Page 2 of 4
Re: Linux SNMP: Process name table No response from remote h
Posted: Thu Oct 03, 2013 8:49 am
by msbensonstk
Bump.
Still waiting for a reply on this.
Re: Linux SNMP: Process name table No response from remote h
Posted: Thu Oct 03, 2013 10:20 am
by lmiltchev
Just wanted to give you heads up. sreinhardt is working on your issue. We need a little bit more time to do some digging into this.
Re: Linux SNMP: Process name table No response from remote h
Posted: Fri Oct 04, 2013 8:48 am
by msbensonstk
Thanks. Please let me know when you have any progress on this (it's been a few months now). If you need any additional debugging info from us, also please let me know.
Re: Linux SNMP: Process name table No response from remote h
Posted: Fri Oct 04, 2013 10:35 am
by sreinhardt
I know I downloaded this at one point from your pm, however I cannot seem to find it now. Could you by chance send it again please. I also want to apologize for the delay, I didn't mean to leave you waiting!
Re: Linux SNMP: Process name table No response from remote h
Posted: Fri Oct 04, 2013 11:38 am
by msbensonstk
Just re-sent the file.
Re: Linux SNMP: Process name table No response from remote h
Posted: Fri Oct 04, 2013 1:04 pm
by sreinhardt
Looks like tcpdump wants to restrict the frame size captured. Try doing the following to unrestrict it:
Code: Select all
tcpdump -i eth0 -K -nn -s 0 -w /tmp/snmp.pcap portrange 161-162
Re: Linux SNMP: Process name table No response from remote h
Posted: Mon Oct 07, 2013 9:42 am
by msbensonstk
New pcap PM'd to you.
There is no -K flag in my version of tcpdump, so what I ended up using was:
tcpdump -i eth0 -nn -s 0 -w /tmp/snmp.pcap host <ipaddress> and portrange 161-162
I added the 'host' filter to help get rid of the noise from the rest of the SNMP checks running on the system.
Re: Linux SNMP: Process name table No response from remote h
Posted: Mon Oct 07, 2013 1:57 pm
by sreinhardt
well, now I'm sad. I neglected to realize that you were using aes and sha to do the snmp gets, which make the tcpdump useless. Is there any chance you have v2 enabled and can do the same get with that? The only thing I can see, is that there is communication between the two, but not if its an authentication issue, something with the plugin, or if the oid does not exist, etc.
Re: Linux SNMP: Process name table No response from remote h
Posted: Mon Oct 07, 2013 2:11 pm
by msbensonstk
We cannot use SNMP v2 in our environment due to security concerns. We have no systems setup to use it and it would not really be a test of the current issue as the current issue involves SNMP v3.
What else can we try to figure this out? The issue has forced us to put many checks into "do not alert" mode which is causing us to miss when real problems come up.
Re: Linux SNMP: Process name table No response from remote h
Posted: Mon Oct 07, 2013 2:45 pm
by sreinhardt
OK, so is this happening for more than one system? I was under the impression that you had this working on at least a few other systems. I can certainly understand where this is less than ideal at the moment. I took a look through the code, and it seems that it specifically sets des and md5, where you have sha and aes. It seems that it might be changing it later on, but I am not a perl expert, and its not written super logically in my opinion. You might try manually changing lines 65 and 66 to sha and aes respectively just to be sure its set correctly.