Need support to monitor firewall devices

[rtsupport]

ok, there was firewall which was blocking connection have enabled the firewall rule and now able to do snmpwalk through terminal..

Code: Select all

-bash-4.1$ snmpwalk -v 3 -u ***** -l authPriv -a SHA -A 123456 -x AES -X 123456 11.11.11.11
SNMPv2-MIB::sysDescr.0 = STRING: Linux xrxwebfew01 4.9.75 #1 SMP PREEMPT Tue Jun 12 15:42:38 PDT 2018 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.25597.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2310098599) 267 days, 8:56:25.99

but now when i configure this device in nagios using configure wizar "SNMP Linux" getting unknown error/

Code: Select all

ERROR: No response from remote host '11.11.11.11' during discovery.

[scottwilkerson]

When you run the snmpwalk command, are you only getting those 3 lines as results?

If so, you need to adjust the SNMP directive in the snmpd.conf file on the remote server to allow access to all the resources

[rtsupport]

Nope, list is huge, i have gave you just for example.

Also, just to update you we have integrated mode_gearman in our environment so do we have enabled firewall rule for collector servers only not for PRD and DR.

i mean when i am running snmp walk from collector its giving me output but when i am running from PRD/DR its not.

Also i have noticed that when i am running below plugin on collector getting below error --

Code: Select all

./check_snmp_storage_wizard.pl
Can't locate Net/SNMP.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./check_snmp_storage_wizard.pl line 15.
BEGIN failed--compilation aborted at ./check_snmp_storage_wizard.pl line 15.

[scottwilkerson]

You will need to have enabled firewall rules from PRD/DR too so you can run the wizards

[rtsupport]

I have a question here -

If plugin is working fine on collector, we are able to do snmpwalk from same collector, able to connect the device using UDP.

nc -v -z -u 11.11.11.11 161
Connection to 11.11.11.11 161 port [udp/snmp] succeeded!

then why PRD/DR IP need to enable to connect with device, as this is collector responsibility to send the data to PRD?

[scottwilkerson]

then why PRD/DR IP need to enable to connect with device, as this is collector responsibility to send the data to PRD?

Because when you run the wizard, the wizard reaches out to the host/device to see what is available to monitor on it.

If you aren't going to run the wizard and setup the checks manually in the CCM, then the access wouldn't be required.

[rtsupport]

Could you please share something which will help us to setup things manually using CCM

[scottwilkerson]

Could you please share something which will help us to setup things manually using CCM

What SNMP OID do you want to monitor? (This is what the wizard helps you decipher)

[rtsupport]

while doing snmp we are not getting result and to identify connection we are trying below commands to validate which shows connection filtered

Code: Select all

bash-4.1# nmap 11.11.11.11 -sU -p161

Starting Nmap 6.47 ( http://nmap.org ) at 2019-05-20 10:55 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.15 seconds
You have new mail in /var/mail/root
bash-4.1#
bash-4.1# nmap 11.11.11.11 -Pn -p161

Starting Nmap 6.47 ( http://nmap.org ) at 2019-05-20 10:55 EDT
Nmap scan report for uuuuuuuuuu.epn.uswestgw.xxxxx.com (11.11.11.11)
Host is up (0.0012s latency).
PORT    STATE    SERVICE
161/tcp filtered snmp

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds 

and our network team is asking to check connectivity referring below command which saying connection established.

Code: Select all

nc -z -v -u 11.11.11.11 161
Connection to 11.11.11.11 161 port [udp/snmp] succeeded!

can you guide us right way to verify .. if snmp udp port 161 is enabled or not?

[scottwilkerson]

Really this would be your best test

Code: Select all

snmpwalk -v 3 -u ***** -l authPriv -a SHA -A 123456 -x AES -X 123456 11.11.11.11