SNMP Traps not working - SNMP authentication Failure

Tarrida · Post by **Tarrida** » Tue Feb 28, 2017 3:55 am

Hey Guys,

since yesterday i'm trying to get SNMP Traps for Sophos Endpoint Control working on my new nagios xi server.
First of all, i have no deep experience with nagios / linux.
The fist thing i have done, was working with the document https://assets.nagios.com/downloads/nag ... ios_XI.pdf
After that i configured Traps for a Server and it wasnt working.
I had a look to the snmptt.log an saw only these entries: Tue Feb 28 09:39:33 2017 .1.3.6.1.6.3.1.1.5.5 Warning "Status Events" <mySophosServerName>- SNMP athentication failure
I did some research and did the steps in this document: https://support.nagios.com/kb/article.php?id=77 (only the Steps under "Install SNMPTT on Nagios XI SNMP Receiver Server")

Unfortunatelly i get the same error in the snmptt.log

Trap was generated for the sophos server and my workstation in nagios xi cli.
Status is: Waiting for trap...

I tested it with an eicar testvirus on my workstation and on the server - no luck.
Mysterious is, that my workstation never showed up in the snmptt.log

Please guys, give me some help/ input - i m stuck

best regards,

Tony

dwhitfield · Post by **dwhitfield** » Tue Feb 28, 2017 2:39 pm

What's the output of ll /usr/share/snmp/mibs/?

If you see the Sophos mib, can you attach it?

Please also attach your snmptt.conf and your snmptt.ini.

Did you use snmpttconvert or addmib? You should use addmib.

Tarrida · Post by **Tarrida** » Wed Mar 01, 2017 3:01 am

Hi dwhitfield,

thanks for your reply!

i see a lot of .txt files in there, and the sophos mib. I added the sophos mib with nagiosxi gui. ("admin -> manage mibs -> browse ... etc.")
Here is the output. I also atteched the mib file wich was sent to me by the sophos support team.

-rw-rw-r-- 1 apache apache 6617 Feb 28 11:33 sophos-sav-mib

Code: Select all

[root@localhost ~]# ll /usr/share/snmp/mibs/
total 1804
-rw-r--r-- 1 root   nagios  17455 Aug 23  2016 AGENTX-MIB.txt
-rw-r--r-- 1 root   nagios  50948 Aug 23  2016 BRIDGE-MIB.txt
-rw-r--r-- 1 root   nagios  68104 Aug 23  2016 DISMAN-EVENT-MIB.txt
-rw-r--r-- 1 root   nagios  24613 Aug 23  2016 DISMAN-SCHEDULE-MIB.txt
-rw-r--r-- 1 root   nagios  64311 Aug 23  2016 DISMAN-SCRIPT-MIB.txt
-rw-r--r-- 1 root   nagios  84492 Aug 23  2016 EtherLike-MIB.txt
-rw-r--r-- 1 root   nagios   4660 Aug 23  2016 HCNUM-TC.txt
-rw-r--r-- 1 root   nagios  52544 Aug 23  2016 HOST-RESOURCES-MIB.txt
-rw-r--r-- 1 root   nagios  10583 Aug 23  2016 HOST-RESOURCES-TYPES.txt
-rw-r--r-- 1 root   nagios   4819 Aug 23  2016 IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt
-rw-r--r-- 1 root   nagios  29665 Aug 23  2016 IANAifType-MIB.txt
-rw-r--r-- 1 root   nagios   4299 Aug 23  2016 IANA-LANGUAGE-MIB.txt
-rw-r--r-- 1 root   nagios   3513 Aug 23  2016 IANA-RTPROTO-MIB.txt
-rw-r--r-- 1 root   nagios   5066 Aug 23  2016 IF-INVERTED-STACK-MIB.txt
-rw-r--r-- 1 root   nagios  71691 Aug 23  2016 IF-MIB.txt
-rw-r--r-- 1 root   nagios  16782 Aug 23  2016 INET-ADDRESS-MIB.txt
-rw-r--r-- 1 root   nagios  46286 Aug 23  2016 IP-FORWARD-MIB.txt
-rw-r--r-- 1 root   nagios 185667 Aug 23  2016 IP-MIB.txt
-rw-r--r-- 1 root   nagios  15936 Aug 23  2016 IPV6-ICMP-MIB.txt
-rw-r--r-- 1 root   nagios  48703 Aug 23  2016 IPV6-MIB.txt
-rw-r--r-- 1 root   nagios   7257 Aug 23  2016 IPV6-TCP-MIB.txt
-rw-r--r-- 1 root   nagios   2367 Aug 23  2016 IPV6-TC.txt
-rw-r--r-- 1 root   nagios   4400 Aug 23  2016 IPV6-UDP-MIB.txt
-rw-r--r-- 1 root   nagios   5931 Aug 23  2016 LM-SENSORS-MIB.txt
-rw-r--r-- 1 root   nagios  42375 Aug 23  2016 MTA-MIB.txt
-rw-r--r-- 1 root   nagios  19760 Feb  7 01:03 NAGIOS-NOTIFY-MIB.txt
-rw-r--r-- 1 root   nagios   2093 Feb  7 01:03 NAGIOS-ROOT-MIB.txt
-rw-r--r-- 1 root   nagios  15901 Aug 23  2016 NET-SNMP-AGENT-MIB.txt
-rw-r--r-- 1 root   nagios   9160 Aug 23  2016 NET-SNMP-EXAMPLES-MIB.txt
-rw-r--r-- 1 root   nagios   9198 Aug 23  2016 NET-SNMP-EXTEND-MIB.txt
-rw-r--r-- 1 root   nagios   2036 Aug 23  2016 NET-SNMP-MIB.txt
-rw-r--r-- 1 root   nagios   3350 Aug 23  2016 NET-SNMP-PASS-MIB.txt
-rw-r--r-- 1 root   nagios   4686 Aug 23  2016 NET-SNMP-TC.txt
-rw-r--r-- 1 root   nagios   5039 Aug 23  2016 NET-SNMP-VACM-MIB.txt
-rw-r--r-- 1 root   nagios  21006 Aug 23  2016 NETWORK-SERVICES-MIB.txt
-rw-r--r-- 1 root   nagios  24694 Aug 23  2016 NOTIFICATION-LOG-MIB.txt
-rw-r--r-- 1 root   nagios   3067 Aug 23  2016 RFC1155-SMI.txt
-rw-r--r-- 1 root   nagios  79667 Aug 23  2016 RFC1213-MIB.txt
-rw-r--r-- 1 root   nagios   1174 Aug 23  2016 RFC-1215.txt
-rw-r--r-- 1 root   nagios 147822 Aug 23  2016 RMON-MIB.txt
-rw-r--r-- 1 root   nagios  45323 Aug 23  2016 SCTP-MIB.txt
-rw-r--r-- 1 root   nagios   4649 Aug 23  2016 SMUX-MIB.txt
-rw-r--r-- 1 root   nagios  15490 Aug 23  2016 SNMP-COMMUNITY-MIB.txt
-rw-r--r-- 1 root   nagios  22342 Aug 23  2016 SNMP-FRAMEWORK-MIB.txt
-rw-r--r-- 1 root   nagios   5496 Aug 23  2016 SNMP-MPD-MIB.txt
-rw-r--r-- 1 root   nagios  20014 Aug 23  2016 SNMP-NOTIFICATION-MIB.txt
-rw-r--r-- 1 root   nagios   9106 Aug 23  2016 SNMP-PROXY-MIB.txt
-rw-r--r-- 1 root   nagios  22769 Aug 23  2016 SNMP-TARGET-MIB.txt
-rw-r--r-- 1 root   nagios  39201 Aug 23  2016 SNMP-USER-BASED-SM-MIB.txt
-rw-r--r-- 1 root   nagios   2205 Aug 23  2016 SNMP-USM-AES-MIB.txt
-rw-r--r-- 1 root   nagios  21101 Aug 23  2016 SNMP-USM-DH-OBJECTS-MIB.txt
-rw-r--r-- 1 root   nagios   8263 Aug 23  2016 SNMPv2-CONF.txt
-rw-r--r-- 1 root   nagios  29305 Aug 23  2016 SNMPv2-MIB.txt
-rw-r--r-- 1 root   nagios   8924 Aug 23  2016 SNMPv2-SMI.txt
-rw-r--r-- 1 root   nagios  38034 Aug 23  2016 SNMPv2-TC.txt
-rw-r--r-- 1 root   nagios   5775 Aug 23  2016 SNMPv2-TM.txt
-rw-r--r-- 1 root   nagios  34162 Aug 23  2016 SNMP-VIEW-BASED-ACM-MIB.txt
-rw-rw-r-- 1 apache apache   6617 Feb 28 11:33 sophos-sav-mib
-rw-r--r-- 1 root   nagios  28564 Aug 23  2016 TCP-MIB.txt
-rw-r--r-- 1 root   nagios  16418 Aug 23  2016 TRANSPORT-ADDRESS-MIB.txt
-rw-r--r-- 1 root   nagios   2163 Aug 23  2016 UCD-DEMO-MIB.txt
-rw-r--r-- 1 root   nagios   4402 Aug 23  2016 UCD-DISKIO-MIB.txt
-rw-r--r-- 1 root   nagios   3010 Aug 23  2016 UCD-DLMOD-MIB.txt
-rw-r--r-- 1 root   nagios   8118 Aug 23  2016 UCD-IPFWACC-MIB.txt
-rw-r--r-- 1 root   nagios  46150 Aug 23  2016 UCD-SNMP-MIB.txt
-rw-r--r-- 1 root   nagios  20882 Aug 23  2016 UDP-MIB.txt

As mentioned, i added the mib with the nagiosxi gui. Not sure if the script will do an snmpttconvert or an addmib.
But something must went wrong, because shouldnt the mib be a txt in /usr/share/snmp/mibs/ ?

What i didnt mention in my initial post is, that i tested to send a trap from nagiosxi localhost. Here is the output.

Code: Select all

snmptrap -v 2c -c public localhost '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456

[root@localhost snmp]# tail /var/log/snmptt/snmpttunknown.log -n 20
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.8072.2.3.2.1=123456


Tue Feb 28 11:09:17 2017: Unknown trap (.1.3.6.1.4.1.8072.2.3.0.1) received from localhost at:
Value 0: localhost
Value 1: 127.0.0.1
Value 2: 5:0:31:00.06
Value 3: .1.3.6.1.4.1.8072.2.3.0.1
Value 4: 127.0.0.1
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.8072.2.3.2.1=123456

So the general system should work as i understanded it in the guideline document.
The snmpttunknown.log logs the traps where no mibs exists it said.

The snmptrapd.conf file should also be good regarding to the guide.

Code: Select all

[root@localhost snmptt]# tail /etc/snmp/snmptrapd.conf
disableAuthorization yes
traphandle default /usr/sbin/snmptthandler

One thing i do not understand is, that my trap should be in the snmptt.conf file the guide says. If not the trap will be logged in the snmpttunknown.log file when it hits nagiosxi server.
Guide says, i should monitor that traps are not logged to snmpttunknown.log - but how can i take the unknown trap and match it to my .conf file? There are only 5 entries in my conf...

("unconfigured objects" in nagiosxi gui is empty. i had a problem here at the beginning. for some circumstances, nagiosxi and snmp traps dont like a fqdn as hostname i think. it couldnt match my server to the incoming trap, so i altered the name to netbios name. Maybe a bug?)

I think there are one, two, three? things i dont get right.

Thanks for your help!

Tarrida · Post by **Tarrida** » Wed Mar 01, 2017 3:19 am

update:

i read about addmib and understand it. So i've done the following: (addmib)
But it seems that my mib is not compatible? *little bit confused now*

Code: Select all

[root@localhost /]# addmib /usr/share/snmp/mibs/sophos-sav-mib
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::virusTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::errorTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::infoTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::testTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::datcBlockedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::datcBlockOverriddenTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::datcBlockConfirmedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::datcReportTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcDeviceDisabledTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcDeviceDetectedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcWriteDetectedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcReadDetectedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcWriteBlockedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcReadBlockedTrap
- (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
DEFINITIONS (is a reserved word): At line 57 in /usr/share/snmp/mibs/sophos-sav-mib
BEGIN (is a reserved word): At line 59 in /usr/share/snmp/mibs/sophos-sav-mib
MODULE-IDENTITY (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
OBJECT-TYPE (is a reserved word): At line 60 in /usr/share/snmp/mibs/sophos-sav-mib
NOTIFICATION-TYPE (is a reserved word): At line 61 in /usr/share/snmp/mibs/sophos-sav-mib
Bad operator (DisplayString): At line 62 in /usr/share/snmp/mibs/sophos-sav-mib
Cannot find module (SOPHOS-SAV-MIB): At line 21 in
Unknown object identifier: SOPHOS-SAV-MIB::devcDeviceEnabledTrap
[root@localhost /]#

Tarrida · Post by **Tarrida** » Wed Mar 01, 2017 3:22 am

Sorry for 3 times answering myself...

But one thing i saw after addmib in conf file...

MIB: SOPHOS-SAV-MIB (file:/usr/share/snmp/mibs/sophos-sav-mib) converted on Wed Mar 1 09:16:46 2017 using snmpttconvertmib v1.3

This is exactly what we dont want to have if i get u right? The line says it was converted...

I attached the new one (conf file)

Thanks,

Tony

Tarrida · Post by **Tarrida** » Wed Mar 01, 2017 10:17 am

And the last one for today (working @ gmt+1)

I tested the environment with a hp provision based switch for user authentication failure.
This is what i get.
Another confusing stuff, but it shows me that the system works.

Code: Select all

Wed Mar  1 16:03:21 2017: Unknown trap (.1.3.6.1.4.1.11.2.3.7.11.87.0.2) received from 192.0.0.133 at:
Value 0: 192.0.0.133
Value 1: 192.0.0.133
Value 2: 442:2:05:29.61
Value 3: .1.3.6.1.4.1.11.2.3.7.11.87.0.2
Value 4: 192.0.0.133
Value 5: public
Value 6: .1.3.6.1.4.1.11.2.3.7.11.87
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.2.1.16.9.1.1.2.419=W 03/01/17 15:48:04 00419 auth: Invalid user name/password on WEB-UI session


Wed Mar  1 16:03:24 2017: Unknown trap (.1.3.6.1.4.1.11.2.3.7.11.87.0.2) received from 192.0.0.133 at:
Value 0: 192.0.0.133
Value 1: 192.0.0.133
Value 2: 442:2:05:33.03
Value 3: .1.3.6.1.4.1.11.2.3.7.11.87.0.2
Value 4: 192.0.0.133
Value 5: public
Value 6: .1.3.6.1.4.1.11.2.3.7.11.87
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.2.1.16.9.1.1.2.419=W 03/01/17 15:48:07 00419 auth: Invalid user name/password on WEB-UI session


Wed Mar  1 16:07:53 2017: Unknown trap (.1.3.6.1.4.1.11.2.3.7.11.87.0.2) received from 192.0.0.133 at:
Value 0: 192.0.0.133
Value 1: 192.0.0.133
Value 2: 442:2:10:02.21
Value 3: .1.3.6.1.4.1.11.2.3.7.11.87.0.2
Value 4: 192.0.0.133
Value 5: public
Value 6: .1.3.6.1.4.1.11.2.3.7.11.87
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.2.1.16.9.1.1.2.419=W 03/01/17 15:52:37 00419 auth: Invalid user name/password on WEB-UI session

I also was able to get some traps in my nagiosxi gui working, but they are only regarding interface up/down.
As i learned today, mibs are total hell! I found the hp procurve mib files (200 files...) and browsed through it to identify the right mib for userauthentication failed.

The best import an process message i got today was:
Total translations: 0
Successful translations: 0
MIB is added, but is does not contain any TRAP-TYPE definitions, so no traps were added, even though user input said there should be traps specified.

Yes, confusing stuff is confusing. I only wanted to add a warning for failed user logins.
But i think this must rely on poorly designed mibs.

So i just wanted to give feedback for you, that you can see a little bit more of what is working and what is not working.

Tanks,

Tony

Post by **tgriep** » Wed Mar 01, 2017 4:45 pm

Yes, getting good MIB files with TRAP definitions can be difficult is the manufacturer doesn't provide them.
I took a look at your sophos-sav-mib file and didn't find and TRAP-OBJECTS so when the file was added to the XI server, it did not add and entries to the snmptt.conf file.

If you do ever get a good MIB file, the first time the XI server receives a trap and the snmptt.conf file has the entry in it, you can login to the XI GUI and go to the Admin > Unconfigured Objects menu and see if the system received the trap.
Then click on the blue arrow to finish the configuration and then the system will receive those traps automatically from then on.

Tarrida · Post by **Tarrida** » Thu Mar 02, 2017 3:55 am

Hi tgriep,

thanks for your advice! After some input and a bunch of documents it seems that i am understanding it.
So there ist just one question open.
It is my inital question about "Tue Feb 28 09:39:33 2017 .1.3.6.1.6.3.1.1.5.5 Warning "Status Events" <mySophosServerName>- SNMP athentication failure"

My question is if there is any advice in wich direction i should have a look?
This is one thing i completly do not understand.

Feb 27 13:26:01 localhost snmptrapd[27891]: 2017-02-27 19:26:01 hersbruck3.hewa.local [192.0.0.244] (via UDP: [192.0.0.244]:58972->[192.0.0.60]) TRAP, SNMP v1, community public#012#011SNMPv2-SMI::enterprises.311.1.1.3.1.2 Authentication Failure Trap (0) Uptime: 7:41:51.41#012

- As i know only snmpv3 needs authentication.
- The only way to "authenticate" is by the community string in snmpv2.

i have exactly no idea

Tarrida · Post by **Tarrida** » Thu Mar 02, 2017 4:14 am

Another question opened up in my mind...
Where can i alter or add the community strings wich nagiosxi will accespt?
So as i readed that one possible issue could be the community string... i entered "public" in my sophos environment...
Where can i see if nagiosxi will accept "public"?

Tanks

Tony

Post by **tgriep** » Thu Mar 02, 2017 1:58 pm

If you want to setup authenication for receiving Traps, you would have to set that up in the snmptrapd daemon and the /etc/snmp/snmptrapd.conf file would have to be edited.
Take a look at this link for more details.
http://net-snmp.sourceforge.net/docs/ma ... .conf.html

Nagios Support Forum

SNMP Traps not working - SNMP authentication Failure

SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure

Re: SNMP Traps not working - SNMP authentication Failure