Page 4 of 6

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 10:30 am
by cdienger
Try running it and saving the output files in /var /or /tmp.

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 6:18 pm
by chris1337c
I have left it running over the weekend, I am looking for the output files now. I do not know how to run what you are asking to be honest.


Chris

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 6:24 pm
by chris1337c
I have searched the whole directory with WinSCP for "output" and found nothing, I even double checked the /root directory in which we had specified the output to.

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 6:27 pm
by chris1337c
Code: Select all
nohup tcpdump -Z root -s 0 -i any port 161 and host a.b.c.d -C 10 -W 5 -w /full/path/to/output/file/output.pcap &


What would I change to define what you are asking?

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 6:31 pm
by chris1337c
Someone mentioned I should try with the dst in the command, so I just ran this:
Code: Select all
nohup tcpdump -Z root -s 0 -i any "dst host IPHEREOBV and dst port 161" -C 10 -W 5 -w output.pcap &

Re: check_snmp_synology - False Positives

PostPosted: Wed Jan 02, 2019 6:35 pm
by chris1337c
By the way the comment above ^ with the "dst", I just started seeing the output file's build. I will collect the data and report back, now that I know TCPDUMP is logging correctly.

Re: check_snmp_synology - False Positives

PostPosted: Thu Jan 03, 2019 3:01 pm
by chris1337c
I am still capturing the TCPDumps, however I used the iReasoning MIB Browser, I find it interesting when it runs the UPS OID's they take a very long time and skip over to the next OID number up .4 -> .5

Not sure if this is a possibility of root cause, but could you please review the plugin and help me comment out the UPS checks as the UPS isn't even configured for this device? I have the UPS settings disabled on the Synology itself as well, I am wondering if this is the issue.

Re: check_snmp_synology - False Positives

PostPosted: Thu Jan 03, 2019 4:57 pm
by cdienger
It looks like the script will not gather ups info unless the -U option is used when running the command:

Code: Select all
echo "            -U            Show informations about the connected UPS (only information, no control)"

Re: check_snmp_synology - False Positives

PostPosted: Thu Jan 03, 2019 7:15 pm
by chris1337c
I made 5 variations of the file, tomorrow I will post the output.pcap logs

1) Temp removed

2) Temp/HD Temp removed

3) Temp/HDTemp and SNMP Timeout increased "90"

4)Temp/HDTemp and SNMP Timeout increased "90" UPS Model Removed

5) Temp/HDTemp and SNMP Timeout increased "90" UPS Completely removed

Re: check_snmp_synology - False Positives

PostPosted: Fri Jan 04, 2019 10:08 am
by chris1337c
[01-04-2019 08:22:35] SERVICE ALERT: DC_SAN;Global Health Status;CRITICAL;SOFT;1;(Service check timed out after 180.01 seconds)
Informational Message[01-04-2019 08:22:35] Warning: Check of service 'Global Health Status' on host 'DC_SAN' timed out after 180.011s!
Informational Message[01-04-2019 08:22:35] wproc: early_timeout=1; exited_ok=0; wait_status=0; error_code=62;
Informational Message[01-04-2019 08:22:35] wproc: host=DC_SAN; service=Global Health Status;
Informational Message[01-04-2019 08:22:35] wproc: CHECK job 229173 from worker Core Worker 14080 timed out after 180.01s
Informational Message[01-04-2019 08:22:35] wproc: Core Worker 14080: job 229173 (pid=5983) timed out. Killing it


Just copied the TCPDump files over to my laptop, I will be posting the timeout info shortly.