Problem with snmp v3

Ravil · Post by **Ravil** » Tue Feb 25, 2014 11:05 pm

Hello. I have a system CentOS 6.5. I need receive and write in snmptrap.log snmptrap v3 or snmpinform v3. At the same time I need receive snmptrap v1.
I created user for snmp v3:

Code: Select all

net-snmp-config --create-snmpv3-user -ro -a SHA -A password -x AES -X password myuser

Then i use next command:

Code: Select all

[root@localhost snmptt]# snmpwalk -v 3 -a SHA -A password -x AES -X password -l AuthPriv -u myuser 192.168.0.124 .1.3.6.1.2.1.1.3.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (115171) 0:19:11.71

I confidure file /etc/snmp/snmptrapd.conf

Code: Select all

authuser log,execute,net myuser
createUser myuser SHA password AES password
donotlogtraps no
logoption f /var/log/snmptrap.log

I use next command and receive mistake:

Code: Select all

snmpinform -v 3 -a SHA -A password -x AES -X password -l AuthPriv -u myuser 192.168.0.124 42 .1.3.6.1.2.1.1.3.0
No log handling enabled - turning on stderr logging
snmpinform: Timeout

When i use snmptrap, in logs snmptrap.log nothing is written:

Code: Select all

snmptrap -v 3 -a SHA -A password -x AES -X password -l AuthPriv -u myuser 192.168.0.124 42 .1.3.6.1.2.1.1.3.0

Help, please, fix this mistake. Is it possible, receive snmptrap v1 and snmtrap v3?

sreinhardt · Post by **sreinhardt** » Wed Feb 26, 2014 2:19 pm

OK so let's start from the beginning, what exactly are you attempting to achieve? The ability to recieve snmptraps of both v1 and v3? Is that all, I ask because you are doing snmp walks and creating snmpd users, which are not needed for traps as far as I know.

Ravil · Post by **Ravil** » Thu Feb 27, 2014 6:12 am

sreinhardt wrote:OK so let's start from the beginning, what exactly are you attempting to achieve? The ability to recieve snmptraps of both v1 and v3? Is that all, I ask because you are doing snmp walks and creating snmpd users, which are not needed for traps as far as I know.

I need ro receive traps from eqipment. Now I adjust nagios 3.5.1. I first want to try snmptrap v1, and then go on a snmptrap v3.
So far as i know, to receive snmptrap v3, i need create user snmp v3 on nagios server and on equipment. I done it and snmpwalk v3 completed successfully. But when snmptrap v3 come from equipment, i dont see them. I dont know, what setting need make in snmptrapd.conf to receive traps and write their in /etc/snmp/snmptrap.log

P.S. sorry for dirty english=) i'm from russia

sreinhardt · Post by **sreinhardt** » Thu Feb 27, 2014 11:11 am

No worries on the english, you sound just fine. That clears things up quite a bit on what you are looking to do. Presently do you have snmpv1 traps coming in and working properly or are we still having issues there?

Ravil · Post by **Ravil** » Fri Feb 28, 2014 1:20 am

sreinhardt wrote:No worries on the english, you sound just fine. That clears things up quite a bit on what you are looking to do. Presently do you have snmpv1 traps coming in and working properly or are we still having issues there?

SNMP v1 is working. I can see snmptrap v1, which come from equipment. Now i need receive snmptrap v3, but i can't configure it.

sreinhardt · Post by **sreinhardt** » Fri Feb 28, 2014 12:18 pm

OK, let me do some digging and testing. This isn't something we run into too often.

Ravil · Post by **Ravil** » Mon Mar 03, 2014 1:00 am

sreinhardt wrote:OK, let me do some digging and testing. This isn't something we run into too often.

So, what need I do?
This is my config snmptrapd.conf:

Code: Select all

[root@localhost snmptt]# cat /etc/snmp/snmptrapd.conf
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
# authCommunity   log,execute,net public
# traphandle SNMPv2-MIB::coldStart    /usr/bin/bin/my_great_script cold

logoption f /var/log/snmptrap.log

createUser public SHA "password" AES "password"
authUser log,execute,net public

traphandle default /usr/sbin/snmptthandler
authcommunity log,execute,net public
disableAuthorization no

Post by **lmiltchev** » Mon Mar 03, 2014 4:14 pm

I believe you will need to use the EngineID - read more on the topic here:

http://www.net-snmp.org/wiki/index.php/ ... ifications

Ravil · Post by **Ravil** » Mon Mar 03, 2014 10:30 pm

lmiltchev wrote:I believe you will need to use the EngineID - read more on the topic here:

http://www.net-snmp.org/wiki/index.php/ ... ifications

I was able to get snmptrap v3. But snmptt could not translate it in nagios.

Code: Select all

nano /var/log/snmp/snmptt/snmpttsystem.log

11-04-06 2014:03:04 SNMPTT v1.4 started
11-04-06 2014:03:04 Loading /etc/snmp/confs/immalert-x3650.conf
11-04-06 2014:03:04 Finished loading 565 lines from /etc/snmp/confs/immalert-x3650.conf
11-04-06 2014:03:04 Changing to UID: snmptt (502)
11-04-51 2014:03:04 MySQL error 1054: Unable to perform INSERT INTO (EXECUTE): Unknown column 'traptime' in 'field list'
11-05-06 2014:03:04 Total traps received=1,Total traps translated=0,Total traps ignored=0,Total unknown traps=1

I try use snmptt without mysql, but it's not work (i changed IP-addresses, users and passwords, i can't show their):

Code: Select all

nano /var/log/snmptt/snmptt.debug

Raw trap passed from snmptrapd:
1393902873
<UNKNOWN>
UDP: [192.168.0.2]:1027->[192.168.0.1]
.1.3.6.1.2.1.1.3.0 0:20:38:55.08
.1.3.6.1.6.3.1.1.4.1.0 .1.3.6.1.4.1.2.6.158.5.30
.1.3.6.1.4.1.2.6.158.5.1.1 "03:11:06 03/04/2014"
.1.3.6.1.4.1.2.6.158.5.1.3 "backupsvr"
.1.3.6.1.4.1.2.6.158.5.1.5 "5F1353EEBB9130FDB4BD1C7E98EA4B47"
.1.3.6.1.4.1.2.6.158.5.1.6 "KD43DZY"
.1.3.6.1.4.1.2.6.158.5.1.8 4
.1.3.6.1.4.1.2.6.158.5.1.9 "Remote Login Successful. Login ID: user from Web $
.1.3.6.1.4.1.2.6.158.5.1.10 14
.1.3.6.1.4.1.2.6.158.5.1.11 "IMM"
.1.3.6.1.4.1.2.6.158.5.1.12 "Andrey"
.1.3.6.1.4.1.2.6.158.5.1.13 "COD"

Items passed from snmptrapd:
value 0: 192.168.0.2

value 1: 192.168.0.2

value 2: .1.3.6.1.2.1.1.3.0

value 3: 0:20:38:55.08

value 4: .1.3.6.1.6.3.1.1.4.1.0

value 5: .1.3.6.1.4.1.2.6.158.5.30

value 6: .1.3.6.1.4.1.2.6.158.5.1.1

value 7: 03:11:06 03/04/2014

value 8: .1.3.6.1.4.1.2.6.158.5.1.3
value 9: backupsvr

value 10: .1.3.6.1.4.1.2.6.158.5.1.5

value 11: 5F1353EEBB9130FDB4BD1C7E98EA4B47

value 12: .1.3.6.1.4.1.2.6.158.5.1.6

value 13: KD43DZY

value 14: .1.3.6.1.4.1.2.6.158.5.1.8

value 15: 4

value 16: .1.3.6.1.4.1.2.6.158.5.1.9

value 17: Remote Login Successful. Login ID: user from Web at IP address  192.168.0.1

value 18: .1.3.6.1.4.1.2.6.158.5.1.10

value 19: 14

value 20: .1.3.6.1.4.1.2.6.158.5.1.11

value 21: IMM

value 21: IMM

value 22: .1.3.6.1.4.1.2.6.158.5.1.12

value 23: Andrey

value 24: .1.3.6.1.4.1.2.6.158.5.1.13

value 25: COD 

Agent IP address was blank, so setting to the same as the host IP address of 192.168.0.2

Agent IP address (192.168.0.2) is the same as the host IP, so copying the host name: 192.168.0.2

Trap received from 192.168.0.2: .1.3.6.1.4.1.2.6.158.5.30
0:              hostname
1:              ip address
2:              uptime
3:              trapname / OID
4:              ip address from trap agent
5:              trap community string
6:              enterprise
7:              securityEngineID        (snmptthandler-embedded required)
8:              securityName            (snmptthandler-embedded required)
9:              contextEngineID         (snmptthandler-embedded required)
10:             contextName             (snmptthandler-embedded required)
0+:             passed variables

Value 0: 192.168.0.2

Value 1: 192.168.0.2

Value 2: 0:20:38:55.08

Value 3: .1.3.6.1.4.1.2.6.158.5.30

Value 4: 192.168.0.2

Value 5:

Value 6:

Value 7:

Value 8:
Value 9:

Value 10:

Agent dns name: 192.168.0.2

Ent Value 0 ($1): .1.3.6.1.4.1.2.6.158.5.1.1=03:11:06 03/04/2014

Ent Value 1 ($2): .1.3.6.1.4.1.2.6.158.5.1.3=backupsvr

Ent Value 2 ($3): .1.3.6.1.4.1.2.6.158.5.1.5=5F1353EEBB9130FDB4BD1C7E98EA4B47

Ent Value 3 ($4): .1.3.6.1.4.1.2.6.158.5.1.6=KD43DZY

Ent Value 4 ($5): .1.3.6.1.4.1.2.6.158.5.1.8=4

Ent Value 5 ($6): .1.3.6.1.4.1.2.6.158.5.1.9=Remote Login Successful. Login ID:$

Ent Value 6 ($7): .1.3.6.1.4.1.2.6.158.5.1.10=14

Ent Value 7 ($8): .1.3.6.1.4.1.2.6.158.5.1.11=IMM

Ent Value 8 ($9): .1.3.6.1.4.1.2.6.158.5.1.12=Andrey

Ent Value 9 ($10): .1.3.6.1.4.1.2.6.158.5.1.13=COD 

Exact match of trap NOT found in EVENT hash table

Looking for wildcards in the EVENT hash table
Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.1.2.6.158.5.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.1.2.6.158.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.1.2.6.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.1.2.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.1.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.4.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.6.1.*
Drilling down looking for wildcards in the EVENT hash table
.1.3.6.*

Drilling down looking for wildcards in the EVENT hash table
.1.3.*

Drilling down looking for wildcards in the EVENT hash table
.1.*

Drilling down looking for wildcards in the EVENT hash table
.*



Trap not defined...

Sleeping for 5 seconds
Sleeping for 5 seconds

SNMPTT v1.4 shutdown: Tue Mar  4 11:14:43 2014

Total traps received:    1
Total traps translated:  0
Total traps ignored:     0
Total unknown traps:     1

Help, please. I have MIB for this equipment. snmptrap v1 was working with this MIB.

sreinhardt · Post by **sreinhardt** » Tue Mar 04, 2014 4:18 pm

v1, v2, and v3 are generally completely separate oids and mibs. Could you provide the mib you think should work with this please?

Nagios Support Forum

Problem with snmp v3

Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3

Re: Problem with snmp v3