SNMP MIB Problem with Sonicwall

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
ffnm
Posts: 5
Joined: Wed Mar 17, 2010 3:06 pm

SNMP MIB Problem with Sonicwall

Post by ffnm »

Hello,

I am currently testing out Nagios XI 2009R1.1F. I have read through the following MIB post since I have not found any documentation on this.

http://support.nagios.com/forum/viewtop ... t=MIB#p375

I was able to import the mib files to the server and also tested the mib by using the following command

root# snmptranslate -On SW-FIREWALL-TRAP::swTrapInfoSaStatus
.1.3.6.1.4.1.8741.1.1.1.1.14

As far as I can tell the MIB is working. So in the SNMP setup I configured the following so I can see if the VPN Tunnel ever goes down (1 is up and 2 is down), I based this logic on the ifOperStatus.1 example that is listed under SNMP Configure

Image

So after I load the setting into Nagios XI I get the following error under the

Views < My views < Service Detail

SNMP CRITICAL - *No Such Object available on this agent at this OID*

Now if I go back and run the command for snmptranslate I get the following

# snmptranslate -On SW-FIREWALL-TRAP::swTrapInfoSaStatus.2
.1.3.6.1.4.1.8741.1.1.1.1.14.2

I have also tried the following in configuring the SNMP Services with no luck

OID|STRING to Match
swTrapInfoSaStatus|1,2
swTrapInfoSaStatus.1|1
swTrapInfoSaStatus.2| 2

I am not sure how to get this to work, any help on this would be great.

Thanks,

Joey T.
User avatar
admin
Site Admin
Posts: 256
Joined: Mon Oct 12, 2009 8:21 am

Re: SNMP MIB Problem with Sonicwall

Post by admin »

Hi Joey -

Try running the following command from a prompt and see what output you get. Replace <ipaddress> with the address of the Sonicwall:

Code: Select all

/usr/local/nagios/libexec/check_snmp -H <ipaddress>  -C public -P 2c -o swTrapInfoSaStatus.2 -l "IPSec Tunnel Down" -m SW-FIREWALL-TRAP -r "2"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Ethan Galstad
President
ffnm
Posts: 5
Joined: Wed Mar 17, 2010 3:06 pm

Re: SNMP MIB Problem with Sonicwall

Post by ffnm »

Here is the response I got back after updating the <ipaddress> of the Sonicwall

root# /usr/local/nagios/libexec/check_snmp -H <ipaddress> -C public -P 2c -o swTrapInfoSaStatus.2 -l "IPSec Tunnel Down" -m SW-FIREWALL-TRAP -r "2"
IPSec Tunnel Down CRITICAL - *No Such Object available on this agent at this OID* |

I also ran it like this removing the 2 from the swTrapInfoSaStatus and the -r option

root# /usr/local/nagios/libexec/check_snmp -H <ipaddress> -C public -P 2c -o swTrapInfoSaStatus -l "IPSec Tunnel Down" -m SW-FIREWALL-TRAP -r ""
IPSec Tunnel Down OK - No Such Object available on this agent at this OID |

Thanks for the quick response. Also if you need to look at the mib files they are located here http://joeytroy.com/mib

Thanks,
Joey T.
User avatar
admin
Site Admin
Posts: 256
Joined: Mon Oct 12, 2009 8:21 am

Re: SNMP MIB Problem with Sonicwall

Post by admin »

Hmm, try running it without the friendly OID and use the number instead like this:

Code: Select all

/usr/local/nagios/libexec/check_snmp -H <ipaddress> -C public -P 2c -o .1.3.6.1.4.1.8741.1.1.1.1.14 -l "IPSec Tunnel Down" -r ""
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Ethan Galstad
President
ffnm
Posts: 5
Joined: Wed Mar 17, 2010 3:06 pm

Re: SNMP MIB Problem with Sonicwall

Post by ffnm »

Same response as before.

IPSec Tunnel Down OK - No Such Object available on this agent at this OID |
mmestnik
Posts: 972
Joined: Mon Feb 15, 2010 2:23 pm

Re: SNMP MIB Problem with Sonicwall

Post by mmestnik »

This is the wrong oid. This oid is send by the device to an snmptrap server. To lookup the current status of an IPSec Tunnel via check_snmp you will have to use a different oid.

There are ways to setup traps, but these are better for normally good checks(like CPU temperature and SCSI raid failures) then checking for software problems like weather two devices are connected.
User avatar
admin
Site Admin
Posts: 256
Joined: Mon Oct 12, 2009 8:21 am

Re: SNMP MIB Problem with Sonicwall

Post by admin »

Hadn't thought about that Mike - nice catch. Joey, can you run snmpwalk to query the available OIDs on the Sonicwall? That should give you a list of valid OIDs that can be queried using the check_snmp plugin as an active check.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Ethan Galstad
President
ffnm
Posts: 5
Joined: Wed Mar 17, 2010 3:06 pm

Re: SNMP MIB Problem with Sonicwall

Post by ffnm »

Ok I think I have found my problem. The trap I am trying to set is located under private in the MIB, does this make a difference in the way we need to load the OID?

Image

Now I noticed in this file the Object ID is the following
.iso.org.dod.internet.private.enterprises.sonicwall.sonicwallFw.sonicwallFwTrapModule.sonicwallFwTrapInfo.swTrapInfoTable.swTrapInfoSaStatus

Whe I ran the snmpwalk command I noticed the following on the OID is different then what I am trying to load

[root@localhost ~]# snmpwalk -v2c -Onf -c public <ipaddress>
snmpwalk -v2c -Onf -c public <ipaddress>
.iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = STRING: SonicWALL PRO 2040 Enhanced (SonicOS Enhanced 4.2.0.1-12e)
.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0 = OID: .iso.org.dod.internet.private.enterprises.8741.1

Since I am still learning all the SNMP/MIB/OID stuff I am not sure if this helps, however I thought I would post it.

Thanks,

Joey
ffnm
Posts: 5
Joined: Wed Mar 17, 2010 3:06 pm

Re: SNMP MIB Problem with Sonicwall

Post by ffnm »

I also retried the following commang by adding .txt at the end of the MIB and got back some more data

[root@localhost ~]# /usr/local/nagios/libexec/check_snmp -H <ipaddress> -C public -P 2c -o swTrapInfoSaStatus.2 -l "IPSec Tunnel Down" -m SONICWALL-FIREWALL-TRAP-MIB.txt -r "2"
IPSec Tunnel Down problem - No data received from host
CMD: /usr/bin/snmpget -t 1 -r 5 -m SONICWALL-FIREWALL-TRAP-MIB.txt -v 2c [authpriv] <ipaddress> swTrapInfoSaStatus.2

I also tried the command like the following after reading the following post http://forums.meulie.net/viewtopic.php?f=62&t=4291

[root@localhost ~]# /usr/local/nagios/libexec/check_snmp -H 192.168.1.213 -C public -P 2c -o -m SONICWALL-FIREWALL-TRAP-MIB.txt .1.3.6.1.4.1.8741.1.1.1.1.14 -l "IPSec Tunnel Down"
IPSec Tunnel Down problem - No data received from host
CMD: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 2c [authpriv] 192.168.1.213:161 -m
mmestnik
Posts: 972
Joined: Mon Feb 15, 2010 2:23 pm

Re: SNMP MIB Problem with Sonicwall

Post by mmestnik »

ffnm,
I'm sorry to say that SNMP-Traps and SNMP-Quires are two different things. You can't use the oid of a Trap in a Quire, oid(s) are any/all of readable/writable/trappable. The oids you are trying to read are not readable or writable, they are only trappable.

You will need to find another oid that is readable, as Admin suggested use snmpwalk to list most of the oids that are readable on your device.
Locked