in the first window,
 with the same message as you saw earlier.

 Does this happen?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 12:21, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes it happened

Good - so you know that the trap receiver is working properly.

Now you can start looking at your Windows machine!

Fire up a command window, and type the same 'snmptrap'
command that you used before  (giving the same IP address)
   Do you see anything on the tail -f output?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 13:45, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes I tried command on CMD
 but cmd can't find instruction
 and I didn't get any result

OK.
Have you got the Net-SNMP package installed on your Windows box?

If so, I believe the command will probably be something like

C:\usr\bin\snmptrap ..

Does that help at all?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

I downloaded for linux and windows
But I didn't install it on windows . does it need for windows agent to got
net-snmp? Is configuration step like tis link step on windows service not
 Enough ؟؟(without using cmd?)
http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper


and if it need how can I install it?
this download link
http://sourceforge.net/projects/net-snmp/files/net-snmp/5.7.1/net-snmp-5.7.1.zip/download




On Wed, Jul 25, 2012 at 5:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 13:45, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes I tried command on CMD
  but cmd can't find instruction
  and I didn't get any result

 OK.
 Have you got the Net-SNMP package installed on your Windows box?

 If so, I believe the command will probably be something like

 C:\usr\bin\snmptrap ..

 Does that help at all?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 14:04, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I downloaded for linux and windows
 But I didn't install it on windows.

So you are using the Microsoft-provided SNMP agent,
rather than the Net-SNMP agent - is that correct?

That is quite an important distinction - so it's useful that we've
established this now.   You would have got *very* confused
trying to follow instructions for the Net-SNMP agent, if you're
actually using the MS version!


 Is configuration step like tis link step on windows service not
 Enough ؟؟(without using cmd?)
 http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper

Probably - yes.
This list is for support of the Net-SNMP software, so we can't really help with
anyone else's products.   But at first sight, those instructions look reasonable
for configuring the Windows agent to send traps to the receiver you've now
got running.

Follow those through (using the same IP address as before), and the
restart the Windows SNMP agent.   I would expect to see a similar
log message being received by the snmptrapd daemon
(and hence appearing in /var/log/messages)


You shouldn't need to install the Net-SNMP agent on your Windows box,
if you're happy to use the Microsoft one.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Yes I used Microsoft provided by that step that was in that link that I
sent before

So what is your opinion about it? My cmd don't know any snmp and snmptrap
command But I do microsoft configuration for snmp

what can I do?



On Wed, Jul 25, 2012 at 5:43 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 14:04, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I downloaded for linux and windows
  But I didn't install it on windows.

 So you are using the Microsoft-provided SNMP agent,
 rather than the Net-SNMP agent - is that correct?

 That is quite an important distinction - so it's useful that we've
 established this now.   You would have got *very* confused
 trying to follow instructions for the Net-SNMP agent, if you're
 actually using the MS version!


  Is configuration step like tis link step on windows service not
  Enough ؟؟(without using cmd?)
 
 http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper

 Probably - yes.
 This list is for support of the Net-SNMP software, so we can't really help
 with
 anyone else's products.   But at first sight, those instructions look
 reasonable
 for configuring the Windows agent to send traps to the receiver you've now
 got running.

 Follow those through (using the same IP address as before), and the
 restart the Windows SNMP agent.   I would expect to see a similar
 log message being received by the snmptrapd daemon
 (and hence appearing in /var/log/messages)


 You shouldn't need to install the Net-SNMP agent on your Windows box,
 if you're happy to use the Microsoft one.

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 14:23, mohamad hosein jafari smhjafar...@gmail.com wrote:
 Yes I used Microsoft provided by that step that was in that link that I sent
 before

 So what is your opinion about it? My cmd don't know any snmp and snmptrap
 command But I do microsoft configuration for snmp

 what can I do?

Try following the instructions in that link, to set up the SNMP
service and configure it to send traps to 192.168.150.227

Then restart the Windows SNMP agent.

Do you see anything in the /var/log/messages file?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Yes I did this config snmp service to 192.168.150.227
and after restart agent
I couldn't find this path ( /var/log/messages)in my windows command line .
why?
and also I  couldn't  see any new thing in my linux command line

On Wed, Jul 25, 2012 at 6:13 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 14:23, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  Yes I used Microsoft provided by that step that was in that link that I
 sent
  before
 
  So what is your opinion about it? My cmd don't know any snmp and snmptrap
  command But I do microsoft configuration for snmp
 
  what can I do?

 Try following the instructions in that link, to set up the SNMP
 service and configure it to send traps to 192.168.150.227

 Then restart the Windows SNMP agent.

 Do you see anything in the /var/log/messages file?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 25 July 2012 19:29, mohamad hosein jafari smhjafar...@gmail.com wrote:
 Yes I did this config snmp service to 192.168.150.227
 and after restart agent
 I couldn't find this path ( /var/log/messages)in my windows command line .
 why?

Think about what's happening here.
You are sending traps *from* the windows box *to* the Linux system.
The traps will be received by the Linux system, and logged to the
file /var/log/messages

   Why would you look for this file on the Windows system?


 and also I  couldn't  see any new thing in my linux command line

Now do you see why I wanted you to try running things on the Linux box first?
Because I forced you to do this,  we know that the trap receiver aspects
are working OK.  So if the trap from the Windows agent isn't getting through,
the problem must lie somewhere else.

There are two basic possibilities - either the trap isn't being sent properly,
or it's being sent but not received.   My suspicion is actually the latter.

Please try running the following command on the (receiving) Linux box:

 iptables -I INPUT -p tcp --dport 162  -j ACCEPT

then re-start the Windows SNMP agent.
Do you see anything in the Linux /var/log/messages file?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Yes
but my agent and server in once .

I set my snmp service to send trap on my IP then I went to my linux
(VmWare)
and I do setting about IPtable but I didn't see anything in linux log file

So I have a question:
IS THERE any different between Linux MIB file and windows MIB file? OR
should I have change on linux server to get windows server Trap
(THIS question is very important fot me)

Thanks


On Thu, Jul 26, 2012 at 3:39 AM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 25 July 2012 19:29, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  Yes I did this config snmp service to 192.168.150.227
  and after restart agent
  I couldn't find this path ( /var/log/messages)in my windows command line
 .
  why?

 Think about what's happening here.
 You are sending traps *from* the windows box *to* the Linux system.
 The traps will be received by the Linux system, and logged to the
 file /var/log/messages

Why would you look for this file on the Windows system?


  and also I  couldn't  see any new thing in my linux command line

 Now do you see why I wanted you to try running things on the Linux box
 first?
 Because I forced you to do this,  we know that the trap receiver aspects
 are working OK.  So if the trap from the Windows agent isn't getting
 through,
 the problem must lie somewhere else.

 There are two basic possibilities - either the trap isn't being sent
 properly,
 or it's being sent but not received.   My suspicion is actually the latter.

 Please try running the following command on the (receiving) Linux box:

  iptables -I INPUT -p tcp --dport 162  -j ACCEPT

 then re-start the Windows SNMP agent.
 Do you see anything in the Linux /var/log/messages file?

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 24 July 2012 01:24, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I set snmptrap configure and then I change these conf file but I can't fine
 /etc/default/snmptrap.conf

First thing - are you talking about snmptrap or snmptrapd?
These are very different!

Secondly, /etc/default is typically provided by a vendor installation
(rather than when using a setup compiled from source), and is
used to configure the settings used for *starting* a service
(i.e. the command line options).
   It's not normally a place to put the run-time configuration file.


 So when I run a snmptrap instruction on my agent this instruction run
 but I don't have anything in my log file

What exactly do you mean by run a snmptrap instruction?
What command(s) are you running here?

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

 I run snmp trap demon and I get answer like this
 ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le

You are explicitly telling the trap receiver to use the
configuration file '/tmp/snmptrapd.conf'
   (That's the meaning of the -c option)

Have you created this file?

 /tmp/snmptrapd.conf: No such file or directory

Probably not :-)



 - but about I think I have problem in snmptrapd.conf because when I run
 snmptrap I don't have any error

Again - are you talking about snmptrap, or snmptrapd?
What exactly do you mean by run snmptrap

If you run the command snmptrap with no options,
then you *will* get an error, because that's not valid.
   What is the *exact* command(s) that you are running?



 I set my snmptrapd.conf like this :
 logOption f /var/log/snmptraps.log
 authCommunity log,execute,net  public

And where is this file located?



 and in this path : /etc/sysconfig/snmpd.options   I set like this :

  OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)

That file, and those options are relating to the SNMP agent ('snmpd').
They are nothing to do with either the trap receiver ('snmptrapd')
or the trap sender ('snmptrap').
   Please don't confuse the various elements - they are different commands
used for different purposes, and controlled by different files.



 and also I turnd my IPtable off for test but I dont have anything in my log
 file after I run snmptrap .

 I TEST my request in debian and I get true answer but in CentOS I didn't get
 any answer

Please report *exactly* what you are doing.
There's simply not enough detail in what you have said so far.

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thanks my friend

I want to use snmptrap but I think first of all I should config snmptrapd
on my server to receive snmp information on server .Am I Right??? Or Please
tell me true thing

 I run snmp trap demon and I get answer like this
 ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le
You are explicitly telling the trap receiver to use the
configuration file '/tmp/snmptrapd.conf'
   (That's the meaning of the -c option)

Ok what is this problem?

Have you created this file?
 /tmp/snmptrapd.conf: No such file or directory
Probably not :-)

No I can't find this file in this path . my snmptrapd.conf is
in /etc/snmp/snmptrapd.conf  . how I can make it in the path that you say?


 - but about I think I have problem in snmptrapd.conf because when I run
 snmptrap I don't have any error
Again - are you talking about snmptrap, or snmptrapd?
What exactly do you mean by run snmptrap
If you run the command snmptrap with no options,
then you *will* get an error, because that's not valid.
What is the *exact* command(s) that you are running?

I want to run snmp . I want to send information from agent to manager . I
run this sample
snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
\netSnmpExampleInteger i 123456

 I set my snmptrapd.conf like this :
 logOption f /var/log/snmptraps.log
 authCommunity log,execute,net  public
And where is this file located?

in  /etc/snmp/snmptrapd.conf  I set this lines

 and in this path : /etc/sysconfig/snmpd.options   I set like this :
  OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)
That file, and those options are relating to the SNMP agent ('snmpd').
They are nothing to do with either the trap receiver ('snmptrapd')
or the trap sender ('snmptrap').
   Please don't confuse the various elements - they are different commands
used for different purposes, and controlled by different files.

but I read in conf instruction level to set this line for agent

 and also I turnd my IPtable off for test but I dont have anything in my
log
 file after I run snmptrap .
 I TEST my request in debian and I get true answer but in CentOS I
didn't get
 any answer
Please report *exactly* what you are doing.
There's simply not enough detail in what you have said so far.

I used this command for this work

# /etc/init.d/iptables stop

# chkconfig iptables off


thanks for your help
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 24 July 2012 08:58, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I want to use snmptrap but I think first of all I should config snmptrapd on
 my server to receive snmp information on server .Am I Right???

Correct


  my snmptrapd.conf is in /etc/snmp/snmptrapd.conf

So why were you telling snmptrapd to look in /tmp ?
If your snmptrapd.conf file is under /etc/snmp
then try running

snmptrapd -f -Le

If that complains about no access control
(and *only* if it complains)
then try
snmptrapd -c /etc/snmp/snmptrapd.conf  -f -Le
  instead

Run those command(s) - and please report back what it says.


Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

I use these command

and I get this answer:

NET-SNMP version 5.3.2.2
couldn't open udp:162 -- errno 98 (Address already in use)


On Tue, Jul 24, 2012 at 12:36 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 24 July 2012 08:58, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I want to use snmptrap but I think first of all I should config
 snmptrapd on
  my server to receive snmp information on server .Am I Right???

 Correct


   my snmptrapd.conf is in /etc/snmp/snmptrapd.conf

 So why were you telling snmptrapd to look in /tmp ?
 If your snmptrapd.conf file is under /etc/snmp
 then try running

 snmptrapd -f -Le

 If that complains about no access control
 (and *only* if it complains)
 then try
 snmptrapd -c /etc/snmp/snmptrapd.conf  -f -Le
   instead

 Run those command(s) - and please report back what it says.


 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com wrote:
 I use these command

 and I get this answer:

 NET-SNMP version 5.3.2.2
 couldn't open udp:162 -- errno 98 (Address already in use)

OK - that shows you've already got a trap receiver running.
Shut that down, and try again

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

you means I use Killall snmptrap  command?


On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I use these command
 
  and I get this answer:
 
  NET-SNMP version 5.3.2.2
  couldn't open udp:162 -- errno 98 (Address already in use)

 OK - that shows you've already got a trap receiver running.
 Shut that down, and try again

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

and why I can't find
/etc/default/snmptrap.conf

???

can you help me?

On Tue, Jul 24, 2012 at 12:46 PM, mohamad hosein jafari 
smhjafar...@gmail.com wrote:

 you means I use Killall snmptrap  command?


 On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield 
 d.t.shi...@liverpool.ac.ukwrote:

 On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  I use these command
 
  and I get this answer:
 
  NET-SNMP version 5.3.2.2
  couldn't open udp:162 -- errno 98 (Address already in use)

 OK - that shows you've already got a trap receiver running.
 Shut that down, and try again

 Dave



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 24 July 2012 09:16, mohamad hosein jafari smhjafar...@gmail.com wrote:
 you means I use Killall snmptrap  command?

No
You are still getting confused between snmptrap and snmptrapd

snmptrapd is the trap receiver - the program that runs all the time, listening
for incoming traps and processing/logging them.
snmptrap is used for generating traps - a command-line tool that is run
individually.

snmptrap sends the trap to snmptrapd
Note the 'd' at the end of the name - this stands for daemon.

It's the daemon (snmptrapd) that's running all the time,
which is blocking the (new) daemon that you are trying to start.
So it's the daemon that you need to shut down.

Try
 killall snmptrapd

Please try to keep these two clear in your mind (and in your messages).
The potential for confusion if you mix them up is immense!

Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

Thank

yes I think because my agent and server is on 1 system

I do your instruction to kill  snmptrapd  and then I rewrite that
instruction snmptrapd -f -Le

but my output take long time and I didn't receive anything so I stopped it
this is my output

NET-SNMP version 5.3.2.2
2012-07-23 17:26:38 NET-SNMP version 5.3.2.2 Stopped.

--

On Tue, Jul 24, 2012 at 1:10 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 24 July 2012 09:16, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  you means I use Killall snmptrap  command?

 No
 You are still getting confused between snmptrap and snmptrapd

 snmptrapd is the trap receiver - the program that runs all the time,
 listening
 for incoming traps and processing/logging them.
 snmptrap is used for generating traps - a command-line tool that is run
 individually.

 snmptrap sends the trap to snmptrapd
 Note the 'd' at the end of the name - this stands for daemon.

 It's the daemon (snmptrapd) that's running all the time,
 which is blocking the (new) daemon that you are trying to start.
 So it's the daemon that you need to shut down.

 Try
  killall snmptrapd

 Please try to keep these two clear in your mind (and in your messages).
 The potential for confusion if you mix them up is immense!

 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[Dave Shield]

On 24 July 2012 12:19, mohamad hosein jafari smhjafar...@gmail.com wrote:
 yes I think because my agent and server is on 1 system

No - ther's absolutely no problem about running an SNMP agent
and a trap receiver on the same system.They are different
services, and listen on different network ports.   They shouldn't
interfere with each other in the slightest.


 I do your instruction to kill  snmptrapd  and then I rewrite that
 instruction snmptrapd -f -Le

 this is my output

 NET-SNMP version 5.3.2.2

Good - that seems to be working.


 but my output take long time and I didn't receive anything so I stopped it

sigh
No - please don't do that.
You are quite correct - it's running for a long time.
In fact it will keep running for ever, until you explicitly stop it.

That's the whole point - you are running this as a trap receiver.
It's expected to keep running - waiting to receive incoming traps,
and logging them.   It will do that for as long as the system is up.
   Eventually we'll look at having this run in the background,
but for the time being - let's concentrate on checking that
the basic sending/receiving of traps is working.


Please re-start the 'snmptrapd' command again,
and make sure it gives the same
 NET-SNMP version 5.3.2.2
output.  (With no mention of access control)

Assuming that works, and while it is still running in one terminal window.
try running the
snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
\netSnmpExampleInteger i 123456
  command you mentioned, in a different terminal window.

Do you see anything in the first window?


Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

yes I did it

and in the first window I got Log of my snmptrap instruction

thanks

But excuse me I have another question :
How I can senf snmptrap by windows Agent?
can you help me?

Thanks

On Tue, Jul 24, 2012 at 4:40 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 24 July 2012 12:19, mohamad hosein jafari smhjafar...@gmail.com
 wrote:
  yes I think because my agent and server is on 1 system

 No - ther's absolutely no problem about running an SNMP agent
 and a trap receiver on the same system.They are different
 services, and listen on different network ports.   They shouldn't
 interfere with each other in the slightest.


  I do your instruction to kill  snmptrapd  and then I rewrite that
  instruction snmptrapd -f -Le

  this is my output
 
  NET-SNMP version 5.3.2.2

 Good - that seems to be working.


  but my output take long time and I didn't receive anything so I stopped
 it

 sigh
 No - please don't do that.
 You are quite correct - it's running for a long time.
 In fact it will keep running for ever, until you explicitly stop it.

 That's the whole point - you are running this as a trap receiver.
 It's expected to keep running - waiting to receive incoming traps,
 and logging them.   It will do that for as long as the system is up.
Eventually we'll look at having this run in the background,
 but for the time being - let's concentrate on checking that
 the basic sending/receiving of traps is working.


 Please re-start the 'snmptrapd' command again,
 and make sure it gives the same
  NET-SNMP version 5.3.2.2
 output.  (With no mention of access control)

 Assuming that works, and while it is still running in one terminal window.
 try running the
 snmptrap -v 1 -c public 192.168.150.227
 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification  6 17 
 \netSnmpExampleInteger i 123456
   command you mentioned, in a different terminal window.

 Do you see anything in the first window?


 Dave

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: SNMPTRAP doesn't work

[Mohammad Waqas Athar]

If it is working on debian then you might have installed net snmp package 
differently maybe that is why it is not working on centos.Are you sure your 
snmptrapd.conf is located in tmp directory /tmp/snmptrapd.conf.Try reducing you 
snmptrapd.conf options and first try to make it run then try to diagnose where 
is the problem .   
Regards, 
Muhammad Waqas. 



Date: Tue, 24 Jul 2012 09:13:44 +0430
Subject: Re: SNMPTRAP doesn't work
From: smhjafar...@gmail.com
To: mohwaqa...@hotmail.com

Thanks
I run snmp trap demon and I get answer like this]# snmptrapd -f -C -c 
/tmp/snmptrapd.conf -Le/tmp/snmptrapd.conf: No such file or 
directory/tmp/snmptrapd.conf: No such file or directory
Warning: no access control information configured.This receiver will *NOT* 
accept any incoming notifications.NET-SNMP version 5.3.2.2 ...
and after that this process take long time and I should stop it 

- but about I think I have problem in snmptrapd.conf because when I run 
snmptrap I don't have any error but I don't have anything in my log file I set 
my snmptrapd.conf like this :
logOption f /var/log/snmptraps.logauthCommunity log,execute,net  public

and in this path : /etc/sysconfig/snmpd.options   I set like this :

 OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)
and also I turnd my IPtable off for test but I dont have anything in my log 
file after I run snmptrap .

I TEST my request in debian and I get true answer but in CentOS I didn't get 
any answer 
On Tue, Jul 24, 2012 at 8:55 AM, Mohammad Waqas Athar mohwaqa...@hotmail.com 
wrote:






Well if you are new to using net-snmp library you will come across such kind of 
problems. I think you are having problem setting up snmptrap daemon . If this 
is the case then 
1- First of all make sure your snmptrapd.conf configuration file is in (any) 
directory as pointed out by `net-snmp-config --snmpconfpath`
2- Secondly make sure you flush your iptables rule by sudo iptables -F so that 
snmp trap messages are not blocked by firewall.3- Try to run snmptrap daemon 
using  sudo /usr/local/sbin/snmptrapd -f -L o and generate a dummy snmptrap as 
given in net snmp tutorial and check does your daemon works or not. 

When you run snmptrap , you will get an error of some config file. Ignore that 
message if you follow the correct syntax then message would definitively be 
delivered to snmptrap daemon. 

Regards, 
Muhammad Waqas. 


Date: Tue, 24 Jul 2012 04:54:08 +0430
Subject: SNMPTRAP doesn't work
From: smhjafar...@gmail.com

To: net-snmp-users@lists.sourceforge.net

Hi
I set snmptrap configure and then I change these conf file but I can't fine 
/etc/default/snmptrap.conf

So when I run a snmptrap instruction on my agent this instruction run but I 
don't have anything in my log file

can you help me? ot can you tell me snmptrap step by step?
thanks

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users 
  

  --
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPTRAP doesn't work

[mohamad hosein jafari]

I think I installed it correctly
and for config I used this link
http://www.cyberciti.biz/faq/linux-unix-bind-snmpd-to-specific-ip-address-interfaces/

and my snmptrapd.conf in in this path : /etc/snmp/snmptrapd.conf

and contain :

logOption f /var/log/snmptraps.log
authCommunity log,execute,net  public

Do you have an other approach?

thanks


On Tue, Jul 24, 2012 at 9:36 AM, Mohammad Waqas Athar 
mohwaqa...@hotmail.com wrote:


 If it is working on debian then you might have installed net snmp package
 differently maybe that is why it is not working on centos.Are you sure your
 snmptrapd.conf is located in tmp directory /tmp/snmptrapd.conf.Try reducing
 you snmptrapd.conf options and first try to make it run then try to
 diagnose where is the problem .

 Regards,
 Muhammad Waqas.



 --
 Date: Tue, 24 Jul 2012 09:13:44 +0430
 Subject: Re: SNMPTRAP doesn't work
 From: smhjafar...@gmail.com
 To: mohwaqa...@hotmail.com


 Thanks

 I run snmp trap demon and I get answer like this
 ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le
 /tmp/snmptrapd.conf: No such file or directory
 /tmp/snmptrapd.conf: No such file or directory
 Warning: no access control information configured.
 This receiver will *NOT* accept any incoming notifications.
 NET-SNMP version 5.3.2.2 ...

 and after that this process take long time and I should stop it

 - but about I think I have problem in snmptrapd.conf because when I run
 snmptrap I don't have any error but I don't have anything in my log file
 I set my snmptrapd.conf like this :
 logOption f /var/log/snmptraps.log
 authCommunity log,execute,net  public


 and in this path : /etc/sysconfig/snmpd.options   I set like this :

  OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)

 and also I turnd my IPtable off for test but I dont have anything in my
 log file after I run snmptrap .

 I TEST my request in debian and I get true answer but in CentOS I didn't
 get any answer

 On Tue, Jul 24, 2012 at 8:55 AM, Mohammad Waqas Athar 
 mohwaqa...@hotmail.com wrote:


 Well if you are new to using net-snmp library you will come across such
 kind of problems. I think you are having problem setting up
 snmptrap daemon . If this is the case then

 1- First of all make sure your snmptrapd.conf configuration file is in
 (any) directory as pointed out by `net-snmp-config --snmpconfpath`
 2- Secondly make sure you flush your iptables rule by sudo iptables -F so
 that snmp trap messages are not blocked by firewall.
 3- Try to run snmptrap daemon using  sudo /usr/local/sbin/snmptrapd -f -L
 o and generate a dummy snmptrap as given in net snmp tutorial and check
 does your daemon works or not.

 When you run snmptrap , you will get an error of some config file. Ignore
 that message if you follow the correct syntax then message
 would definitively be delivered to snmptrap daemon.

 Regards,
 Muhammad Waqas.



 --
 Date: Tue, 24 Jul 2012 04:54:08 +0430
 Subject: SNMPTRAP doesn't work
 From: smhjafar...@gmail.com
 To: net-snmp-users@lists.sourceforge.net


 Hi

 I set snmptrap configure and then I change these conf file but I can't
 fine /etc/default/snmptrap.conf

 So when I run a snmptrap instruction on my agent this instruction run but
 I don't have anything in my log file

 can you help me? ot can you tell me snmptrap step by step?

 thanks

 --
 Live Security Virtual Conference Exclusive live event will cover all the
 ways today's security and threat landscape has changed and how IT managers
 can respond. Discussions will include endpoint security, mobile security
 and the latest in malware threats.
 http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
 ___ Net-snmp-users mailing
 list Net-snmp-users@lists.sourceforge.net Please see the following page
 to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users



--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap problem after 1024 trap messages

[Dave Shield]

On 16 April 2012 21:18, Norman Rädke normanrae...@gmx.de wrote:
 I using the NET-SNMP version 5.6.1.

Hmmm
It might be worth trying with the upcoming 5.6.2 release
(or with v5.7.1).   I've had a quick look through the ChangeLog,
and there are various commits that refer to close() handling.
Nothing that screams out to be clearly relevant to your problem,
but it's worth checking to see.


 The error was logged by the threaded application

The other suggestion I'd make would be to avoid the problem
altogether by re-using the same session structure (and socket)
each time the routine is called.
  Something like:

  static snmp_session *ss = NULL;

  if ( ss == NULL ) {
   snmp_session session;
   init_snmp(libpbmoninsp_trap);
 :
   ss = snmp_add();
  }

and then omit the termination block:

snmp_close(ss);
snmp_shutdown(libpbmoninsp_trap);
SOCK_CLEANUP;

That way you'd only have one session open all the time,
and wouldn't need a separate socket for each call.

Dave

--
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap problem after 1024 trap messages

[dave]

Have you done an lsof to see which files are open?  Are you
sure it's a socket and not /dev/null or something like that?

D.

 On 16 April 2012 21:18, Norman Rädke normanrae...@gmx.de wrote:
 I using the NET-SNMP version 5.6.1.

 Hmmm
 It might be worth trying with the upcoming 5.6.2 release
 (or with v5.7.1).   I've had a quick look through the ChangeLog,
 and there are various commits that refer to close() handling.
 Nothing that screams out to be clearly relevant to your problem,
 but it's worth checking to see.


 The error was logged by the threaded application

 The other suggestion I'd make would be to avoid the problem
 altogether by re-using the same session structure (and socket)
 each time the routine is called.
   Something like:

   static snmp_session *ss = NULL;

   if ( ss == NULL ) {
snmp_session session;
init_snmp(libpbmoninsp_trap);
  :
ss = snmp_add();
   }

 and then omit the termination block:

 snmp_close(ss);
 snmp_shutdown(libpbmoninsp_trap);
 SOCK_CLEANUP;

 That way you'd only have one session open all the time,
 and wouldn't need a separate socket for each call.

 Dave

 --
 Better than sec? Nothing is better than sec when it comes to
 monitoring Big Data applications. Try Boundary one-second
 resolution app monitoring today. Free.
 http://p.sf.net/sfu/Boundary-dev2dev
 ___
 Net-snmp-users mailing list
 Net-snmp-users@lists.sourceforge.net
 Please see the following page to unsubscribe or change other options:
 https://lists.sourceforge.net/lists/listinfo/net-snmp-users




--
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap problem after 1024 trap messages

[Dave Shield]

On 16 April 2012 15:03, Norman Rädke normanrae...@gmx.de wrote:
 within my threading application i send every second a trap message to a
 traphandler, but after 1024 mesages i have got the following error lines''.

 net-snmp: 2 error(s) in config file(s)
 /etc/snmp/snmp.conf: line 0: Error: maximum conf file count (4096) exceeded
 /var/net-snmp/libpbmoninsp_trap.conf: line 0: Error: maximum conf file count
 (4096) exceeded

Is this error being logged by the threaded application, or the trap receiver?
If it's the trap receiver, then what are the snmptrapd config settings?

Also, which version of the Net-SNMP code are you using?

Dave

--
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap problem after 1024 trap messages

[Norman Rädke]

I using the NET-SNMP version 5.6.1.
The error was logged by the threaded application and not by the trap
receiver.

Norman

2012/4/16 Dave Shield d.t.shi...@liverpool.ac.uk

 On 16 April 2012 15:03, Norman Rädke normanrae...@gmx.de wrote:
  within my threading application i send every second a trap message to a
  traphandler, but after 1024 mesages i have got the following error
 lines''.
 
  net-snmp: 2 error(s) in config file(s)
  /etc/snmp/snmp.conf: line 0: Error: maximum conf file count (4096)
 exceeded
  /var/net-snmp/libpbmoninsp_trap.conf: line 0: Error: maximum conf file
 count
  (4096) exceeded

 Is this error being logged by the threaded application, or the trap
 receiver?
 If it's the trap receiver, then what are the snmptrapd config settings?

 Also, which version of the Net-SNMP code are you using?

 Dave

--
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap question

[Simon Chamlian]

Thanks.

Now my MIB declares a NOTIFICATION-TYPE:

* mpbcRMHTrapCritical NOTIFICATION-TYPE
OBJECTS {
mpbcRMHAlarmNEID,
mpbcRMHAlarmSlot,
mpbcRMHAlarmModule,
mpbcRMHAlarmID,
mpbcRMHAlarmDescription,
mpbcRMHAlarmStartTime
}
STATUS  current
DESCRIPTION Critical Trap alarm.
::= { mpbcRMHTrap 1 }
*

---

I don't understand the OBJECTS part. Can we send the values of all these
objects in the trap details?

Presently, what I get in the details of the trap is:


*SNMPv3 Trap Pdu,  MsgId = 1446431974, MaxSize = 65507
Flags = Auth/noPriv, SecurityModel = USM
EngineId = [0x80001f88806f673b3b0b1f4da1], EngineBoots = 161, EngineTime =
3, UserName = [testrwauth]
ContextEngineId = [0x80001f88806f673b3b0b1f4da1], ContextName = []
Request Id = 1843318089, Error Status = 0 , Error Index = 0
Oid1 = sysUpTime.0 , Type = TimeTicks, Value = 48 hrs: 15 min: 02 sec
Oid2 = snmpModules.1.1.4.1.0 , Type = ObjectID, Value = mpbcRMH-TrapCritical
*

TIA,
S



On Wed, Jan 11, 2012 at 5:21 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote:

 On 11 January 2012 21:31, Simon Chamlian simon.chaml...@gmail.com wrote:
  I'm issuing the following snmptrap command:
 
  snmptrap -v 3 -u  testrwauth -a MD5 -A authentication test -l
 authNoPriv
   172.27.57.34  42  MPBC-RMH-MIB::mpbcRMH-Mon-HPU-State

 What is the definition of the MIB object mpbcRMH-Mon-HPU-State ?
 Is this defined as OBJECT-TYPE or NOTIFICATION-TYPE?

 If it's defined as a MIB object (rather than as a Notification),
 then it's not valid to use it here.


  1) This is returning the ObjectID in the summary of my trap window
  (i.e, my trap log has 4 columns: Time, Source, Type and Summary).
 
  Instead of getting the ObjectdID in the Summary, is it possible to
 get
   the 'Value' this OID?

 The snmptrap command takes two basic parameters:
-  an integer (the sysUpTime value)
-  an OID(of a Notification-Type object)

 This is then optionally followed by a number of   OID-type-value triplets
 (in the same form as would be used for snmpset)
 So if the notification definition lists four payload objects, then the
 snmptrap command should look something like

snmptrap   42  myTrapOID
myTime.1 t   12345
mySource.1  a   1.2.3.4
myType.1 i99
mySummary.1  s   The Good, the Bad and the Ugly

 (with suitable varbind triples for the four payload elements)

 Yes, the trap can contain the required values, but you'll need
 to specify these as part of the snmptrap command.


  2) the 42 right after the IP address, what does it do?

 This is the sysUpTime.0 value.
 From the snmptrap(1) man page:

   snmptrap -v [2c|3] [COMMON OPTIONS] [-Ci] uptime trap-oid
 [OID TYPE VALUE]...

 In your exapmle
42 is the parameter 'uptime'
mpbcRMH-Mon-HPU-State  is the parameter 'trap-oid'

 Dave

--
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap question

[Dave Shield]

On 11 January 2012 21:31, Simon Chamlian simon.chaml...@gmail.com wrote:
 I'm issuing the following snmptrap command:

 snmptrap -v 3 -u  testrwauth -a MD5 -A authentication test -l authNoPriv
  172.27.57.34  42  MPBC-RMH-MIB::mpbcRMH-Mon-HPU-State

What is the definition of the MIB object mpbcRMH-Mon-HPU-State ?
Is this defined as OBJECT-TYPE or NOTIFICATION-TYPE?

If it's defined as a MIB object (rather than as a Notification),
then it's not valid to use it here.


 1) This is returning the ObjectID in the summary of my trap window
     (i.e, my trap log has 4 columns: Time, Source, Type and Summary).

     Instead of getting the ObjectdID in the Summary, is it possible to get
  the 'Value' this OID?

The snmptrap command takes two basic parameters:
-  an integer (the sysUpTime value)
-  an OID(of a Notification-Type object)

This is then optionally followed by a number of   OID-type-value triplets
(in the same form as would be used for snmpset)
So if the notification definition lists four payload objects, then the
snmptrap command should look something like

snmptrap   42  myTrapOID
myTime.1 t   12345
mySource.1  a   1.2.3.4
myType.1 i99
mySummary.1  s   The Good, the Bad and the Ugly

(with suitable varbind triples for the four payload elements)

Yes, the trap can contain the required values, but you'll need
to specify these as part of the snmptrap command.


 2) the 42 right after the IP address, what does it do?

This is the sysUpTime.0 value.
From the snmptrap(1) man page:

   snmptrap -v [2c|3] [COMMON OPTIONS] [-Ci] uptime trap-oid
[OID TYPE VALUE]...

In your exapmle
42 is the parameter 'uptime'
mpbcRMH-Mon-HPU-State  is the parameter 'trap-oid'

Dave

--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap

[Dave Shield]

    [ First - *please* don't mail me privately, without copying
any responses to the mailing list.  I don't have the time     or
inclination to offer private, unpaid, SNMP consultancy.     Keep
discussions to the list, where others can both learn     and offer
advice.  Thanks.   ]

On 3 January 2012 16:46, Simon Chamlian simon.chaml...@gmail.com wrote:
 I taught snmptrapd.conf is for snmptrapd (the trap daemon)?

Yes - that's quite correct.

But we have been discussing the use of snmpinform - i.e. sending
acknowledged SNMPv3 notifications to a trap receiver such as snmptrapd.

In this situation, the trap receiver (snmptrapd) is the authoritative
SNMP engine,
so the SNMPv3 user must be known to that application.
   Hence if you're using snmptrapd, then you need to set up a 'createUser'
entry in the snmptrapd.conf file.



 Even if I don't use the trap daemon, I still need to configure the users in
 snmptrapd.conf?

If you are sending SNMPv3 informs to some receiving application,
then you need to configure the necessary users into that application.

If you're using snmptrapd, then this will be done using snmptrapd.conf
If you're using a different trap receiver, then you will need to consult the
documentation for that receiver to find out how to configure SNMPv3 users.

Dave

--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap/snmpinform port number

[Dave Shield]

On 3 January 2012 18:36, Simon Chamlian simon.chaml...@gmail.com wrote:
 snmpinform/snmptrap port number is set to 162 by default.

 Is there any way we can change the port number through command line or it is
 hard coded?

   $ man snmpcmd

   AGENT SPECIFICATION
   The string AGENT in the SYNOPSIS above specifies the remote SNMP entity
   with which to communicate.  This specification takes the form:

  [transport-specifier:]transport-address

   transport-specifier   transport-address format
   udp hostname[:port] or IPv4-address[:port]
   tcp  hostname[:port] or IPv4-address[:port]


   Here are some examples, along with their interpretation:

   hostname:161perform query using UDP/IPv4 datagrams to host-
   name on port 161.  The :161 is redundant here
   since that is the  default  SNMP  port  in  any
   case.

   udp:hostnameidentical  to  the previous specification.  The
   udp: is redundant here since UDP/IPv4 is  the
   default transport.

   TCP:hostname:1161   connect to hostname on port 1161 using TCP/IPv4
   and perform query over that connection.


Dave

--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap

[Dave Shield]

On 22 December 2011 21:41, Simon Chamlian simon.chaml...@gmail.com wrote:
 I tried:

 # snmptrap -v 3 -u  testrwauth  -a MD5 -A authentication test -l
   authNoPriv 172.27.57.65 42 mpbcRMHMon-HPU-State

Try loading the MIB file that defines this object -
   either by using the '-m' option to list the name of the MIB module,
   or by specifying the MIB object in the formMY-MIB::myObject

See the FAQ entry How do I add a MIB to the tools for more details.

Alternatively, give the numeric OID instead of the name.

Dave

--
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmptrap

[Simon Chamlian]

Actually,

[root@M54418TWR root]# snmpinform -v 3 -u  testrwauth -a MD5 -A
authentication test -l authNoPriv 172.27.57.65 42 coldStart.0
*Authentication failed for testrwaut*h
[root@M54418TWR root]#

I get authentication failed message but I do receive the inform on
172.27.52.65.

Any hints?
Thanks,
Simon





On Thu, Dec 22, 2011 at 4:41 PM, Simon Chamlian simon.chaml...@gmail.comwrote:

 Hi,

 How do I send a trap on one of my own OID?

 I tried:

 [root@M54418TWR root]# snmptrap -v 3 -u  testrwauth  -a MD5 -A
 authentication test -l authNoPriv 172.27.57.65 42 mpbcRMHMon-HPU-State
 mpbcRMHMon-HPU-State: Unknown Object Identifier (Sub-id not found: (top)
 - mpbcRMHMon-HPU-State)
 [root@M54418TWR root]#

 Note that:
 snmpinform -v 3 -u  testrwauth -a MD5 -A authentication test -l
 authNoPriv 172.27.57.65 42 coldStart.0
 works fine.

 Thanks,
 Simon


--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Hey Dave,

Good afternoon. Does this help with keeping the source IP to be the original IP 
(source natting)? As long as I keep all the configs the same regardless of the 
file it uses, it shouldn't be an issue. Anywhere is that config:

[root@em7-freebsd /usr/local/etc/rc.d]# cat snmptrapd 
#!/bin/sh
#
# $FreeBSD: ports/net-mgmt/net-snmp/files/snmptrapd.sh.in,v 1.2 2010/03/27 
00:14:24 dougb Exp $
#
# PROVIDE: snmptrapd
# REQUIRE: DAEMON
#
# Add the following line to /etc/rc.conf to enable snmptrapd:
#
# snmptrapd_enable=YES
#

snmptrapd_enable=${snmptrapd_enable-NO}
snmptrapd_flags=${snmptrapd_flags--p /var/run/snmptrapd.pid}

. /etc/rc.subr

load_rc_config net_snmptrapd

if [ ! -z $net_snmptrapd_enable ]; then
echo Warning: \$net_snmptrapd_enable is obsoleted.
echo  Use \$snmptrapd_enable instead.
snmptrapd_enable=$net_snmptrapd_enable
[ ! -z $net_snmptrapd_flags ]  snmptrapd_flags=$net_snmptrapd_flags
fi

name=snmptrapd
rcvar=`set_rcvar`

command=/usr/local/sbin/${name}
pidfile=/var/run/${name}.pid

load_rc_config ${name}
run_rc_command $1

Thanks as still cannot seem to get source forwarding/natting to work.

Sincerely,
George




--- On Fri, 7/1/11, Dave Shield d.t.shi...@liverpool.ac.uk wrote:

 From: Dave Shield d.t.shi...@liverpool.ac.uk
 Subject: Re: Snmptrap not forwarding on proper port
 To: George ai...@yahoo.com
 Cc: net-snmp-users@lists.sourceforge.net 
 net-snmp-users@lists.sourceforge.net
 Date: Friday, July 1, 2011, 5:07 PM
 On 1 July 2011 21:10, George ai...@yahoo.com
 wrote:
  Still no go:
 
 Ok  - rather than trying to guess where the config
 files
 should go, it's probably worth checking this properly.
 
 Have a look at the /usr/local/etc/rc.d/snmptrapd script
 
 First, see if it specifies an explicit config file
 location.
 If so, then try copying the file there.
 
 If the rc.d script doesn't specify the config file, then
 check that script to see where the snmptrapd binary is.
 Run that using the option -Dread_config  which should
 display the search path that it's using.
    What does that report?
 
 Dave

--
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on Lean Startup 
Secrets Revealed. This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Hey Dave,

Here are the results:

Jul  1 12:03:41 freebsd snmptrapd[7647]: UNKNOWN [UDP: 
[10.1.1.228]:35113-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (180095462) 20 days, 20:15:54.62, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 12:03:42 freebsd snmptrapd[7647]: UNKNOWN [UDP: 
[10.1.1.228]:52548-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (180095599) 20 days, 20:15:55.99, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 12:03:43 freebsd snmptrapd[7647]: UNKNOWN [UDP: 
[10.1.1.228]:39409-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (180095727) 20 days, 20:15:57.27, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 12:03:44 freebsd snmptrapd[7647]: UNKNOWN [UDP: 
[10.1.1.228]:42274-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (180095853) 20 days, 20:15:58.53, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo


[root@freebsd /usr/local/etc/rc.d]# cat /usr/local/share/snmp/snmptrapd.conf
disableAuthorization yes
format2  '%B [%b]:  %A [%a]:  Trap %#v\n'
authCommunity log,execute,net public 
forward default udp:10.1.1.227:162 

snmpd --version
NET-SNMP version:  5.5
Web:   http://www.net-snmp.org/
Email: net-snmp-cod...@lists.sourceforge.ne

And yes, have executed the command 4 times:

[root@cu-dev ~]# snmptrap -v 2c -c public 10.1.1.234  
UCD-DEMO-MIB::ucdDemoPublic SNMPv2-MIB::sysLocation.0 s yahoo

Thanks.
George

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 1 July 2011 17:07, George ai...@yahoo.com wrote:
 Here are the results:

Hmmm.. I'm really not convinced by these results.

Breaking down an example log entry gives

 Jul  1 12:03:41 freebsd snmptrapd[7647]:
 UNKNOWN [UDP: [10.1.1.228]:35113-[0.0.0.0]]:
 Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095462) ...,
 SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic,
 SNMPv2-MIB::sysLocation.0 = STRING: yahoo

which shows a single name [address] pair
  (albeit with a somewhat complex address string!)


However the format string that you claim to be using

 format2  '%B [%b]:  %A [%a]:  Trap %#v\n'

should have *TWO*  such pairs.

I strongly suspect that the snmptrapd that you are running is
not using this particular config file.

Try copying the same config file to /etc/snmp/snmptrapd.conf
and restart the snmptrapd process.

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Hey Dave,

Still no go:

[root@freebsd /usr/local/etc/rc.d]# find / -name snmptrapd.conf
/usr/local/share/snmp/snmptrapd.conf
/var/log/snmptrapd.conf
/var/net-snmp/snmptrapd.conf
/etc/snmptrapd.conf

yahoo[root@freebsd ~]# cp /usr/local/share/snmp/snmptrapd.conf 
/etc/snmptrapd.conf

[root@freebsd /usr/local/etc/rc.d]# cat /etc/snmptrapd.conf
disableAuthorization yes
format2  '%B [%b]:  %A [%a]:  Trap %#v\n'
authCommunity log,execute,net public 
forward default udp:10.1.1.227:162 
#authCommunity net public forward default udp:10.1.1.227:162 public

[root@freebsd /usr/local/etc/rc.d]# cat /usr/local/share/snmp/snmptrapd.conf
disableAuthorization yes
format2  '%B [%b]:  %A [%a]:  Trap %#v\n'
authCommunity log,execute,net public 
forward default udp:10.1.1.227:162 
#authCommunity net public forward default udp:10.1.1.227:162 public



[root@freebsd ~]#  cd /usr/local/etc/rc.d/
[root@freebsd /usr/local/etc/rc.d]# ./snmpd stop
Stopping snmpd.
Waiting for PIDS: 7655.

[root@freebsd /usr/local/etc/rc.d]# ./snmptrapd stop
Stopping snmptrapd.
Waiting for PIDS: 7647.

[root@freebsd /usr/local/etc/rc.d]# ./snmptrapd start
Starting snmptrapd.

[root@freebsd /usr/local/etc/rc.d]# ./snmpd start
Starting snmpd.



tail -50 /var/log/messages
Jul  1 16:02:15 freebsd snmptrapd[8876]: UNKNOWN [UDP: 
[10.1.1.228]:49790-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (181526663) 21 days, 0:14:26.63, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 16:02:16 freebsd snmptrapd[8876]: UNKNOWN [UDP: 
[10.1.1.228]:38519-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (181526798) 21 days, 0:14:27.98, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 16:02:17 freebsd snmptrapd[8876]: UNKNOWN [UDP: 
[10.1.1.228]:47399-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (181526894) 21 days, 0:14:28.94, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jul  1 16:02:38 freebsd snmptrapd[8876]: UNKNOWN [UDP: 
[10.1.1.228]:44626-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (181528987) 21 days, 0:14:49.87, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: 

Let me know what you think. Thanks again.

Sincerely,
George

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 1 July 2011 21:10, George ai...@yahoo.com wrote:
 Still no go:

Ok  - rather than trying to guess where the config files
should go, it's probably worth checking this properly.

Have a look at the /usr/local/etc/rc.d/snmptrapd script

First, see if it specifies an explicit config file location.
If so, then try copying the file there.

If the rc.d script doesn't specify the config file, then
check that script to see where the snmptrapd binary is.
Run that using the option -Dread_config  which should
display the search path that it's using.
   What does that report?

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 29 June 2011 17:45, George ai...@yahoo.com wrote:
  but note that ./snmptrapd -f -Le did not keep the screen up on freebsd to 
 view the data live

Strange
What version of snmptrapd is this?


 Jun 29 12:43:46 freebsd snmptrapd[93523]: UNKNOWN [UDP: 
 [10.1.1.228]:50079-[0.0.0.0]]: Trap ,
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (163058628) 18 days, 
 20:56:26.28,
SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic,
SNMPv2-MIB::sysLocation.0 = STRING: yahoo

You issued the same 'snmptrap' command three times, yes?

What is the format2 string that you're using?
Because this looks more like the default layout, rather than the

format2  '%B [%b]:  %A [%a]:  Trap %#v\n'

output that I was suggesting.

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Hey Dave,

This didn't work:

[root@freebsd /usr/local/etc/rc.d]# vi /usr/local/share/snmp/snmptrapd.conf
disableAuthorization yes
format2 '%B [%b]: Trap %#v\n'
authCommunity log,execute,net public
forward default udp:10.1.1.227:162

Any ideas? When I look at the raw packets the source IP is still the freebsd 
machine. Thanks.

Sincerely,
George

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Why just a v1 trap? Doesn't this work on other types? Thanks.  

George 

Sent from my iPhone

On Jun 28, 2011, at 5:21 AM, Dave Shield d.t.shi...@liverpool.ac.uk wrote:

 On 27 June 2011 19:02, George ai...@yahoo.com wrote:
  how do I preserve the original IP address that sent the trap?
 
  The IP address is reported using '%a'
  The hostname is reported using '%A'
 
 Not sure of the syntax to use in the snmptrapd.conf file since ./snmptradd 
 start -%a or -%A did not work.
 
 Try
 
   format1  'Testing: %a: %W Trap (%q) Uptime: %#T%#v\n'
 
 (within the snmptrapd.conf file), and send a v1 trap to snmptrapd.
 See what gets reported
 
 Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 28 June 2011 21:26, George ai...@yahoo.com wrote:
 This didn't work:

 [root@freebsd /usr/local/etc/rc.d]# vi /usr/local/share/snmp/snmptrapd.conf
 disableAuthorization yes
 format2 '%B [%b]: Trap %#v\n'
 authCommunity log,execute,net public
 forward default udp:10.1.1.227:162

Let's simplify things for a moment.
Forget about forwarding traps to another server for now.
Concentrate on what things look like at the initial receiver.

Try the following:

Tweak the snmptrapd.conf file so that the format2 line looks like

   format2  '%B [%b]:  %A [%a]:  Trap %#v\n'

and send it a trap.
What does the output look like?


Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 29 June 2011 16:08, George ai...@yahoo.com wrote:
how do I look at the output?

Well, it's probably being logged to the default log file
(typically something like /var/log/messages).
I'm afraid I can't be more specific, as you've not given
any indication as to what O/S you are working with.

The simplest way to see what's happening is to run the
trap receiver using

snmptrapd -f -Le

and then you can see the output printed directly.


 Whenever I get the packets from the receiving trap machine
 from the forwarding machine

Forget about trap forwarding for the time being.
That's just making things more complicated.

Start with a simple setup - an agent sending directly
to a single trap receiver, which logs what it receives.

Try that with the configuration I suggested.
What gets displayed?

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Apologize as here is the info from the debug, but note that ./snmptrapd -f -Le 
did not keep the screen up on freebsd to view the data live :

Jun 29 12:13:52 freebsd snmptrapd[93374]: registering pdu failed: 263!
Jun 29 12:13:52 freebsd last message repeated 22 times
Jun 29 12:13:52 freebsd snmptrapd[93374]: getaddrinfo: start hostname nor 
servname provided, or not known
Jun 29 12:13:52 freebsd snmptrapd[93374]: getaddrinfo(start, NULL, ...): 
hostname nor servname provided, or not known
Jun 29 12:13:52 freebsd snmptrapd[93374]: couldn't open start -- errno 9 (Bad 
file descriptor)
Jun 29 12:13:57 freebsd snmptrapd[93375]: registering pdu failed: 263!
Jun 29 12:13:57 freebsd last message repeated 22 times
Jun 29 12:13:57 freebsd snmptrapd[93375]: getaddrinfo: start hostname nor 
servname provided, or not known
Jun 29 12:13:57 freebsd snmptrapd[93375]: getaddrinfo(start, NULL, ...): 
hostname nor servname provided, or not known
Jun 29 12:13:57 freebsd snmptrapd[93375]: couldn't open start -- errno 9 (Bad 
file descriptor)
Jun 29 12:43:46 freebsd snmptrapd[93523]: UNKNOWN [UDP: 
[10.1.1.228]:50079-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (163058628) 18 days, 20:56:26.28, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jun 29 12:44:11 freebsd snmptrapd[93523]: UNKNOWN [UDP: 
[10.1.1.228]:49540-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (163061120) 18 days, 20:56:51.20, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo
Jun 29 12:44:13 freebsd snmptrapd[93523]: UNKNOWN [UDP: 
[10.1.1.228]:59528-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = 
Timeticks: (163061257) 18 days, 20:56:52.57, SNMPv2-MIB::snmpTrapOID.0 = OID: 
UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[George]

Trap being sent:
snmptrap -v 2c -c public 10.1.1.234  UCD-DEMO-MIB::ucdDemoPublic 
SNMPv2-MIB::sysLocation.0 s yahoo

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 27 June 2011 19:02, George ai...@yahoo.com wrote:
   how do I preserve the original IP address that sent the trap?

  The IP address is reported using '%a'
  The hostname is reported using '%A'

  Not sure of the syntax to use in the snmptrapd.conf file since ./snmptradd 
 start -%a or -%A did not work.

Try

   format1  'Testing: %a: %W Trap (%q) Uptime: %#T%#v\n'

(within the snmptrapd.conf file), and send a v1 trap to snmptrapd.
See what gets reported

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 28 June 2011 13:13, George ai...@yahoo.com wrote:
 Why just a v1 trap? Doesn't this work on other types?

Of course it does.

It's just that you'd need to use the format2 directive for
SNMPv2/3 notifications.   So given that I'd suggested using
a format1 directive for testing, then you'd need to send a
v1 trap to trigger it.

If you prefer to work with SNMPv2 (or SNMPv3) notifications,
then feel free to use format2 instead.

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 28 June 2011 15:33, George ai...@yahoo.com wrote:
 How do I use the format 2 option properly?

Same way as format1.
Something like

$ cat snmptrapd.conf

 disableAuthorization yes
 format2 '%B [%b]: Trap %#v\n'

Dave

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Snmptrap not forwarding on proper port

[Dave Shield]

On 23 June 2011 20:13, George ai...@yahoo.com wrote:
 [root@xxx /usr/local/etc/rc.d]# vi /etc/snmptrapd.conf
 disableAuthorization yes
 authCommunity net public forward default udp:10.1.1.227:162 public

I presume this last entry should be split over two lines?



 [root@xxx /usr/local/etc/rc.d]# cat /etc/snmpd.conf
 rocommunity public
 rocommunity public localhost
 trapsink  localhost public 162
 trap2sink  localhost public 162
 trap2sink  10.1.1.227 public 162

Do you really want two copies of each trap sent
to the snmptrapd running on the local machine,
plus another copy sent directly to the remote server?
  (As well as the additional copy that's forwarded to
 the remote server by snmptrapd)



 Any ideas as to what is setup incorrectly?

Have you checked the firewall configuration on the destination host?
Is it accepting connections to port 162?

Try running the local snmptrapd with the flags   -f -Le -d
That will let you see packet dumps of the traffic coming in
and out.   Do you see the traps being received and forwarded?

Dave

--
All the data continuously generated in your IT infrastructure contains a 
definitive record of customers, application performance, security 
threats, fraudulent activity and more. Splunk takes this data and makes 
sense of it. Business sense. IT sense. Common sense.. 
http://p.sf.net/sfu/splunk-d2d-c1
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users