Re: snmptrap + tables
Thanks to Dave Shield for having the patience to explain this 10 years ago: https://sourceforge.net/p/net-snmp/mailman/message/28774933/ With the explanation and hints, I could fix my MIB file definition. Now moving to the implementation. :) Regards, CI.- El dom, 11 sept 2022 a las 21:49, Cyrus () escribió: > > Hello!, > > I'm trying to integrate LibreNMS with a northbound manager through > SNMP traps using snmptrap@net-snmp. > > The way notifications work in that tool is that you can have a > notification event, which has several faults (event interface errors > that applies to 4 ports out of the 48 a device may have). > Notifications are not per port, but per alarm rule on a device. > > I'm writing a MIB file to implement that trap, but I see traps don't > allow tables since validation fails with: > > Error (level 3), line 284: [notification-object-type] object > `daFaultTable' of notification `daEvent' must be a scalar or column > > Events may have N faults, with N starting in 0 (CLEAR events) or any > other number depending on affected entities within a node. > > What would be the best approach to send that multientry object table > (faults) in a trap with a parent entity (event)? > > For reference, current version of the MIB file: https://pastebin.com/CZE0FYEU > > Regards, > CI.- -- Ciro Iriarte http://iriarte.it -- ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap Buffer Error
Can you share your snmptrapd.conf file contents? On Wed, 7 Apr, 2021, 4:51 pm Ahmet Muzaffer Dülger, < ahmetmuzafferdul...@gmail.com> wrote: > Hi, > > I use net-snmp 5.7.3 and I want to send snmptrap continuously on OpenWrt. > First trap message is OK. But I'm getting error when sending a second trap > message ( buffer too small to read octet string (13 < 13) ). > > The command is as follows; > snmptrap -m ALL -v 2c -c public :' > s 'text message' > > I noticed that I got the error when the oldEngineID parameter was added to > the snmpapp.conf file. I am not sure if there is an error I made while > running the command, or if there is an error caused by net-snmp. > > Can you help with this topic? > Best regards. > > -- > > *Ahmet Muzaffer DULGER* > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Re: Re: snmptrap v3 how to specify source IP
Hi, that was one of the cases that failed for me. You can try to have 'clientaddr 10.2.24.121" $HOME/.snmp/snmp.conf and run "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest -x AES -X usertest 10.2.24.18 84100 …… " (w/o -s 10.2.24.121) I hope to get some time to dig into the issue later this week Regards Anders Wallin On Sat, May 25, 2019 at 5:13 AM ww wrote: > Hi,Anders > > I am Chinese,and the website was blocked by the government. > You know the "996.icu".. > When I login the website,it will prompt that: > The sourceforge.net website is temporarily in static offline mode. > > Only a very limited set of project pages are available until the main > website returns to service. > May I ask a question? > My eth0 ip 10.2.24.81, eth1 ip 10.2.24.121 . > My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest -x > AES -X usertest -s 10.2.24.121 10.2.24.18 84100 …… ". > Why is the IP received by the client is 10.2.24.81? > > > At 2019-05-24 19:44:52, "Anders Wallin" wrote: > > Hi, > > I found two issues using latest git repo master branch; > IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip - > OK > IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip > - OK > IPv4, using "snmptrap -s srcip" to a local ip - OK > IPv4, using "snmptrap -s srcip" to a remote ip - FAILS > > IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip - > OK > IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip > - OK > IPv6, using "snmptrap -s srcip" to a local ip - OK > IPv6, using "snmptrap -s srcip" to a remote ip - FAILS > > IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local > ip - OK > IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a > remote ip - OK > IPv4, using "trapsess -s srcip ..." to a local ip - OK > IPv4, using "trapsess -s srcip" to a remote ip - OK > > IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local > ip - OK > IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a > remote ip - OK > IPv6, using "trapsess -s srcip ..." to a local ip - OK > IPv6, using "trapsess -s srcip" to a remote ip - OK > > NOTE: clientaddrs sucks if you want to use IPv4 AND IPv6 since it can only > have one value, either an IPv4 or an IPv6 value > > "ww"; can you file a bug on this problem? > https://sourceforge.net/p/net-snmp/bugs/ > > I will try to fix it, but it will be next week. > > Regards > Anders > > On Fri, May 24, 2019 at 5:23 AM ww wrote: > >> Hi. >> Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose >> not work. >> My version is net-snmp-5.8. >> My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest >> -x AES -X usertest -s 10.2.24.121 10.2.24.18 84100 …… ". >> May I ask you how the snmptrap chooses the network interface by it self? >> Is it polling all the enable ports? >> >> Regards >> >> At 2019-05-23 15:54:28, "Klemen Sladic" wrote: >> >> Hi. >> >> Any traffic originating from snmpd will have src IP of outgoing network >> interface. >> From my experience "clientaddr" helps for replies generated by snmpd. For >> example, >> if you have multiple interfaces and "clientaddr" is set, any snmpd >> response, like response to >> snmpget, snmpwalk etc. will have desired src IP. >> >> But this won't work for packets initiated by snmpd, like traps. >> What I did, was changing the route src settings. >> For example, if you have eth0 in 192.168.0.0/24 and eth1 in >> 192.168.1.0/24 and you want any traffic to >> have source of 192.168.0.0/24, then change eth1 subnet route like: >> >> ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1 >> >> if 192.168.0.1 is eth0 IP. >> >> Of course this may have other side effects on routing in your system. >> >> RegK >> >> On Thu, May 23, 2019 at 6:30 PM Anders Wallin wrote: >> >>> You can use "clientaddr" in snmp.conf or snmpd.conf, >>> https://linux.die.net/man/5/snmp.conf >>> >>> In 5.8 you also have the possibility to use "-s" with trapsess, but I >>> did not found any documentation on it. >>> but check the test >>> code, testing/fulltests/default/T184trapsesssource_simple >>> >>> Regards >>> Anders Wallin >>> >>> >>> On Wed, May 22, 2019 at 5:21 PM ww wrote: >>> Hello, Thank you for reading my email. Can I specify the source IP when send a V2/V3 trap like V1? ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> ___ >>> Net-snmp-users mailing list >>> Net-snmp-users@lists.sourceforge.net >>> Please see the following page to unsubscribe or change other options: >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> >> >> >> >> > > > >
Re: Re: snmptrap v3 how to specify source IP
Hi, I found two issues using latest git repo master branch; IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip - OK IPv4, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip - OK IPv4, using "snmptrap -s srcip" to a local ip - OK IPv4, using "snmptrap -s srcip" to a remote ip - FAILS IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a local ip - OK IPv6, using "clientaddr srcip" in snmp.conf and "snmptrap" to a remote ip - OK IPv6, using "snmptrap -s srcip" to a local ip - OK IPv6, using "snmptrap -s srcip" to a remote ip - FAILS IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local ip - OK IPv4, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a remote ip - OK IPv4, using "trapsess -s srcip ..." to a local ip - OK IPv4, using "trapsess -s srcip" to a remote ip - OK IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a local ip - OK IPv6, using "clientaddr srcip" and "trapsess ..." in snmpd.conf to a remote ip - OK IPv6, using "trapsess -s srcip ..." to a local ip - OK IPv6, using "trapsess -s srcip" to a remote ip - OK NOTE: clientaddrs sucks if you want to use IPv4 AND IPv6 since it can only have one value, either an IPv4 or an IPv6 value "ww"; can you file a bug on this problem? https://sourceforge.net/p/net-snmp/bugs/ I will try to fix it, but it will be next week. Regards Anders On Fri, May 24, 2019 at 5:23 AM ww wrote: > Hi. > Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose > not work. > My version is net-snmp-5.8. > My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest -x > AES -X usertest -s 10.2.24.121 10.2.24.18 84100 …… ". > May I ask you how the snmptrap chooses the network interface by it self? > Is it polling all the enable ports? > > Regards > > At 2019-05-23 15:54:28, "Klemen Sladic" wrote: > > Hi. > > Any traffic originating from snmpd will have src IP of outgoing network > interface. > From my experience "clientaddr" helps for replies generated by snmpd. For > example, > if you have multiple interfaces and "clientaddr" is set, any snmpd > response, like response to > snmpget, snmpwalk etc. will have desired src IP. > > But this won't work for packets initiated by snmpd, like traps. > What I did, was changing the route src settings. > For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24 > and you want any traffic to > have source of 192.168.0.0/24, then change eth1 subnet route like: > > ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1 > > if 192.168.0.1 is eth0 IP. > > Of course this may have other side effects on routing in your system. > > RegK > > On Thu, May 23, 2019 at 6:30 PM Anders Wallin wrote: > >> You can use "clientaddr" in snmp.conf or snmpd.conf, >> https://linux.die.net/man/5/snmp.conf >> >> In 5.8 you also have the possibility to use "-s" with trapsess, but I did >> not found any documentation on it. >> but check the test >> code, testing/fulltests/default/T184trapsesssource_simple >> >> Regards >> Anders Wallin >> >> >> On Wed, May 22, 2019 at 5:21 PM ww wrote: >> >>> Hello, Thank you for reading my email. Can I specify the source IP when >>> send a V2/V3 trap like V1? >>> >>> >>> >>> >>> ___ >>> Net-snmp-users mailing list >>> Net-snmp-users@lists.sourceforge.net >>> Please see the following page to unsubscribe or change other options: >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> > > > > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Re: snmptrap v3 how to specify source IP
By routing decision, as I noted before. RegK On Fri, May 24, 2019 at 3:23 PM ww wrote: > Hi. > Thanks for your reply. I try to use "-s" and "--clientaddr" but it dose > not work. > My version is net-snmp-5.8. > My commond is "snmptrap -v3 -u usertest -l authPriv -a SHA -A usertest -x > AES -X usertest -s 10.2.24.121 10.2.24.18 84100 …… ". > May I ask you how the snmptrap chooses the network interface by it self? > Is it polling all the enable ports? > > Regards > > At 2019-05-23 15:54:28, "Klemen Sladic" wrote: > > Hi. > > Any traffic originating from snmpd will have src IP of outgoing network > interface. > From my experience "clientaddr" helps for replies generated by snmpd. For > example, > if you have multiple interfaces and "clientaddr" is set, any snmpd > response, like response to > snmpget, snmpwalk etc. will have desired src IP. > > But this won't work for packets initiated by snmpd, like traps. > What I did, was changing the route src settings. > For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24 > and you want any traffic to > have source of 192.168.0.0/24, then change eth1 subnet route like: > > ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1 > > if 192.168.0.1 is eth0 IP. > > Of course this may have other side effects on routing in your system. > > RegK > > On Thu, May 23, 2019 at 6:30 PM Anders Wallin wrote: > >> You can use "clientaddr" in snmp.conf or snmpd.conf, >> https://linux.die.net/man/5/snmp.conf >> >> In 5.8 you also have the possibility to use "-s" with trapsess, but I did >> not found any documentation on it. >> but check the test >> code, testing/fulltests/default/T184trapsesssource_simple >> >> Regards >> Anders Wallin >> >> >> On Wed, May 22, 2019 at 5:21 PM ww wrote: >> >>> Hello, Thank you for reading my email. Can I specify the source IP when >>> send a V2/V3 trap like V1? >>> >>> >>> >>> >>> ___ >>> Net-snmp-users mailing list >>> Net-snmp-users@lists.sourceforge.net >>> Please see the following page to unsubscribe or change other options: >>> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >>> >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> > > > > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap v3 how to specify source IP
Hi. Any traffic originating from snmpd will have src IP of outgoing network interface. >From my experience "clientaddr" helps for replies generated by snmpd. For example, if you have multiple interfaces and "clientaddr" is set, any snmpd response, like response to snmpget, snmpwalk etc. will have desired src IP. But this won't work for packets initiated by snmpd, like traps. What I did, was changing the route src settings. For example, if you have eth0 in 192.168.0.0/24 and eth1 in 192.168.1.0/24 and you want any traffic to have source of 192.168.0.0/24, then change eth1 subnet route like: ip route change 192.168.1.0/24 dev eth1 src 192.168.0.1 if 192.168.0.1 is eth0 IP. Of course this may have other side effects on routing in your system. RegK On Thu, May 23, 2019 at 6:30 PM Anders Wallin wrote: > You can use "clientaddr" in snmp.conf or snmpd.conf, > https://linux.die.net/man/5/snmp.conf > > In 5.8 you also have the possibility to use "-s" with trapsess, but I did > not found any documentation on it. > but check the test > code, testing/fulltests/default/T184trapsesssource_simple > > Regards > Anders Wallin > > > On Wed, May 22, 2019 at 5:21 PM ww wrote: > >> Hello, Thank you for reading my email. Can I specify the source IP when >> send a V2/V3 trap like V1? >> >> >> >> >> ___ >> Net-snmp-users mailing list >> Net-snmp-users@lists.sourceforge.net >> Please see the following page to unsubscribe or change other options: >> https://lists.sourceforge.net/lists/listinfo/net-snmp-users >> > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap v3 how to specify source IP
You can use "clientaddr" in snmp.conf or snmpd.conf, https://linux.die.net/man/5/snmp.conf In 5.8 you also have the possibility to use "-s" with trapsess, but I did not found any documentation on it. but check the test code, testing/fulltests/default/T184trapsesssource_simple Regards Anders Wallin On Wed, May 22, 2019 at 5:21 PM ww wrote: > Hello, Thank you for reading my email. Can I specify the source IP when > send a V2/V3 trap like V1? > > > > > ___ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: [snmptrap] : source ip 0.0.0.0
On Wed, Oct 10, 2018 at 4:35 AM Pushpa Thimmaiah wrote: > Hi All, > Following is debug/trace message of tool 'snmptrap' while sending > snmpv2c traps. What does '0.0.0.0' means here? > Does the data sent to all interfaces of device (snmpagent) ? > 172.16.4.12 is trap destination. > > --- > trace: netsnmp_udpipv4base_transport(): > transports/snmpUDPIPv4BaseDomain.c, 163: > netsnmp_udpbase: client open UDP: [172.16.4.12]:162->[0.0.0.0]:56615 > > > transport:send: 89 bytes to UDP: [172.16.4.12]:162->[0.0.0.0]:56615 > > > The arrow is in the wrong direction in those debug messages. It means, you are sending from any local address, 0.0.0.0 means you don't care, port 56615, to 172.16.4.12 port 162. Bill ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap unsigned type not working as expected
On Sun, Feb 1, 2015 at 5:40 AM, Ashwini Pagade ashwinipag...@gmail.com wrote: Hi Bill, Thank you for your response. I think it is not just the dump/log error and incorrect value is propagated further down the line. I have an snmpV3 adapter which receives the value. This adapter too gets the incorrect value. Did you consider the possibility that a similar bug exists in the snmpV3 adapter? Bill -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap unsigned type not working as expected
Hi Bill, I found below line is priting the wroung value. DEBUGMSG((dumpv_recv, UInteger:\t%ld (0x%.2lX)\n, value, value)); Changing %ld to %lu in above line worked for me. I am also considering SNMPV3 adapter code which might be doing the wrong conversion. Thank you..!! Ashwini On 2 February 2015 at 20:42, Bill Fenner fen...@gmail.com wrote: On Sun, Feb 1, 2015 at 5:40 AM, Ashwini Pagade ashwinipag...@gmail.com wrote: Hi Bill, Thank you for your response. I think it is not just the dump/log error and incorrect value is propagated further down the line. I have an snmpV3 adapter which receives the value. This adapter too gets the incorrect value. Did you consider the possibility that a similar bug exists in the snmpV3 adapter? Bill -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap unsigned type not working as expected
Hi Bill, Thank you for your response. I think it is not just the dump/log error and incorrect value is propagated further down the line. I have an snmpV3 adapter which receives the value. This adapter too gets the incorrect value. I think below line in function asn_parse_unsigned_int() in file asn1.c is printing the incorrect value: DEBUGMSG((dumpv_recv, UInteger:\t%ld (0x%.2lX)\n, value, value)); However I am not sure how this could be fixed. Data type of 'value' looks correct which is u_long. Any idea? Thanks. On 30 January 2015 at 02:51, Bill Fenner fen...@gmail.com wrote: I think that looks like a bug in dumpv_recv. Note that the hex value is correct. Bill On Thu, Jan 29, 2015 at 1:02 PM, Ashwini Pagade ashwinipag...@gmail.com wrote: Hi, I am using snmpV3 adapter and passing V2 traps to it by using commands as below. It looks like the range for type *u* (i.e. unsigned) is upto (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e. 4294967295). snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483647 Above command generates following log: trace: ..\..\snmplib\snmp_api.c, 5293: dumph_recv: Value dumpx_recv: 42 04 7F FF FF FF dumpv_recv:UInteger:2147483647 (0x7FFF) snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483648 Above command generates following log: trace: ..\..\snmplib\snmp_api.c, 5293: dumph_recv: Value dumpx_recv: 42 05 00 80 00 00 00 dumpv_recv:UInteger:-2147483648 (0x8000) Refer to: http://www.net-snmp.org/docs/man/snmptrap.html I am using net-snmp v5.5. Is this the correct behavior or am I missing something? Thanks. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap unsigned type not working as expected
I think that looks like a bug in dumpv_recv. Note that the hex value is correct. Bill On Thu, Jan 29, 2015 at 1:02 PM, Ashwini Pagade ashwinipag...@gmail.com wrote: Hi, I am using snmpV3 adapter and passing V2 traps to it by using commands as below. It looks like the range for type *u* (i.e. unsigned) is upto (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e. 4294967295). snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483647 Above command generates following log: trace: ..\..\snmplib\snmp_api.c, 5293: dumph_recv: Value dumpx_recv: 42 04 7F FF FF FF dumpv_recv:UInteger:2147483647 (0x7FFF) snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483648 Above command generates following log: trace: ..\..\snmplib\snmp_api.c, 5293: dumph_recv: Value dumpx_recv: 42 05 00 80 00 00 00 dumpv_recv:UInteger:-2147483648 (0x8000) Refer to: http://www.net-snmp.org/docs/man/snmptrap.html I am using net-snmp v5.5. Is this the correct behavior or am I missing something? Thanks. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap under IPv6 after setting clientaddr
Rizwan Ansari rans...@mvista.com writes: I looked into IPv4 code and feel like same code is missing under IPv6 section. Thanks for the patch! Can you submit it to our patch database to make sure it doesn't get lost? http://www.net-snmp.org/patches/ -- Wes Hardaker Parsons -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap : snmp_build: unknown failure and Can't build OID mesasges CLOSED
We've figured this out. Thanks. D. Hi All, I have a kind of baffling situation here. We have been successfuly sending traps to a Nagios client for a couple of months. The trap command has the form. snmptrap -M /usr/local/share/snmp/mibs -v 3 -n \\ [authorization stuff] [ip number] 0 1.3.6.1.4.1.36070.0.1 0 s string0 1 s string1 2 s string2 Nagios/nsti have been processing them just fine. We added another argument, as in: snmptrap -M /usr/local/share/snmp/mibs -v 3 -n \\ [authorization stuff] [ip number] 0 1.3.6.1.4.1.36070.0.1 0 s string0 1 s string1 2 s string2 3 s string3 and we start seeing the messages I mentioned in the subject: snmp_build: unknown failuresnmptrap: Error building ASN.1 representation (Can't build OID for variable) Further, it seems that if we use an index = 3, the message appears no matter how many arguments we send, i.e., this wont work either: snmptrap [snip snip] 0 s string0 3 s string3 We have updated the MIB in Nagios to reflect the change, but either it is irrelevant to do so or the changes aren't being noticed. snmptranslate on the Nagios client box shows that the MIB changes to the notificationGroup, etc. have worked and the updated MIB is good. We have tried both sending and receiving the traps on multiple machines. Thought this would be a ten minute task -- adding a couple of arguments to a command. One day down (for two developers) so far!! Googling the messages returns a suspicious scarcity of finds. We are running 5.6.2pre1. Any ideas? Please keep in mind that the version with three arguments at the top of this posting ran just fine for a long time, but adding that triplet of arguments to the end OR using an index = 3 breaks it. We have adjusted the MIB and even restarted the Nagios box. Thank you very much! Dave -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap using SSL
HI I used snmptrap to send trap from Agent to server . and I use it on linux Agent and Windows Agent . Now I want to encrypt Trap sending By SSL . So when I send trap from agent to server it should use SSL for trap Data . Do you know How Can I do it ? Thanks -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thank you so much again Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup for example for my work that I said you before should I do anything about MIB? (receive some IDS log from windows or liux agent and save them on my linux serever ) On Fri, Jul 27, 2012 at 12:45 AM, mohamad hosein jafari smhjafar...@gmail.com wrote: Thank you so much again Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup for example for my work that I said you before should I do anything about MIB? (receive some IDS log from windows or liux agent and save them on my linux serever ) On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com wrote: If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Can you help me about this more?? Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup. And I have another question : Is any script for windows to set all snmp config that we can use it to set all config on windows? Sorry - I've no idea. I don't have much to do with Windows administration. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 05:51, mohamad hosein jafari smhjafar...@gmail.com wrote: I set my snmp service to send trap on my IP then I went to my linux (VmWare) and I do setting about IPtable but I didn't see anything in linux log file Did you restart the Windows SNMP agent *after* running the iptables command? So I have a question: IS THERE any different between Linux MIB file and windows MIB file? I'm sorry - that question just doesn't make sense. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes I did but I didn't see anything in log file again what is problem? excuse me why my question doesn't make sense ?? I want to know should I do any config in my linux serever for receiving trap from windows agent? thanks On Thu, Jul 26, 2012 at 12:04 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 05:51, mohamad hosein jafari smhjafar...@gmail.com wrote: I set my snmp service to send trap on my IP then I went to my linux (VmWare) and I do setting about IPtable but I didn't see anything in linux log file Did you restart the Windows SNMP agent *after* running the iptables command? So I have a question: IS THERE any different between Linux MIB file and windows MIB file? I'm sorry - that question just doesn't make sense. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I did but I didn't see anything in log file again what is problem? I don't know - that's what we need to work out. I seem to remember you saying that you have two Linux systems available (one running CentOS, and one running Debian). Is that correct? If so, can you please try the following: On the trap receiver system, run the following: tail -f /var/log/messages On the same system (in another window), run the command snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 (we know this ought to work - this is just to confirm that you're seeing the traps) What do you see reported by the tail command? Now on the other (Debian?) system, run the same snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 command. What do you see reported by the tail command? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes that is right . that was my friend system that I checked on . but now I don't have that system . Is our problem is running snmptrap and receiver on one system?? thnks but can't you help me in our question about linux config? dosn't have any difference between these two system? thnks On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I did but I didn't see anything in log file again what is problem? I don't know - that's what we need to work out. I seem to remember you saying that you have two Linux systems available (one running CentOS, and one running Debian). Is that correct? If so, can you please try the following: On the trap receiver system, run the following: tail -f /var/log/messages On the same system (in another window), run the command snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 (we know this ought to work - this is just to confirm that you're seeing the traps) What do you see reported by the tail command? Now on the other (Debian?) system, run the same snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 command. What do you see reported by the tail command? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes that is right . that was my friend system that I checked on . but now I don't have that system . Is our problem is running snmptrap and receiver on one system?? thnks but can't you help me in our question about linux config? dosn't have any difference between these two system? thnks On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 08:44, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I did but I didn't see anything in log file again what is problem? I don't know - that's what we need to work out. I seem to remember you saying that you have two Linux systems available (one running CentOS, and one running Debian). Is that correct? If so, can you please try the following: On the trap receiver system, run the following: tail -f /var/log/messages On the same system (in another window), run the command snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 (we know this ought to work - this is just to confirm that you're seeing the traps) What do you see reported by the tail command? Now on the other (Debian?) system, run the same snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 command. What do you see reported by the tail command? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com wrote: yes that is right . that was my friend system that I checked on . but now I don't have that system . Is our problem is running snmptrap and receiver on one system?? No - there is no problem with running both trap sender and trap receiver on the same system. You've already seen that this works. The current issue is with running trap sender and trap receiver on *different* systems. This ought to be fine as well, but there's clearly a problem somewhere, becuase it's currently not working. That's what I'm trying to help you sort out. thnks but can't you help me in our question about linux config? dosn't have any difference between these two system? I will help you with that *AFTER* we've fixed whatever is wrong with the trap communication. As you should have realised by now, this is painstaking work - and I do not have the time (or patience) to lead you through both of these at the same time. We're making progress on this one, so let's concentrate on it and get it finished before getting distracted elsewhere. Are you sure that you don't have access to any other Linux or Unix based system that can talk to your CentOS box?It doesn't need any special level of privilege - an ordinary account would be fine. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Yes I test It AND I saw log in my log file :) Thank you . I got result Is there any work to do? On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com wrote: yes that is right . that was my friend system that I checked on . but now I don't have that system . Is our problem is running snmptrap and receiver on one system?? No - there is no problem with running both trap sender and trap receiver on the same system. You've already seen that this works. The current issue is with running trap sender and trap receiver on *different* systems. This ought to be fine as well, but there's clearly a problem somewhere, becuase it's currently not working. That's what I'm trying to help you sort out. thnks but can't you help me in our question about linux config? dosn't have any difference between these two system? I will help you with that *AFTER* we've fixed whatever is wrong with the trap communication. As you should have realised by now, this is painstaking work - and I do not have the time (or patience) to lead you through both of these at the same time. We're making progress on this one, so let's concentrate on it and get it finished before getting distracted elsewhere. Are you sure that you don't have access to any other Linux or Unix based system that can talk to your CentOS box?It doesn't need any special level of privilege - an ordinary account would be fine. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
but what is problem in running it in one system? On Thu, Jul 26, 2012 at 1:02 PM, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I test It AND I saw log in my log file :) Thank you . I got result Is there any work to do? On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 09:03, mohamad hosein jafari smhjafar...@gmail.com wrote: yes that is right . that was my friend system that I checked on . but now I don't have that system . Is our problem is running snmptrap and receiver on one system?? No - there is no problem with running both trap sender and trap receiver on the same system. You've already seen that this works. The current issue is with running trap sender and trap receiver on *different* systems. This ought to be fine as well, but there's clearly a problem somewhere, becuase it's currently not working. That's what I'm trying to help you sort out. thnks but can't you help me in our question about linux config? dosn't have any difference between these two system? I will help you with that *AFTER* we've fixed whatever is wrong with the trap communication. As you should have realised by now, this is painstaking work - and I do not have the time (or patience) to lead you through both of these at the same time. We're making progress on this one, so let's concentrate on it and get it finished before getting distracted elsewhere. Are you sure that you don't have access to any other Linux or Unix based system that can talk to your CentOS box?It doesn't need any special level of privilege - an ordinary account would be fine. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 09:37, mohamad hosein jafari smhjafar...@gmail.com wrote: but what is problem in running it in one system? There isn't. What makes you think there might be? We've already shown that this works. Why do you think there's still a problem? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com wrote: I test It AND I saw log in my log file :) Thank you . I got result Is there any work to do? You could start by telling me *what* you tested, and what you saw? Is this from another Linux system? Sending traps from the Windows box? or what? I cannot read your mind - if you don't tell me the details of what you're doing, it is very hard to help you. And it's also much slower - you claim to be in a hurry, and working to a deadline, but this sort of vague report just makes things worse. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
excuse me I send trap with other windows agent and saw log file in my linux log file On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com wrote: I test It AND I saw log in my log file :) Thank you . I got result Is there any work to do? You could start by telling me *what* you tested, and what you saw? Is this from another Linux system? Sending traps from the Windows box? or what? I cannot read your mind - if you don't tell me the details of what you're doing, it is very hard to help you. And it's also much slower - you claim to be in a hurry, and working to a deadline, but this sort of vague report just makes things worse. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
the output is : 2012-07-24 19:15:42 192.168.1.2(via UDP: [192.168.1.2]:58885) TRAP, SNMP v1, community public SNMPv2-SMI::enterprises.311.1.1.3.1.1 Link Up Trap (0) Uptime: 0:00:17.63 IF-MIB::ifIndex.37 = INTEGER: 37 in my log file On Thu, Jul 26, 2012 at 1:16 PM, mohamad hosein jafari smhjafar...@gmail.com wrote: excuse me I send trap with other windows agent and saw log file in my linux log file On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 09:32, mohamad hosein jafari smhjafar...@gmail.com wrote: I test It AND I saw log in my log file :) Thank you . I got result Is there any work to do? You could start by telling me *what* you tested, and what you saw? Is this from another Linux system? Sending traps from the Windows box? or what? I cannot read your mind - if you don't tell me the details of what you're doing, it is very hard to help you. And it's also much slower - you claim to be in a hurry, and working to a deadline, but this sort of vague report just makes things worse. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 09:46, mohamad hosein jafari smhjafar...@gmail.com wrote: I send trap with other windows agent and saw log file in my linux log file So you are now in a state where you can send traps from your Windows box to a trap receiver. Good *NOW* you can start to think about what traps you want to generate and when they should be sent.Given that you're using the Microsoft SNMP agent, I'm not sure how much further help we can give you. But I'm happy to help you clarify your ideas before going to someone who understands the MS system better than we do. So what are you trying to do here? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thank you so much for your helps Now I set snmptrap config on my first windows system like this link http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper and I selected all service under the agent tab . I want agent that send trap to my server every time continually . and I receive that log by my server and save them on server system . So what configs should I do on my linux server or windows agent in addition of this link ? thnks On Thu, Jul 26, 2012 at 1:34 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 09:46, mohamad hosein jafari smhjafar...@gmail.com wrote: I send trap with other windows agent and saw log file in my linux log file So you are now in a state where you can send traps from your Windows box to a trap receiver. Good *NOW* you can start to think about what traps you want to generate and when they should be sent.Given that you're using the Microsoft SNMP agent, I'm not sure how much further help we can give you. But I'm happy to help you clarify your ideas before going to someone who understands the MS system better than we do. So what are you trying to do here? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 10:14, mohamad hosein jafari smhjafar...@gmail.com wrote: I want agent that send trap to my server every time continually. But *what* traps do you want the agent to send? An SNMP trap is used to report some event or condition. What events and conditions are you interested in? and I receive that log by my server and save them on server system . So what configs should I do on my linux server or windows agent in addition of this link ? You've got the configuration in place on the Linux side to receive traps. You've got the configuration in place on the Windows side about *where* to send the traps. All you are missing now is the information about *what* traps to send (and hence when to send them) Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
This work is in other step of our works but I think we should get IDS logs from other agent and save them in our log file(server log file) so I should configure server completely for getting trap from linux and windows agents continually because of this I asked you is any difference between linux MIB and windows? . I think now is time for this question and config our server completely . On Thu, Jul 26, 2012 at 1:48 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 10:14, mohamad hosein jafari smhjafar...@gmail.com wrote: I want agent that send trap to my server every time continually. But *what* traps do you want the agent to send? An SNMP trap is used to report some event or condition. What events and conditions are you interested in? and I receive that log by my server and save them on server system . So what configs should I do on my linux server or windows agent in addition of this link ? You've got the configuration in place on the Linux side to receive traps. You've got the configuration in place on the Windows side about *where* to send the traps. All you are missing now is the information about *what* traps to send (and hence when to send them) Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 10:39, mohamad hosein jafari smhjafar...@gmail.com wrote: because of this I asked you is any difference between linux MIB and windows? OK - let's address that question, then. What do you mean by Linux MIB and Windows MIB ? The reason that I said the question didn't make sense, is that as far as I'm aware there is no such thing as a Linux MIB. There may be a Windows MIB (though frankly I'd be surprised) There are a whole lot of MIBs that have been defined (both standard and private), each concerned with a small, relatively focussed area of infomation.Any given SNMP agent will implement a number of these MIBs - depending on exactly how it has been coded/configured/etc. (And it's also possible for this collection of supported MIBs to change dynamically, as subagents are added/removed). But there's no such thing (AFAIK) as a Linux MIB or a Windows MIB. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes My means by saying linux MIB is MIB format for linux system I asked when windows agent send snmp trap as MIB files Is any configure for my linux server for getting it or no? Or is linux MIB format is equal to windows MIB format or no? and my config for getting trap from windows agent was finishe? On Thu, Jul 26, 2012 at 2:20 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 10:39, mohamad hosein jafari smhjafar...@gmail.com wrote: because of this I asked you is any difference between linux MIB and windows? OK - let's address that question, then. What do you mean by Linux MIB and Windows MIB ? The reason that I said the question didn't make sense, is that as far as I'm aware there is no such thing as a Linux MIB. There may be a Windows MIB (though frankly I'd be surprised) There are a whole lot of MIBs that have been defined (both standard and private), each concerned with a small, relatively focussed area of infomation.Any given SNMP agent will implement a number of these MIBs - depending on exactly how it has been coded/configured/etc. (And it's also possible for this collection of supported MIBs to change dynamically, as subagents are added/removed). But there's no such thing (AFAIK) as a Linux MIB or a Windows MIB. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com wrote: My means by saying linux MIB is MIB format for linux system The format of MIB files is standard - it will be the same on Linux, Windows, Mac OS, etc, etc. I asked when windows agent send snmp trap as MIB files Again - that doesn't make send. An agent doesn't send an SNMP trap as a MIB file. The MIB file defines the name, contents and meaning of the trap. But a trap is perfectly valid without the corresponding MIB file. You can detect and log it, even if you don't have the MIB file. The only difference is that things will be recorded using numeric OIDs rather than MIB names. (And named values will use the numeric value, rather than the corresponding name). You get the same information regardless - you just lose some of the readability. Is any configure for my linux server for getting it or no? If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Or is linux MIB format is equal to windows MIB format or no? Yes - the format is the same. and my config for getting trap from windows agent was finishe? If you are now receiving traps from your Windows agent (such as the coldStart trap when the agent first starts up) then yes - I believe the configuration is finished. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thanks If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Can you help me about this more?? And I have another question : Is any script for windows to set all snmp config that we can use it to set all config on windows? Thanks On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com wrote: My means by saying linux MIB is MIB format for linux system The format of MIB files is standard - it will be the same on Linux, Windows, Mac OS, etc, etc. I asked when windows agent send snmp trap as MIB files Again - that doesn't make send. An agent doesn't send an SNMP trap as a MIB file. The MIB file defines the name, contents and meaning of the trap. But a trap is perfectly valid without the corresponding MIB file. You can detect and log it, even if you don't have the MIB file. The only difference is that things will be recorded using numeric OIDs rather than MIB names. (And named values will use the numeric value, rather than the corresponding name). You get the same information regardless - you just lose some of the readability. Is any configure for my linux server for getting it or no? If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Or is linux MIB format is equal to windows MIB format or no? Yes - the format is the same. and my config for getting trap from windows agent was finishe? If you are now receiving traps from your Windows agent (such as the coldStart trap when the agent first starts up) then yes - I believe the configuration is finished. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
thanks But a trap is perfectly valid without the corresponding MIB file. You can detect and log it, even if you don't have the MIB file. The only difference is that things will be recorded using numeric OIDs rather than MIB names. (And named values will use the numeric value, rather than the corresponding name). You get the same information regardless - you just lose some of the readability. If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Can you help me about this more?? And I have another question : Is any script for windows to set all snmp config that we can use it to set all config on windows? Thanks On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 11:01, mohamad hosein jafari smhjafar...@gmail.com wrote: My means by saying linux MIB is MIB format for linux system The format of MIB files is standard - it will be the same on Linux, Windows, Mac OS, etc, etc. I asked when windows agent send snmp trap as MIB files Again - that doesn't make send. An agent doesn't send an SNMP trap as a MIB file. The MIB file defines the name, contents and meaning of the trap. But a trap is perfectly valid without the corresponding MIB file. You can detect and log it, even if you don't have the MIB file. The only difference is that things will be recorded using numeric OIDs rather than MIB names. (And named values will use the numeric value, rather than the corresponding name). You get the same information regardless - you just lose some of the readability. Is any configure for my linux server for getting it or no? If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Or is linux MIB format is equal to windows MIB format or no? Yes - the format is the same. and my config for getting trap from windows agent was finishe? If you are now receiving traps from your Windows agent (such as the coldStart trap when the agent first starts up) then yes - I believe the configuration is finished. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com wrote: If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Can you help me about this more?? Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup. And I have another question : Is any script for windows to set all snmp config that we can use it to set all config on windows? Sorry - I've no idea. I don't have much to do with Windows administration. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thank you so much again Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup for example for my work that I said you before should I do anything about MIB? (receive some IDS log from windows or liux agent and save them on my linux serever ) On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 26 July 2012 16:32, mohamad hosein jafari smhjafar...@gmail.com wrote: If you have the relevant MIB files, then you can install these on the linux side in the usual manner. See the on-line documentation for details. Can you help me about this more?? Basically, just copy the new MIB files into the directory where the rest of them live. Typically this will be something like /usr/share/snmp/mibs for a vendor-supplied setup. And I have another question : Is any script for windows to set all snmp config that we can use it to set all config on windows? Sorry - I've no idea. I don't have much to do with Windows administration. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 04:56, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I did it and in the first window I got Log of my snmptrap instruction Good - that's progress But excuse me I have another question : How I can senf snmptrap by windows Agent? can you help me? Too hasty you are, young padawan. Much to learn, you still have. Rome, built in a day, wasn't [Hmmm... that last one doesn't quite work somehow!] You've taken the first step in setting up the receipt of traps, but there's still a way to go. The next two tasks (which are complementary, but independent, so can be tackled in either order) are: - sending a trap from the (local) agent (rather than the command line 'snmptrap') - running the trap receiver as a daemon, not via the command line. Let's look at the first one first. Is there a file /etc/snmp/snmpd.conf ? If so, does it contain a link of the form trapsink or trap2sink . If so - what exactly does this look like? If there isn't a file /etc/snmp/snmpd.conf, then can you find a file called 'snmpd.conf' somewhere else on the system? If so, where? Note that there may be more than one. Try running locate snmpd.conf which should report all of them (assuming this is set up right) Same question - do any of these contain 'trapsink' (or similar) lines? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes :) I think I,m too hasty because I have a limit time I have snmpd.conf in this path and contain # where to send v2 traps: trap2sink (server_ip_address) public # send traps on authentication failures authtrapenable 1 But I have a force to send a trap by windows Agent (without get by server Only sending trap by win agent) can you help me in this step before continue? I read this link and do config But I don't know how to manage MIB file to sent as a trap http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper ThankS On Wed, Jul 25, 2012 at 12:29 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 04:56, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I did it and in the first window I got Log of my snmptrap instruction Good - that's progress But excuse me I have another question : How I can senf snmptrap by windows Agent? can you help me? Too hasty you are, young padawan. Much to learn, you still have. Rome, built in a day, wasn't [Hmmm... that last one doesn't quite work somehow!] You've taken the first step in setting up the receipt of traps, but there's still a way to go. The next two tasks (which are complementary, but independent, so can be tackled in either order) are: - sending a trap from the (local) agent (rather than the command line 'snmptrap') - running the trap receiver as a daemon, not via the command line. Let's look at the first one first. Is there a file /etc/snmp/snmpd.conf ? If so, does it contain a link of the form trapsink or trap2sink . If so - what exactly does this look like? If there isn't a file /etc/snmp/snmpd.conf, then can you find a file called 'snmpd.conf' somewhere else on the system? If so, where? Note that there may be more than one. Try running locate snmpd.conf which should report all of them (assuming this is set up right) Same question - do any of these contain 'trapsink' (or similar) lines? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 09:33, mohamad hosein jafari smhjafar...@gmail.com wrote: yes :) I think I,m too hasty because I have a limit time In which case, you can't affort to race ahead of yourself! You should also get in the habit of providing the *full* information that I ask for. That will save time currently wasted in forcing me to ask additional questions to find out the details that you have omitted. I have snmpd.conf in this path In which path? What is the full location of this file? # where to send v2 traps: trap2sink (server_ip_address) public Is this the exact line as it appears in the file? Or is there an actual IP address there? If so - what is it? But I have a force to send a trap by windows Agent (without get by server Only sending trap by win agent) can you help me in this step before continue? No. We can get there, but only by taking things in the correct order. We need to ensure that sending/receipt of traps is working properly, before looking at automatically generating traps from the agent. I read this link and do config But I don't know how to manage MIB file to sent as a trap http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper Don't be so impatient! Let's get the basic configuration correct first. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
In which path? What is the full location of this file? in the path that you said /etc/snmp/snmpd.conf Is this the exact line as it appears in the file? Or is there an actual IP address there? If so - what is it? No I replaced my system IP address like 192. by IP ADDRESS name Thnks Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 10:35, mohamad hosein jafari smhjafar...@gmail.com wrote: Is this the exact line as it appears in the file? Or is there an actual IP address there? If so - what is it? No I replaced my system IP address like 192. by IP ADDRESS name sigh When I ask for the exact line - then that is what I need to see. Not something vague like my system IP addres like 192 the *ACTUAL* IP address! Please don't omit information just because you don't think it's important. Give me the exact details - then I can ignore the bits I don't need. Given that the command-line 'snmptrap' was using the IP address 192.168.150.227, then I assume that the line in /etc/snmp/snmpd.conf actually reads trap2sink 192.168.150.227public Is this correct? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 10:54, mohamad hosein jafari smhjafar...@gmail.com wrote: yes . this is exactly : # where to send v2 traps: trap2sink 192.168.150.227 public # send traps on authentication failures authtrapenable 1 Right. Assuming that the 'snmptrapd' command is still running in your first window, (and if not, then restart this first, and check it's working using the same 'snmptrap' command as before). then please try restarting the 'snmp' agent. I seem to remember that you said you were working with a CentOS box. In which case, the command to do this should be service snmpd restart What do you see in the snmptrapd output? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
I restart it and I saw in first window: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 On Wed, Jul 25, 2012 at 2:28 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 10:54, mohamad hosein jafari smhjafar...@gmail.com wrote: yes . this is exactly : # where to send v2 traps: trap2sink 192.168.150.227 public # send traps on authentication failures authtrapenable 1 Right. Assuming that the 'snmptrapd' command is still running in your first window, (and if not, then restart this first, and check it's working using the same 'snmptrap' command as before). then please try restarting the 'snmp' agent. I seem to remember that you said you were working with a CentOS box. In which case, the command to do this should be service snmpd restart What do you see in the snmptrapd output? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com wrote: I restart it and I saw in first window: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 Good - so that's shown that agent - manual snmptrapd is working properly. The next thing is to look at getting the trap receiver to run as a daemon. Kill off the snmptrapd command that you started earlier (using Ctrl-C should do) and run the command service snmptrapd start (as root). Then immediately afterwards, run the command ls -ltr /var/log | tail You should find that one or more of the files listed there have only just been changed. Have a look at each of these - particularly the end of each file. tail -20 /var/log/messages or similar should do the trick. Can you find mention of 'snmptrapd' in any of these files? If so, which? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Yes I did it and I found this line when I type this command : ls -ltr /var/log | tail -rw-r--r-- 1 root root 25 Jul 24 14:09 snmptraps.log On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com wrote: I restart it and I saw in first window: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 Good - so that's shown that agent - manual snmptrapd is working properly. The next thing is to look at getting the trap receiver to run as a daemon. Kill off the snmptrapd command that you started earlier (using Ctrl-C should do) and run the command service snmptrapd start (as root). Then immediately afterwards, run the command ls -ltr /var/log | tail You should find that one or more of the files listed there have only just been changed. Have a look at each of these - particularly the end of each file. tail -20 /var/log/messages or similar should do the trick. Can you find mention of 'snmptrapd' in any of these files? If so, which? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
and when I use this command : tail -20 /var/log/messages I found : Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2 as the last line On Wed, Jul 25, 2012 at 3:09 PM, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I did it and I found this line when I type this command : ls -ltr /var/log | tail -rw-r--r-- 1 root root 25 Jul 24 14:09 snmptraps.log On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 11:04, mohamad hosein jafari smhjafar...@gmail.com wrote: I restart it and I saw in first window: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 Good - so that's shown that agent - manual snmptrapd is working properly. The next thing is to look at getting the trap receiver to run as a daemon. Kill off the snmptrapd command that you started earlier (using Ctrl-C should do) and run the command service snmptrapd start (as root). Then immediately afterwards, run the command ls -ltr /var/log | tail You should find that one or more of the files listed there have only just been changed. Have a look at each of these - particularly the end of each file. tail -20 /var/log/messages or similar should do the trick. Can you find mention of 'snmptrapd' in any of these files? If so, which? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 11:52, mohamad hosein jafari smhjafar...@gmail.com wrote: and when I use this command : tail -20 /var/log/messages I found : Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2 as the last line Right - so that's where incoming traps are being logged. Now try the following: * In one window, run tail -f /var/log/messages This command will show the last ten lines, and then hang. This is perfectly normal - just leave it hanging * In a second window, restart the SNMP agent again (service snmpd restart), just as you did before. You should see a trap logged in the first window, with the same message as you saw earlier. Does this happen? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes it happened On Wed, Jul 25, 2012 at 3:45 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 11:52, mohamad hosein jafari smhjafar...@gmail.com wrote: and when I use this command : tail -20 /var/log/messages I found : Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2 as the last line Right - so that's where incoming traps are being logged. Now try the following: * In one window, run tail -f /var/log/messages This command will show the last ten lines, and then hang. This is perfectly normal - just leave it hanging * In a second window, restart the SNMP agent again (service snmpd restart), just as you did before. You should see a trap logged in the first window, with the same message as you saw earlier. Does this happen? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 12:21, mohamad hosein jafari smhjafar...@gmail.com wrote: yes it happened Good - so you know that the trap receiver is working properly. Now you can start looking at your Windows machine! Fire up a command window, and type the same 'snmptrap' command that you used before (giving the same IP address) Do you see anything on the tail -f output? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 13:45, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I tried command on CMD but cmd can't find instruction and I didn't get any result OK. Have you got the Net-SNMP package installed on your Windows box? If so, I believe the command will probably be something like C:\usr\bin\snmptrap .. Does that help at all? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
I downloaded for linux and windows But I didn't install it on windows . does it need for windows agent to got net-snmp? Is configuration step like tis link step on windows service not Enough ؟؟(without using cmd?) http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper and if it need how can I install it? this download link http://sourceforge.net/projects/net-snmp/files/net-snmp/5.7.1/net-snmp-5.7.1.zip/download On Wed, Jul 25, 2012 at 5:22 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 13:45, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I tried command on CMD but cmd can't find instruction and I didn't get any result OK. Have you got the Net-SNMP package installed on your Windows box? If so, I believe the command will probably be something like C:\usr\bin\snmptrap .. Does that help at all? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 14:04, mohamad hosein jafari smhjafar...@gmail.com wrote: I downloaded for linux and windows But I didn't install it on windows. So you are using the Microsoft-provided SNMP agent, rather than the Net-SNMP agent - is that correct? That is quite an important distinction - so it's useful that we've established this now. You would have got *very* confused trying to follow instructions for the Net-SNMP agent, if you're actually using the MS version! Is configuration step like tis link step on windows service not Enough ؟؟(without using cmd?) http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper Probably - yes. This list is for support of the Net-SNMP software, so we can't really help with anyone else's products. But at first sight, those instructions look reasonable for configuring the Windows agent to send traps to the receiver you've now got running. Follow those through (using the same IP address as before), and the restart the Windows SNMP agent. I would expect to see a similar log message being received by the snmptrapd daemon (and hence appearing in /var/log/messages) You shouldn't need to install the Net-SNMP agent on your Windows box, if you're happy to use the Microsoft one. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Yes I used Microsoft provided by that step that was in that link that I sent before So what is your opinion about it? My cmd don't know any snmp and snmptrap command But I do microsoft configuration for snmp what can I do? On Wed, Jul 25, 2012 at 5:43 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 14:04, mohamad hosein jafari smhjafar...@gmail.com wrote: I downloaded for linux and windows But I didn't install it on windows. So you are using the Microsoft-provided SNMP agent, rather than the Net-SNMP agent - is that correct? That is quite an important distinction - so it's useful that we've established this now. You would have got *very* confused trying to follow instructions for the Net-SNMP agent, if you're actually using the MS version! Is configuration step like tis link step on windows service not Enough ؟؟(without using cmd?) http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper Probably - yes. This list is for support of the Net-SNMP software, so we can't really help with anyone else's products. But at first sight, those instructions look reasonable for configuring the Windows agent to send traps to the receiver you've now got running. Follow those through (using the same IP address as before), and the restart the Windows SNMP agent. I would expect to see a similar log message being received by the snmptrapd daemon (and hence appearing in /var/log/messages) You shouldn't need to install the Net-SNMP agent on your Windows box, if you're happy to use the Microsoft one. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 14:23, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I used Microsoft provided by that step that was in that link that I sent before So what is your opinion about it? My cmd don't know any snmp and snmptrap command But I do microsoft configuration for snmp what can I do? Try following the instructions in that link, to set up the SNMP service and configure it to send traps to 192.168.150.227 Then restart the Windows SNMP agent. Do you see anything in the /var/log/messages file? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Yes I did this config snmp service to 192.168.150.227 and after restart agent I couldn't find this path ( /var/log/messages)in my windows command line . why? and also I couldn't see any new thing in my linux command line On Wed, Jul 25, 2012 at 6:13 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 14:23, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I used Microsoft provided by that step that was in that link that I sent before So what is your opinion about it? My cmd don't know any snmp and snmptrap command But I do microsoft configuration for snmp what can I do? Try following the instructions in that link, to set up the SNMP service and configure it to send traps to 192.168.150.227 Then restart the Windows SNMP agent. Do you see anything in the /var/log/messages file? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 25 July 2012 19:29, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I did this config snmp service to 192.168.150.227 and after restart agent I couldn't find this path ( /var/log/messages)in my windows command line . why? Think about what's happening here. You are sending traps *from* the windows box *to* the Linux system. The traps will be received by the Linux system, and logged to the file /var/log/messages Why would you look for this file on the Windows system? and also I couldn't see any new thing in my linux command line Now do you see why I wanted you to try running things on the Linux box first? Because I forced you to do this, we know that the trap receiver aspects are working OK. So if the trap from the Windows agent isn't getting through, the problem must lie somewhere else. There are two basic possibilities - either the trap isn't being sent properly, or it's being sent but not received. My suspicion is actually the latter. Please try running the following command on the (receiving) Linux box: iptables -I INPUT -p tcp --dport 162 -j ACCEPT then re-start the Windows SNMP agent. Do you see anything in the Linux /var/log/messages file? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Yes but my agent and server in once . I set my snmp service to send trap on my IP then I went to my linux (VmWare) and I do setting about IPtable but I didn't see anything in linux log file So I have a question: IS THERE any different between Linux MIB file and windows MIB file? OR should I have change on linux server to get windows server Trap (THIS question is very important fot me) Thanks On Thu, Jul 26, 2012 at 3:39 AM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 25 July 2012 19:29, mohamad hosein jafari smhjafar...@gmail.com wrote: Yes I did this config snmp service to 192.168.150.227 and after restart agent I couldn't find this path ( /var/log/messages)in my windows command line . why? Think about what's happening here. You are sending traps *from* the windows box *to* the Linux system. The traps will be received by the Linux system, and logged to the file /var/log/messages Why would you look for this file on the Windows system? and also I couldn't see any new thing in my linux command line Now do you see why I wanted you to try running things on the Linux box first? Because I forced you to do this, we know that the trap receiver aspects are working OK. So if the trap from the Windows agent isn't getting through, the problem must lie somewhere else. There are two basic possibilities - either the trap isn't being sent properly, or it's being sent but not received. My suspicion is actually the latter. Please try running the following command on the (receiving) Linux box: iptables -I INPUT -p tcp --dport 162 -j ACCEPT then re-start the Windows SNMP agent. Do you see anything in the Linux /var/log/messages file? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 24 July 2012 01:24, mohamad hosein jafari smhjafar...@gmail.com wrote: I set snmptrap configure and then I change these conf file but I can't fine /etc/default/snmptrap.conf First thing - are you talking about snmptrap or snmptrapd? These are very different! Secondly, /etc/default is typically provided by a vendor installation (rather than when using a setup compiled from source), and is used to configure the settings used for *starting* a service (i.e. the command line options). It's not normally a place to put the run-time configuration file. So when I run a snmptrap instruction on my agent this instruction run but I don't have anything in my log file What exactly do you mean by run a snmptrap instruction? What command(s) are you running here? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
I run snmp trap demon and I get answer like this ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le You are explicitly telling the trap receiver to use the configuration file '/tmp/snmptrapd.conf' (That's the meaning of the -c option) Have you created this file? /tmp/snmptrapd.conf: No such file or directory Probably not :-) - but about I think I have problem in snmptrapd.conf because when I run snmptrap I don't have any error Again - are you talking about snmptrap, or snmptrapd? What exactly do you mean by run snmptrap If you run the command snmptrap with no options, then you *will* get an error, because that's not valid. What is the *exact* command(s) that you are running? I set my snmptrapd.conf like this : logOption f /var/log/snmptraps.log authCommunity log,execute,net public And where is this file located? and in this path : /etc/sysconfig/snmpd.options I set like this : OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP) That file, and those options are relating to the SNMP agent ('snmpd'). They are nothing to do with either the trap receiver ('snmptrapd') or the trap sender ('snmptrap'). Please don't confuse the various elements - they are different commands used for different purposes, and controlled by different files. and also I turnd my IPtable off for test but I dont have anything in my log file after I run snmptrap . I TEST my request in debian and I get true answer but in CentOS I didn't get any answer Please report *exactly* what you are doing. There's simply not enough detail in what you have said so far. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thanks my friend I want to use snmptrap but I think first of all I should config snmptrapd on my server to receive snmp information on server .Am I Right??? Or Please tell me true thing I run snmp trap demon and I get answer like this ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le You are explicitly telling the trap receiver to use the configuration file '/tmp/snmptrapd.conf' (That's the meaning of the -c option) Ok what is this problem? Have you created this file? /tmp/snmptrapd.conf: No such file or directory Probably not :-) No I can't find this file in this path . my snmptrapd.conf is in /etc/snmp/snmptrapd.conf . how I can make it in the path that you say? - but about I think I have problem in snmptrapd.conf because when I run snmptrap I don't have any error Again - are you talking about snmptrap, or snmptrapd? What exactly do you mean by run snmptrap If you run the command snmptrap with no options, then you *will* get an error, because that's not valid. What is the *exact* command(s) that you are running? I want to run snmp . I want to send information from agent to manager . I run this sample snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 I set my snmptrapd.conf like this : logOption f /var/log/snmptraps.log authCommunity log,execute,net public And where is this file located? in /etc/snmp/snmptrapd.conf I set this lines and in this path : /etc/sysconfig/snmpd.options I set like this : OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP) That file, and those options are relating to the SNMP agent ('snmpd'). They are nothing to do with either the trap receiver ('snmptrapd') or the trap sender ('snmptrap'). Please don't confuse the various elements - they are different commands used for different purposes, and controlled by different files. but I read in conf instruction level to set this line for agent and also I turnd my IPtable off for test but I dont have anything in my log file after I run snmptrap . I TEST my request in debian and I get true answer but in CentOS I didn't get any answer Please report *exactly* what you are doing. There's simply not enough detail in what you have said so far. I used this command for this work # /etc/init.d/iptables stop # chkconfig iptables off thanks for your help -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 24 July 2012 08:58, mohamad hosein jafari smhjafar...@gmail.com wrote: I want to use snmptrap but I think first of all I should config snmptrapd on my server to receive snmp information on server .Am I Right??? Correct my snmptrapd.conf is in /etc/snmp/snmptrapd.conf So why were you telling snmptrapd to look in /tmp ? If your snmptrapd.conf file is under /etc/snmp then try running snmptrapd -f -Le If that complains about no access control (and *only* if it complains) then try snmptrapd -c /etc/snmp/snmptrapd.conf -f -Le instead Run those command(s) - and please report back what it says. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
I use these command and I get this answer: NET-SNMP version 5.3.2.2 couldn't open udp:162 -- errno 98 (Address already in use) On Tue, Jul 24, 2012 at 12:36 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 24 July 2012 08:58, mohamad hosein jafari smhjafar...@gmail.com wrote: I want to use snmptrap but I think first of all I should config snmptrapd on my server to receive snmp information on server .Am I Right??? Correct my snmptrapd.conf is in /etc/snmp/snmptrapd.conf So why were you telling snmptrapd to look in /tmp ? If your snmptrapd.conf file is under /etc/snmp then try running snmptrapd -f -Le If that complains about no access control (and *only* if it complains) then try snmptrapd -c /etc/snmp/snmptrapd.conf -f -Le instead Run those command(s) - and please report back what it says. Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com wrote: I use these command and I get this answer: NET-SNMP version 5.3.2.2 couldn't open udp:162 -- errno 98 (Address already in use) OK - that shows you've already got a trap receiver running. Shut that down, and try again Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
you means I use Killall snmptrap command? On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com wrote: I use these command and I get this answer: NET-SNMP version 5.3.2.2 couldn't open udp:162 -- errno 98 (Address already in use) OK - that shows you've already got a trap receiver running. Shut that down, and try again Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
and why I can't find /etc/default/snmptrap.conf ??? can you help me? On Tue, Jul 24, 2012 at 12:46 PM, mohamad hosein jafari smhjafar...@gmail.com wrote: you means I use Killall snmptrap command? On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 24 July 2012 09:10, mohamad hosein jafari smhjafar...@gmail.com wrote: I use these command and I get this answer: NET-SNMP version 5.3.2.2 couldn't open udp:162 -- errno 98 (Address already in use) OK - that shows you've already got a trap receiver running. Shut that down, and try again Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 24 July 2012 09:16, mohamad hosein jafari smhjafar...@gmail.com wrote: you means I use Killall snmptrap command? No You are still getting confused between snmptrap and snmptrapd snmptrapd is the trap receiver - the program that runs all the time, listening for incoming traps and processing/logging them. snmptrap is used for generating traps - a command-line tool that is run individually. snmptrap sends the trap to snmptrapd Note the 'd' at the end of the name - this stands for daemon. It's the daemon (snmptrapd) that's running all the time, which is blocking the (new) daemon that you are trying to start. So it's the daemon that you need to shut down. Try killall snmptrapd Please try to keep these two clear in your mind (and in your messages). The potential for confusion if you mix them up is immense! Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
Thank yes I think because my agent and server is on 1 system I do your instruction to kill snmptrapd and then I rewrite that instruction snmptrapd -f -Le but my output take long time and I didn't receive anything so I stopped it this is my output NET-SNMP version 5.3.2.2 2012-07-23 17:26:38 NET-SNMP version 5.3.2.2 Stopped. -- On Tue, Jul 24, 2012 at 1:10 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 24 July 2012 09:16, mohamad hosein jafari smhjafar...@gmail.com wrote: you means I use Killall snmptrap command? No You are still getting confused between snmptrap and snmptrapd snmptrapd is the trap receiver - the program that runs all the time, listening for incoming traps and processing/logging them. snmptrap is used for generating traps - a command-line tool that is run individually. snmptrap sends the trap to snmptrapd Note the 'd' at the end of the name - this stands for daemon. It's the daemon (snmptrapd) that's running all the time, which is blocking the (new) daemon that you are trying to start. So it's the daemon that you need to shut down. Try killall snmptrapd Please try to keep these two clear in your mind (and in your messages). The potential for confusion if you mix them up is immense! Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
On 24 July 2012 12:19, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I think because my agent and server is on 1 system No - ther's absolutely no problem about running an SNMP agent and a trap receiver on the same system.They are different services, and listen on different network ports. They shouldn't interfere with each other in the slightest. I do your instruction to kill snmptrapd and then I rewrite that instruction snmptrapd -f -Le this is my output NET-SNMP version 5.3.2.2 Good - that seems to be working. but my output take long time and I didn't receive anything so I stopped it sigh No - please don't do that. You are quite correct - it's running for a long time. In fact it will keep running for ever, until you explicitly stop it. That's the whole point - you are running this as a trap receiver. It's expected to keep running - waiting to receive incoming traps, and logging them. It will do that for as long as the system is up. Eventually we'll look at having this run in the background, but for the time being - let's concentrate on checking that the basic sending/receiving of traps is working. Please re-start the 'snmptrapd' command again, and make sure it gives the same NET-SNMP version 5.3.2.2 output. (With no mention of access control) Assuming that works, and while it is still running in one terminal window. try running the snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 command you mentioned, in a different terminal window. Do you see anything in the first window? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
yes I did it and in the first window I got Log of my snmptrap instruction thanks But excuse me I have another question : How I can senf snmptrap by windows Agent? can you help me? Thanks On Tue, Jul 24, 2012 at 4:40 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 24 July 2012 12:19, mohamad hosein jafari smhjafar...@gmail.com wrote: yes I think because my agent and server is on 1 system No - ther's absolutely no problem about running an SNMP agent and a trap receiver on the same system.They are different services, and listen on different network ports. They shouldn't interfere with each other in the slightest. I do your instruction to kill snmptrapd and then I rewrite that instruction snmptrapd -f -Le this is my output NET-SNMP version 5.3.2.2 Good - that seems to be working. but my output take long time and I didn't receive anything so I stopped it sigh No - please don't do that. You are quite correct - it's running for a long time. In fact it will keep running for ever, until you explicitly stop it. That's the whole point - you are running this as a trap receiver. It's expected to keep running - waiting to receive incoming traps, and logging them. It will do that for as long as the system is up. Eventually we'll look at having this run in the background, but for the time being - let's concentrate on checking that the basic sending/receiving of traps is working. Please re-start the 'snmptrapd' command again, and make sure it gives the same NET-SNMP version 5.3.2.2 output. (With no mention of access control) Assuming that works, and while it is still running in one terminal window. try running the snmptrap -v 1 -c public 192.168.150.227 NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification 6 17 \netSnmpExampleInteger i 123456 command you mentioned, in a different terminal window. Do you see anything in the first window? Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
RE: SNMPTRAP doesn't work
If it is working on debian then you might have installed net snmp package differently maybe that is why it is not working on centos.Are you sure your snmptrapd.conf is located in tmp directory /tmp/snmptrapd.conf.Try reducing you snmptrapd.conf options and first try to make it run then try to diagnose where is the problem . Regards, Muhammad Waqas. Date: Tue, 24 Jul 2012 09:13:44 +0430 Subject: Re: SNMPTRAP doesn't work From: smhjafar...@gmail.com To: mohwaqa...@hotmail.com Thanks I run snmp trap demon and I get answer like this]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le/tmp/snmptrapd.conf: No such file or directory/tmp/snmptrapd.conf: No such file or directory Warning: no access control information configured.This receiver will *NOT* accept any incoming notifications.NET-SNMP version 5.3.2.2 ... and after that this process take long time and I should stop it - but about I think I have problem in snmptrapd.conf because when I run snmptrap I don't have any error but I don't have anything in my log file I set my snmptrapd.conf like this : logOption f /var/log/snmptraps.logauthCommunity log,execute,net public and in this path : /etc/sysconfig/snmpd.options I set like this : OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP) and also I turnd my IPtable off for test but I dont have anything in my log file after I run snmptrap . I TEST my request in debian and I get true answer but in CentOS I didn't get any answer On Tue, Jul 24, 2012 at 8:55 AM, Mohammad Waqas Athar mohwaqa...@hotmail.com wrote: Well if you are new to using net-snmp library you will come across such kind of problems. I think you are having problem setting up snmptrap daemon . If this is the case then 1- First of all make sure your snmptrapd.conf configuration file is in (any) directory as pointed out by `net-snmp-config --snmpconfpath` 2- Secondly make sure you flush your iptables rule by sudo iptables -F so that snmp trap messages are not blocked by firewall.3- Try to run snmptrap daemon using sudo /usr/local/sbin/snmptrapd -f -L o and generate a dummy snmptrap as given in net snmp tutorial and check does your daemon works or not. When you run snmptrap , you will get an error of some config file. Ignore that message if you follow the correct syntax then message would definitively be delivered to snmptrap daemon. Regards, Muhammad Waqas. Date: Tue, 24 Jul 2012 04:54:08 +0430 Subject: SNMPTRAP doesn't work From: smhjafar...@gmail.com To: net-snmp-users@lists.sourceforge.net Hi I set snmptrap configure and then I change these conf file but I can't fine /etc/default/snmptrap.conf So when I run a snmptrap instruction on my agent this instruction run but I don't have anything in my log file can you help me? ot can you tell me snmptrap step by step? thanks -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: SNMPTRAP doesn't work
I think I installed it correctly and for config I used this link http://www.cyberciti.biz/faq/linux-unix-bind-snmpd-to-specific-ip-address-interfaces/ and my snmptrapd.conf in in this path : /etc/snmp/snmptrapd.conf and contain : logOption f /var/log/snmptraps.log authCommunity log,execute,net public Do you have an other approach? thanks On Tue, Jul 24, 2012 at 9:36 AM, Mohammad Waqas Athar mohwaqa...@hotmail.com wrote: If it is working on debian then you might have installed net snmp package differently maybe that is why it is not working on centos.Are you sure your snmptrapd.conf is located in tmp directory /tmp/snmptrapd.conf.Try reducing you snmptrapd.conf options and first try to make it run then try to diagnose where is the problem . Regards, Muhammad Waqas. -- Date: Tue, 24 Jul 2012 09:13:44 +0430 Subject: Re: SNMPTRAP doesn't work From: smhjafar...@gmail.com To: mohwaqa...@hotmail.com Thanks I run snmp trap demon and I get answer like this ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le /tmp/snmptrapd.conf: No such file or directory /tmp/snmptrapd.conf: No such file or directory Warning: no access control information configured. This receiver will *NOT* accept any incoming notifications. NET-SNMP version 5.3.2.2 ... and after that this process take long time and I should stop it - but about I think I have problem in snmptrapd.conf because when I run snmptrap I don't have any error but I don't have anything in my log file I set my snmptrapd.conf like this : logOption f /var/log/snmptraps.log authCommunity log,execute,net public and in this path : /etc/sysconfig/snmpd.options I set like this : OPTIONS=-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP) and also I turnd my IPtable off for test but I dont have anything in my log file after I run snmptrap . I TEST my request in debian and I get true answer but in CentOS I didn't get any answer On Tue, Jul 24, 2012 at 8:55 AM, Mohammad Waqas Athar mohwaqa...@hotmail.com wrote: Well if you are new to using net-snmp library you will come across such kind of problems. I think you are having problem setting up snmptrap daemon . If this is the case then 1- First of all make sure your snmptrapd.conf configuration file is in (any) directory as pointed out by `net-snmp-config --snmpconfpath` 2- Secondly make sure you flush your iptables rule by sudo iptables -F so that snmp trap messages are not blocked by firewall. 3- Try to run snmptrap daemon using sudo /usr/local/sbin/snmptrapd -f -L o and generate a dummy snmptrap as given in net snmp tutorial and check does your daemon works or not. When you run snmptrap , you will get an error of some config file. Ignore that message if you follow the correct syntax then message would definitively be delivered to snmptrap daemon. Regards, Muhammad Waqas. -- Date: Tue, 24 Jul 2012 04:54:08 +0430 Subject: SNMPTRAP doesn't work From: smhjafar...@gmail.com To: net-snmp-users@lists.sourceforge.net Hi I set snmptrap configure and then I change these conf file but I can't fine /etc/default/snmptrap.conf So when I run a snmptrap instruction on my agent this instruction run but I don't have anything in my log file can you help me? ot can you tell me snmptrap step by step? thanks -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap problem after 1024 trap messages
On 16 April 2012 21:18, Norman Rädke normanrae...@gmx.de wrote: I using the NET-SNMP version 5.6.1. Hmmm It might be worth trying with the upcoming 5.6.2 release (or with v5.7.1). I've had a quick look through the ChangeLog, and there are various commits that refer to close() handling. Nothing that screams out to be clearly relevant to your problem, but it's worth checking to see. The error was logged by the threaded application The other suggestion I'd make would be to avoid the problem altogether by re-using the same session structure (and socket) each time the routine is called. Something like: static snmp_session *ss = NULL; if ( ss == NULL ) { snmp_session session; init_snmp(libpbmoninsp_trap); : ss = snmp_add(); } and then omit the termination block: snmp_close(ss); snmp_shutdown(libpbmoninsp_trap); SOCK_CLEANUP; That way you'd only have one session open all the time, and wouldn't need a separate socket for each call. Dave -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap problem after 1024 trap messages
Have you done an lsof to see which files are open? Are you sure it's a socket and not /dev/null or something like that? D. On 16 April 2012 21:18, Norman Rädke normanrae...@gmx.de wrote: I using the NET-SNMP version 5.6.1. Hmmm It might be worth trying with the upcoming 5.6.2 release (or with v5.7.1). I've had a quick look through the ChangeLog, and there are various commits that refer to close() handling. Nothing that screams out to be clearly relevant to your problem, but it's worth checking to see. The error was logged by the threaded application The other suggestion I'd make would be to avoid the problem altogether by re-using the same session structure (and socket) each time the routine is called. Something like: static snmp_session *ss = NULL; if ( ss == NULL ) { snmp_session session; init_snmp(libpbmoninsp_trap); : ss = snmp_add(); } and then omit the termination block: snmp_close(ss); snmp_shutdown(libpbmoninsp_trap); SOCK_CLEANUP; That way you'd only have one session open all the time, and wouldn't need a separate socket for each call. Dave -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap problem after 1024 trap messages
On 16 April 2012 15:03, Norman Rädke normanrae...@gmx.de wrote: within my threading application i send every second a trap message to a traphandler, but after 1024 mesages i have got the following error lines''. net-snmp: 2 error(s) in config file(s) /etc/snmp/snmp.conf: line 0: Error: maximum conf file count (4096) exceeded /var/net-snmp/libpbmoninsp_trap.conf: line 0: Error: maximum conf file count (4096) exceeded Is this error being logged by the threaded application, or the trap receiver? If it's the trap receiver, then what are the snmptrapd config settings? Also, which version of the Net-SNMP code are you using? Dave -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap problem after 1024 trap messages
I using the NET-SNMP version 5.6.1. The error was logged by the threaded application and not by the trap receiver. Norman 2012/4/16 Dave Shield d.t.shi...@liverpool.ac.uk On 16 April 2012 15:03, Norman Rädke normanrae...@gmx.de wrote: within my threading application i send every second a trap message to a traphandler, but after 1024 mesages i have got the following error lines''. net-snmp: 2 error(s) in config file(s) /etc/snmp/snmp.conf: line 0: Error: maximum conf file count (4096) exceeded /var/net-snmp/libpbmoninsp_trap.conf: line 0: Error: maximum conf file count (4096) exceeded Is this error being logged by the threaded application, or the trap receiver? If it's the trap receiver, then what are the snmptrapd config settings? Also, which version of the Net-SNMP code are you using? Dave -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap question
Thanks. Now my MIB declares a NOTIFICATION-TYPE: * mpbcRMHTrapCritical NOTIFICATION-TYPE OBJECTS { mpbcRMHAlarmNEID, mpbcRMHAlarmSlot, mpbcRMHAlarmModule, mpbcRMHAlarmID, mpbcRMHAlarmDescription, mpbcRMHAlarmStartTime } STATUS current DESCRIPTION Critical Trap alarm. ::= { mpbcRMHTrap 1 } * --- I don't understand the OBJECTS part. Can we send the values of all these objects in the trap details? Presently, what I get in the details of the trap is: *SNMPv3 Trap Pdu, MsgId = 1446431974, MaxSize = 65507 Flags = Auth/noPriv, SecurityModel = USM EngineId = [0x80001f88806f673b3b0b1f4da1], EngineBoots = 161, EngineTime = 3, UserName = [testrwauth] ContextEngineId = [0x80001f88806f673b3b0b1f4da1], ContextName = [] Request Id = 1843318089, Error Status = 0 , Error Index = 0 Oid1 = sysUpTime.0 , Type = TimeTicks, Value = 48 hrs: 15 min: 02 sec Oid2 = snmpModules.1.1.4.1.0 , Type = ObjectID, Value = mpbcRMH-TrapCritical * TIA, S On Wed, Jan 11, 2012 at 5:21 PM, Dave Shield d.t.shi...@liverpool.ac.ukwrote: On 11 January 2012 21:31, Simon Chamlian simon.chaml...@gmail.com wrote: I'm issuing the following snmptrap command: snmptrap -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.34 42 MPBC-RMH-MIB::mpbcRMH-Mon-HPU-State What is the definition of the MIB object mpbcRMH-Mon-HPU-State ? Is this defined as OBJECT-TYPE or NOTIFICATION-TYPE? If it's defined as a MIB object (rather than as a Notification), then it's not valid to use it here. 1) This is returning the ObjectID in the summary of my trap window (i.e, my trap log has 4 columns: Time, Source, Type and Summary). Instead of getting the ObjectdID in the Summary, is it possible to get the 'Value' this OID? The snmptrap command takes two basic parameters: - an integer (the sysUpTime value) - an OID(of a Notification-Type object) This is then optionally followed by a number of OID-type-value triplets (in the same form as would be used for snmpset) So if the notification definition lists four payload objects, then the snmptrap command should look something like snmptrap 42 myTrapOID myTime.1 t 12345 mySource.1 a 1.2.3.4 myType.1 i99 mySummary.1 s The Good, the Bad and the Ugly (with suitable varbind triples for the four payload elements) Yes, the trap can contain the required values, but you'll need to specify these as part of the snmptrap command. 2) the 42 right after the IP address, what does it do? This is the sysUpTime.0 value. From the snmptrap(1) man page: snmptrap -v [2c|3] [COMMON OPTIONS] [-Ci] uptime trap-oid [OID TYPE VALUE]... In your exapmle 42 is the parameter 'uptime' mpbcRMH-Mon-HPU-State is the parameter 'trap-oid' Dave -- RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap question
On 11 January 2012 21:31, Simon Chamlian simon.chaml...@gmail.com wrote: I'm issuing the following snmptrap command: snmptrap -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.34 42 MPBC-RMH-MIB::mpbcRMH-Mon-HPU-State What is the definition of the MIB object mpbcRMH-Mon-HPU-State ? Is this defined as OBJECT-TYPE or NOTIFICATION-TYPE? If it's defined as a MIB object (rather than as a Notification), then it's not valid to use it here. 1) This is returning the ObjectID in the summary of my trap window (i.e, my trap log has 4 columns: Time, Source, Type and Summary). Instead of getting the ObjectdID in the Summary, is it possible to get the 'Value' this OID? The snmptrap command takes two basic parameters: - an integer (the sysUpTime value) - an OID(of a Notification-Type object) This is then optionally followed by a number of OID-type-value triplets (in the same form as would be used for snmpset) So if the notification definition lists four payload objects, then the snmptrap command should look something like snmptrap 42 myTrapOID myTime.1 t 12345 mySource.1 a 1.2.3.4 myType.1 i99 mySummary.1 s The Good, the Bad and the Ugly (with suitable varbind triples for the four payload elements) Yes, the trap can contain the required values, but you'll need to specify these as part of the snmptrap command. 2) the 42 right after the IP address, what does it do? This is the sysUpTime.0 value. From the snmptrap(1) man page: snmptrap -v [2c|3] [COMMON OPTIONS] [-Ci] uptime trap-oid [OID TYPE VALUE]... In your exapmle 42 is the parameter 'uptime' mpbcRMH-Mon-HPU-State is the parameter 'trap-oid' Dave -- Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap
[ First - *please* don't mail me privately, without copying any responses to the mailing list. I don't have the time or inclination to offer private, unpaid, SNMP consultancy. Keep discussions to the list, where others can both learn and offer advice. Thanks. ] On 3 January 2012 16:46, Simon Chamlian simon.chaml...@gmail.com wrote: I taught snmptrapd.conf is for snmptrapd (the trap daemon)? Yes - that's quite correct. But we have been discussing the use of snmpinform - i.e. sending acknowledged SNMPv3 notifications to a trap receiver such as snmptrapd. In this situation, the trap receiver (snmptrapd) is the authoritative SNMP engine, so the SNMPv3 user must be known to that application. Hence if you're using snmptrapd, then you need to set up a 'createUser' entry in the snmptrapd.conf file. Even if I don't use the trap daemon, I still need to configure the users in snmptrapd.conf? If you are sending SNMPv3 informs to some receiving application, then you need to configure the necessary users into that application. If you're using snmptrapd, then this will be done using snmptrapd.conf If you're using a different trap receiver, then you will need to consult the documentation for that receiver to find out how to configure SNMPv3 users. Dave -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap/snmpinform port number
On 3 January 2012 18:36, Simon Chamlian simon.chaml...@gmail.com wrote: snmpinform/snmptrap port number is set to 162 by default. Is there any way we can change the port number through command line or it is hard coded? $ man snmpcmd AGENT SPECIFICATION The string AGENT in the SYNOPSIS above specifies the remote SNMP entity with which to communicate. This specification takes the form: [transport-specifier:]transport-address transport-specifier transport-address format udp hostname[:port] or IPv4-address[:port] tcp hostname[:port] or IPv4-address[:port] Here are some examples, along with their interpretation: hostname:161perform query using UDP/IPv4 datagrams to host- name on port 161. The :161 is redundant here since that is the default SNMP port in any case. udp:hostnameidentical to the previous specification. The udp: is redundant here since UDP/IPv4 is the default transport. TCP:hostname:1161 connect to hostname on port 1161 using TCP/IPv4 and perform query over that connection. Dave -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap
On 22 December 2011 21:41, Simon Chamlian simon.chaml...@gmail.com wrote: I tried: # snmptrap -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.65 42 mpbcRMHMon-HPU-State Try loading the MIB file that defines this object - either by using the '-m' option to list the name of the MIB module, or by specifying the MIB object in the formMY-MIB::myObject See the FAQ entry How do I add a MIB to the tools for more details. Alternatively, give the numeric OID instead of the name. Dave -- Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: snmptrap
Actually, [root@M54418TWR root]# snmpinform -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.65 42 coldStart.0 *Authentication failed for testrwaut*h [root@M54418TWR root]# I get authentication failed message but I do receive the inform on 172.27.52.65. Any hints? Thanks, Simon On Thu, Dec 22, 2011 at 4:41 PM, Simon Chamlian simon.chaml...@gmail.comwrote: Hi, How do I send a trap on one of my own OID? I tried: [root@M54418TWR root]# snmptrap -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.65 42 mpbcRMHMon-HPU-State mpbcRMHMon-HPU-State: Unknown Object Identifier (Sub-id not found: (top) - mpbcRMHMon-HPU-State) [root@M54418TWR root]# Note that: snmpinform -v 3 -u testrwauth -a MD5 -A authentication test -l authNoPriv 172.27.57.65 42 coldStart.0 works fine. Thanks, Simon -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Hey Dave, Good afternoon. Does this help with keeping the source IP to be the original IP (source natting)? As long as I keep all the configs the same regardless of the file it uses, it shouldn't be an issue. Anywhere is that config: [root@em7-freebsd /usr/local/etc/rc.d]# cat snmptrapd #!/bin/sh # # $FreeBSD: ports/net-mgmt/net-snmp/files/snmptrapd.sh.in,v 1.2 2010/03/27 00:14:24 dougb Exp $ # # PROVIDE: snmptrapd # REQUIRE: DAEMON # # Add the following line to /etc/rc.conf to enable snmptrapd: # # snmptrapd_enable=YES # snmptrapd_enable=${snmptrapd_enable-NO} snmptrapd_flags=${snmptrapd_flags--p /var/run/snmptrapd.pid} . /etc/rc.subr load_rc_config net_snmptrapd if [ ! -z $net_snmptrapd_enable ]; then echo Warning: \$net_snmptrapd_enable is obsoleted. echo Use \$snmptrapd_enable instead. snmptrapd_enable=$net_snmptrapd_enable [ ! -z $net_snmptrapd_flags ] snmptrapd_flags=$net_snmptrapd_flags fi name=snmptrapd rcvar=`set_rcvar` command=/usr/local/sbin/${name} pidfile=/var/run/${name}.pid load_rc_config ${name} run_rc_command $1 Thanks as still cannot seem to get source forwarding/natting to work. Sincerely, George --- On Fri, 7/1/11, Dave Shield d.t.shi...@liverpool.ac.uk wrote: From: Dave Shield d.t.shi...@liverpool.ac.uk Subject: Re: Snmptrap not forwarding on proper port To: George ai...@yahoo.com Cc: net-snmp-users@lists.sourceforge.net net-snmp-users@lists.sourceforge.net Date: Friday, July 1, 2011, 5:07 PM On 1 July 2011 21:10, George ai...@yahoo.com wrote: Still no go: Ok - rather than trying to guess where the config files should go, it's probably worth checking this properly. Have a look at the /usr/local/etc/rc.d/snmptrapd script First, see if it specifies an explicit config file location. If so, then try copying the file there. If the rc.d script doesn't specify the config file, then check that script to see where the snmptrapd binary is. Run that using the option -Dread_config which should display the search path that it's using. What does that report? Dave -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Hey Dave, Here are the results: Jul 1 12:03:41 freebsd snmptrapd[7647]: UNKNOWN [UDP: [10.1.1.228]:35113-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095462) 20 days, 20:15:54.62, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 12:03:42 freebsd snmptrapd[7647]: UNKNOWN [UDP: [10.1.1.228]:52548-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095599) 20 days, 20:15:55.99, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 12:03:43 freebsd snmptrapd[7647]: UNKNOWN [UDP: [10.1.1.228]:39409-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095727) 20 days, 20:15:57.27, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 12:03:44 freebsd snmptrapd[7647]: UNKNOWN [UDP: [10.1.1.228]:42274-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095853) 20 days, 20:15:58.53, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo [root@freebsd /usr/local/etc/rc.d]# cat /usr/local/share/snmp/snmptrapd.conf disableAuthorization yes format2 '%B [%b]: %A [%a]: Trap %#v\n' authCommunity log,execute,net public forward default udp:10.1.1.227:162 snmpd --version NET-SNMP version: 5.5 Web: http://www.net-snmp.org/ Email: net-snmp-cod...@lists.sourceforge.ne And yes, have executed the command 4 times: [root@cu-dev ~]# snmptrap -v 2c -c public 10.1.1.234 UCD-DEMO-MIB::ucdDemoPublic SNMPv2-MIB::sysLocation.0 s yahoo Thanks. George -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 1 July 2011 17:07, George ai...@yahoo.com wrote: Here are the results: Hmmm.. I'm really not convinced by these results. Breaking down an example log entry gives Jul 1 12:03:41 freebsd snmptrapd[7647]: UNKNOWN [UDP: [10.1.1.228]:35113-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (180095462) ..., SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo which shows a single name [address] pair (albeit with a somewhat complex address string!) However the format string that you claim to be using format2 '%B [%b]: %A [%a]: Trap %#v\n' should have *TWO* such pairs. I strongly suspect that the snmptrapd that you are running is not using this particular config file. Try copying the same config file to /etc/snmp/snmptrapd.conf and restart the snmptrapd process. Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Hey Dave, Still no go: [root@freebsd /usr/local/etc/rc.d]# find / -name snmptrapd.conf /usr/local/share/snmp/snmptrapd.conf /var/log/snmptrapd.conf /var/net-snmp/snmptrapd.conf /etc/snmptrapd.conf yahoo[root@freebsd ~]# cp /usr/local/share/snmp/snmptrapd.conf /etc/snmptrapd.conf [root@freebsd /usr/local/etc/rc.d]# cat /etc/snmptrapd.conf disableAuthorization yes format2 '%B [%b]: %A [%a]: Trap %#v\n' authCommunity log,execute,net public forward default udp:10.1.1.227:162 #authCommunity net public forward default udp:10.1.1.227:162 public [root@freebsd /usr/local/etc/rc.d]# cat /usr/local/share/snmp/snmptrapd.conf disableAuthorization yes format2 '%B [%b]: %A [%a]: Trap %#v\n' authCommunity log,execute,net public forward default udp:10.1.1.227:162 #authCommunity net public forward default udp:10.1.1.227:162 public [root@freebsd ~]# cd /usr/local/etc/rc.d/ [root@freebsd /usr/local/etc/rc.d]# ./snmpd stop Stopping snmpd. Waiting for PIDS: 7655. [root@freebsd /usr/local/etc/rc.d]# ./snmptrapd stop Stopping snmptrapd. Waiting for PIDS: 7647. [root@freebsd /usr/local/etc/rc.d]# ./snmptrapd start Starting snmptrapd. [root@freebsd /usr/local/etc/rc.d]# ./snmpd start Starting snmpd. tail -50 /var/log/messages Jul 1 16:02:15 freebsd snmptrapd[8876]: UNKNOWN [UDP: [10.1.1.228]:49790-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (181526663) 21 days, 0:14:26.63, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 16:02:16 freebsd snmptrapd[8876]: UNKNOWN [UDP: [10.1.1.228]:38519-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (181526798) 21 days, 0:14:27.98, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 16:02:17 freebsd snmptrapd[8876]: UNKNOWN [UDP: [10.1.1.228]:47399-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (181526894) 21 days, 0:14:28.94, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jul 1 16:02:38 freebsd snmptrapd[8876]: UNKNOWN [UDP: [10.1.1.228]:44626-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (181528987) 21 days, 0:14:49.87, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: Let me know what you think. Thanks again. Sincerely, George -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 1 July 2011 21:10, George ai...@yahoo.com wrote: Still no go: Ok - rather than trying to guess where the config files should go, it's probably worth checking this properly. Have a look at the /usr/local/etc/rc.d/snmptrapd script First, see if it specifies an explicit config file location. If so, then try copying the file there. If the rc.d script doesn't specify the config file, then check that script to see where the snmptrapd binary is. Run that using the option -Dread_config which should display the search path that it's using. What does that report? Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 29 June 2011 17:45, George ai...@yahoo.com wrote: but note that ./snmptrapd -f -Le did not keep the screen up on freebsd to view the data live Strange What version of snmptrapd is this? Jun 29 12:43:46 freebsd snmptrapd[93523]: UNKNOWN [UDP: [10.1.1.228]:50079-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (163058628) 18 days, 20:56:26.28, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo You issued the same 'snmptrap' command three times, yes? What is the format2 string that you're using? Because this looks more like the default layout, rather than the format2 '%B [%b]: %A [%a]: Trap %#v\n' output that I was suggesting. Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Hey Dave, This didn't work: [root@freebsd /usr/local/etc/rc.d]# vi /usr/local/share/snmp/snmptrapd.conf disableAuthorization yes format2 '%B [%b]: Trap %#v\n' authCommunity log,execute,net public forward default udp:10.1.1.227:162 Any ideas? When I look at the raw packets the source IP is still the freebsd machine. Thanks. Sincerely, George -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Why just a v1 trap? Doesn't this work on other types? Thanks. George Sent from my iPhone On Jun 28, 2011, at 5:21 AM, Dave Shield d.t.shi...@liverpool.ac.uk wrote: On 27 June 2011 19:02, George ai...@yahoo.com wrote: how do I preserve the original IP address that sent the trap? The IP address is reported using '%a' The hostname is reported using '%A' Not sure of the syntax to use in the snmptrapd.conf file since ./snmptradd start -%a or -%A did not work. Try format1 'Testing: %a: %W Trap (%q) Uptime: %#T%#v\n' (within the snmptrapd.conf file), and send a v1 trap to snmptrapd. See what gets reported Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 28 June 2011 21:26, George ai...@yahoo.com wrote: This didn't work: [root@freebsd /usr/local/etc/rc.d]# vi /usr/local/share/snmp/snmptrapd.conf disableAuthorization yes format2 '%B [%b]: Trap %#v\n' authCommunity log,execute,net public forward default udp:10.1.1.227:162 Let's simplify things for a moment. Forget about forwarding traps to another server for now. Concentrate on what things look like at the initial receiver. Try the following: Tweak the snmptrapd.conf file so that the format2 line looks like format2 '%B [%b]: %A [%a]: Trap %#v\n' and send it a trap. What does the output look like? Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 29 June 2011 16:08, George ai...@yahoo.com wrote: how do I look at the output? Well, it's probably being logged to the default log file (typically something like /var/log/messages). I'm afraid I can't be more specific, as you've not given any indication as to what O/S you are working with. The simplest way to see what's happening is to run the trap receiver using snmptrapd -f -Le and then you can see the output printed directly. Whenever I get the packets from the receiving trap machine from the forwarding machine Forget about trap forwarding for the time being. That's just making things more complicated. Start with a simple setup - an agent sending directly to a single trap receiver, which logs what it receives. Try that with the configuration I suggested. What gets displayed? Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Apologize as here is the info from the debug, but note that ./snmptrapd -f -Le did not keep the screen up on freebsd to view the data live : Jun 29 12:13:52 freebsd snmptrapd[93374]: registering pdu failed: 263! Jun 29 12:13:52 freebsd last message repeated 22 times Jun 29 12:13:52 freebsd snmptrapd[93374]: getaddrinfo: start hostname nor servname provided, or not known Jun 29 12:13:52 freebsd snmptrapd[93374]: getaddrinfo(start, NULL, ...): hostname nor servname provided, or not known Jun 29 12:13:52 freebsd snmptrapd[93374]: couldn't open start -- errno 9 (Bad file descriptor) Jun 29 12:13:57 freebsd snmptrapd[93375]: registering pdu failed: 263! Jun 29 12:13:57 freebsd last message repeated 22 times Jun 29 12:13:57 freebsd snmptrapd[93375]: getaddrinfo: start hostname nor servname provided, or not known Jun 29 12:13:57 freebsd snmptrapd[93375]: getaddrinfo(start, NULL, ...): hostname nor servname provided, or not known Jun 29 12:13:57 freebsd snmptrapd[93375]: couldn't open start -- errno 9 (Bad file descriptor) Jun 29 12:43:46 freebsd snmptrapd[93523]: UNKNOWN [UDP: [10.1.1.228]:50079-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (163058628) 18 days, 20:56:26.28, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jun 29 12:44:11 freebsd snmptrapd[93523]: UNKNOWN [UDP: [10.1.1.228]:49540-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (163061120) 18 days, 20:56:51.20, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo Jun 29 12:44:13 freebsd snmptrapd[93523]: UNKNOWN [UDP: [10.1.1.228]:59528-[0.0.0.0]]: Trap , DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (163061257) 18 days, 20:56:52.57, SNMPv2-MIB::snmpTrapOID.0 = OID: UCD-DEMO-MIB::ucdDemoPublic, SNMPv2-MIB::sysLocation.0 = STRING: yahoo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
Trap being sent: snmptrap -v 2c -c public 10.1.1.234 UCD-DEMO-MIB::ucdDemoPublic SNMPv2-MIB::sysLocation.0 s yahoo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 27 June 2011 19:02, George ai...@yahoo.com wrote: how do I preserve the original IP address that sent the trap? The IP address is reported using '%a' The hostname is reported using '%A' Not sure of the syntax to use in the snmptrapd.conf file since ./snmptradd start -%a or -%A did not work. Try format1 'Testing: %a: %W Trap (%q) Uptime: %#T%#v\n' (within the snmptrapd.conf file), and send a v1 trap to snmptrapd. See what gets reported Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 28 June 2011 13:13, George ai...@yahoo.com wrote: Why just a v1 trap? Doesn't this work on other types? Of course it does. It's just that you'd need to use the format2 directive for SNMPv2/3 notifications. So given that I'd suggested using a format1 directive for testing, then you'd need to send a v1 trap to trigger it. If you prefer to work with SNMPv2 (or SNMPv3) notifications, then feel free to use format2 instead. Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 28 June 2011 15:33, George ai...@yahoo.com wrote: How do I use the format 2 option properly? Same way as format1. Something like $ cat snmptrapd.conf disableAuthorization yes format2 '%B [%b]: Trap %#v\n' Dave -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Re: Snmptrap not forwarding on proper port
On 23 June 2011 20:13, George ai...@yahoo.com wrote: [root@xxx /usr/local/etc/rc.d]# vi /etc/snmptrapd.conf disableAuthorization yes authCommunity net public forward default udp:10.1.1.227:162 public I presume this last entry should be split over two lines? [root@xxx /usr/local/etc/rc.d]# cat /etc/snmpd.conf rocommunity public rocommunity public localhost trapsink localhost public 162 trap2sink localhost public 162 trap2sink 10.1.1.227 public 162 Do you really want two copies of each trap sent to the snmptrapd running on the local machine, plus another copy sent directly to the remote server? (As well as the additional copy that's forwarded to the remote server by snmptrapd) Any ideas as to what is setup incorrectly? Have you checked the firewall configuration on the destination host? Is it accepting connections to port 162? Try running the local snmptrapd with the flags -f -Le -d That will let you see packet dumps of the traffic coming in and out. Do you see the traps being received and forwarded? Dave -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users