Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SNMP Password limitation

https://support.nagios.com/forum/viewtopic.php?t=31408

Page 2 of 5

Re: SNMP Password limitation

Posted: Thu Feb 12, 2015 7:00 pm
by JohnFLi
well...

Got them to change the password, and replaced the ( with a -

I removed all the items out of XI, and re-ran the wizard.

For the port status, I am getting.

Code: Select all

Usage /usr/local/nagios/libexec/check_ifoperstatnag:
Check_ifoperstatus requires that the first argument be the interface index that this interface can be found at under the remote devices snmp tree.
This should always be a positive integer, or zero.
All options beyond the first, are arguments that must follow the snmpget command line parameters.
The settings are the same as before, just a different password now.

would any of these characters be the issue:

Code: Select all

k%pLZ-J

Re: SNMP Password limitation

Posted: Thu Feb 12, 2015 7:55 pm
by Box293
What happens if you try from the CLI?

I have a feeling the length needs to be 8, yours is 7.

Length: 7

Code: Select all

./check_ifoperstatnag 16797696 -v3 -u sanswitchmonitor.svc -A k%pLZ-J -a MD5 -l authNoPriv 10.25.5.15
No log handling enabled - turning on stderr logging
Error: passphrase chosen is below the length requirements of the USM (min=8).
snmpwalk:  (The supplied password length is too short.)
Error generating a key (Ku) from the supplied authentication pass phrase. 
No log handling enabled - turning on stderr logging
Error: passphrase chosen is below the length requirements of the USM (min=8).
snmpget:  (The supplied password length is too short.)
Error generating a key (Ku) from the supplied authentication pass phrase. 
UNKNOWN - No info is being retrieved.
Length: 8

Code: Select all

./check_ifoperstatnag 16797696 -v3 -u sanswitchmonitor.svc -A k%pLZ-Ja -a MD5 -l authNoPriv 10.25.5.15
No log handling enabled - turning on stderr logging
snmpwalk: Timeout (Sub-id not found: (top) -> ifOperStatus)
No log handling enabled - turning on stderr logging
snmpget: Timeout (Sub-id not found: (top) -> ifDescr)
UNKNOWN - No info is being retrieved.

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 11:05 am
by JohnFLi
I dont understand what you mean a length of 8??


From the cli

Code: Select all

./check_ifoperstatnag 16801792 -v3 -u sanswitchmonitor.svc -A k%pLk304UZ-J -a MD5 -l authNoPriv -H dc-n5k-s2
Usage ./check_ifoperstatnag: <interface index> <snmpget options>
  Check_ifoperstatus requires that the first argument be the interface index that this interface can be found at under the remote devices snmp tree.
  This should always be a positive integer, or zero.
  All options beyond the first, are arguments that must follow the snmpget command line parameters.
[root@G1VPNAG03 libexec]#

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 1:13 pm
by lmiltchev
I dont understand what you mean a length of 8??
The passphrase must be at least 8 character in length. Check this out:
http://www.net-snmp.org/tutorial/tutori ... nmpv3.html
The "k%pLZ-J" passphrase is 7 characters long.

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 1:34 pm
by JohnFLi
The passphrase is 12 in length.

I was just shortening the password for posting

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 2:54 pm
by scottwilkerson
2 more things, canyou attempt quoting the password and run from the CLI

Code: Select all

./check_ifoperstatnag 16801792 -v3 -u sanswitchmonitor.svc -A "k%pLk304UZ-J" -a MD5 -l authNoPriv -H dc-n5k-s2
Also, can you verify what version of the Switch/Router Wizard you are running from Admin -> Manage Config Wizards

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 2:56 pm
by tgriep
Could you run the following command and post back the walk.txt file?

Code: Select all

snmpwalk dc-n5k-s2 -v3 -u sanswitchmonitor.svc -A k%pLk304UZ-J -a MD5 -l authNoPriv >walk.txt
Which interface are you trying to monitor?

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 4:10 pm
by JohnFLi
Scott------- Network Switch/Router version 2.15

Code: Select all

[root@G1VPNAG03 libexec]# ./check_ifoperstatnag 16801792 -v3 -u sanswitchmonitor.svc -A "k%pLk304UZ-J" -a MD5 -l authNoPriv -H dc-n5k-s2
Usage ./check_ifoperstatnag: <interface index> <snmpget options>
  Check_ifoperstatus requires that the first argument be the interface index that this interface can be found at under the remote devices snmp tree.
  This should always be a positive integer, or zero.
  All options beyond the first, are arguments that must follow the snmpget command line parameters.

TGRIEP ---------

see attached file

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 4:38 pm
by JohnFLi
I just ran across http://support.nagios.com/forum/viewtop ... 16&t=30816

when it said to open the check_ifoperstatusnag file
and change

Code: Select all

if test -z "$1" || ! [[ "$1" =~ '^[0-9]+$' ]]; then

to 

if test -z "$1" || ! [[ "$1" =~ ^[0-9]+$ ]]; then
now I get

Code: Select all

[root@G1VPNAG03 libexec]# ./check_ifoperstatnag 16801792 -v3 -u sanswitchmonitor.svc -A "k%pLk304UZ-J" -a MD5 -l authNoPriv -H dc-n5k-s2
Configuration directives understood:
No log handling enabled - turning on stderr logging
  In snmp.conf and snmp.local.conf:
    alias                    NAME TRANSPORT_DEFINITION
    doDebugging              (1|0)
    debugTokens              token[,token...]
    logTimestamp             (1|yes|true|0|no|false)
    mibdirs                  [mib-dirs|+mib-dirs|-mib-dirs]
    mibs                     [mib-tokens|+mib-tokens]
    mibfile                  mibfile-to-read
    showMibErrors            (1|yes|true|0|no|false)
    commentToEOL             (1|yes|true|0|no|false)
    strictCommentTerm        (1|yes|true|0|no|false)
    mibAllowUnderline        (1|yes|true|0|no|false)
    mibWarningLevel          integerValue
    mibReplaceWithLatest     (1|yes|true|0|no|false)
    printNumericEnums        (1|yes|true|0|no|false)
    printNumericOids         (1|yes|true|0|no|false)
    escapeQuotes             (1|yes|true|0|no|false)
    dontBreakdownOids        (1|yes|true|0|no|false)
    quickPrinting            (1|yes|true|0|no|false)
    numericTimeticks         (1|yes|true|0|no|false)
    oidOutputFormat          integerValue
    suffixPrinting           integerValue
    extendedIndex            (1|yes|true|0|no|false)
    printHexText             (1|yes|true|0|no|false)
    printValueOnly           (1|yes|true|0|no|false)
    dontPrintUnits           (1|yes|true|0|no|false)
    hexOutputLength          integerValue
    dumpPacket               (1|yes|true|0|no|false)
    reverseEncodeBER         (1|yes|true|0|no|false)
    defaultPort              integerValue
    defCommunity             string
    noTokenWarnings          (1|yes|true|0|no|false)
    noRangeCheck             (1|yes|true|0|no|false)
    persistentDir            string
    tempFilePattern          string
    noDisplayHint            (1|yes|true|0|no|false)
    16bitIDs                 (1|yes|true|0|no|false)
    clientaddr               string
    clientaddrUsesPort       (1|yes|true|0|no|false)
    serverSendBuf            integerValue
    serverRecvBuf            integerValue
    clientSendBuf            integerValue
    clientRecvBuf            integerValue
    noPersistentLoad         (1|yes|true|0|no|false)
    noPersistentSave         (1|yes|true|0|no|false)
    noContextEngineIDDiscovery (1|yes|true|0|no|false)
    defDomain                application domain
    defTarget                application domain target
    defSecurityModel         string
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defAuthMasterKey         string
    defPrivMasterKey         string
    defAuthLocalizedKey      string
    defPrivLocalizedKey      string
    defVersion               1|2c|3
    defAuthType              MD5|SHA
    defPrivType              DES|AES
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv
  In snmpapp.conf and snmpapp.local.conf:
    defDomain                application domain
    defTarget                application domain target
    engineID                 string
    engineIDType             num
    engineIDNic              string
Configuration directives understood:
No log handling enabled - turning on stderr logging
  In snmp.conf and snmp.local.conf:
    alias                    NAME TRANSPORT_DEFINITION
    doDebugging              (1|0)
    debugTokens              token[,token...]
    logTimestamp             (1|yes|true|0|no|false)
    mibdirs                  [mib-dirs|+mib-dirs|-mib-dirs]
    mibs                     [mib-tokens|+mib-tokens]
    mibfile                  mibfile-to-read
    showMibErrors            (1|yes|true|0|no|false)
    commentToEOL             (1|yes|true|0|no|false)
    strictCommentTerm        (1|yes|true|0|no|false)
    mibAllowUnderline        (1|yes|true|0|no|false)
    mibWarningLevel          integerValue
    mibReplaceWithLatest     (1|yes|true|0|no|false)
    printNumericEnums        (1|yes|true|0|no|false)
    printNumericOids         (1|yes|true|0|no|false)
    escapeQuotes             (1|yes|true|0|no|false)
    dontBreakdownOids        (1|yes|true|0|no|false)
    quickPrinting            (1|yes|true|0|no|false)
    numericTimeticks         (1|yes|true|0|no|false)
    oidOutputFormat          integerValue
    suffixPrinting           integerValue
    extendedIndex            (1|yes|true|0|no|false)
    printHexText             (1|yes|true|0|no|false)
    printValueOnly           (1|yes|true|0|no|false)
    dontPrintUnits           (1|yes|true|0|no|false)
    hexOutputLength          integerValue
    dumpPacket               (1|yes|true|0|no|false)
    reverseEncodeBER         (1|yes|true|0|no|false)
    defaultPort              integerValue
    defCommunity             string
    noTokenWarnings          (1|yes|true|0|no|false)
    noRangeCheck             (1|yes|true|0|no|false)
    persistentDir            string
    tempFilePattern          string
    noDisplayHint            (1|yes|true|0|no|false)
    16bitIDs                 (1|yes|true|0|no|false)
    clientaddr               string
    clientaddrUsesPort       (1|yes|true|0|no|false)
    serverSendBuf            integerValue
    serverRecvBuf            integerValue
    clientSendBuf            integerValue
    clientRecvBuf            integerValue
    noPersistentLoad         (1|yes|true|0|no|false)
    noPersistentSave         (1|yes|true|0|no|false)
    noContextEngineIDDiscovery (1|yes|true|0|no|false)
    defDomain                application domain
    defTarget                application domain target
    defSecurityModel         string
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defAuthMasterKey         string
    defPrivMasterKey         string
    defAuthLocalizedKey      string
    defPrivLocalizedKey      string
    defVersion               1|2c|3
    defAuthType              MD5|SHA
    defPrivType              DES|AES
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv
  In snmpapp.conf and snmpapp.local.conf:
    defDomain                application domain
    defTarget                application domain target
    engineID                 string
    engineIDType             num
    engineIDNic              string
./check_ifoperstatnag: line 40: [: -eq: unary operator expected
Configuration directives understood:
No log handling enabled - turning on stderr logging
  In snmp.conf and snmp.local.conf:
    alias                    NAME TRANSPORT_DEFINITION
    doDebugging              (1|0)
    debugTokens              token[,token...]
    logTimestamp             (1|yes|true|0|no|false)
    mibdirs                  [mib-dirs|+mib-dirs|-mib-dirs]
    mibs                     [mib-tokens|+mib-tokens]
    mibfile                  mibfile-to-read
    showMibErrors            (1|yes|true|0|no|false)
    commentToEOL             (1|yes|true|0|no|false)
    strictCommentTerm        (1|yes|true|0|no|false)
    mibAllowUnderline        (1|yes|true|0|no|false)
    mibWarningLevel          integerValue
    mibReplaceWithLatest     (1|yes|true|0|no|false)
    printNumericEnums        (1|yes|true|0|no|false)
    printNumericOids         (1|yes|true|0|no|false)
    escapeQuotes             (1|yes|true|0|no|false)
    dontBreakdownOids        (1|yes|true|0|no|false)
    quickPrinting            (1|yes|true|0|no|false)
    numericTimeticks         (1|yes|true|0|no|false)
    oidOutputFormat          integerValue
    suffixPrinting           integerValue
    extendedIndex            (1|yes|true|0|no|false)
    printHexText             (1|yes|true|0|no|false)
    printValueOnly           (1|yes|true|0|no|false)
    dontPrintUnits           (1|yes|true|0|no|false)
    hexOutputLength          integerValue
    dumpPacket               (1|yes|true|0|no|false)
    reverseEncodeBER         (1|yes|true|0|no|false)
    defaultPort              integerValue
    defCommunity             string
    noTokenWarnings          (1|yes|true|0|no|false)
    noRangeCheck             (1|yes|true|0|no|false)
    persistentDir            string
    tempFilePattern          string
    noDisplayHint            (1|yes|true|0|no|false)
    16bitIDs                 (1|yes|true|0|no|false)
    clientaddr               string
    clientaddrUsesPort       (1|yes|true|0|no|false)
    serverSendBuf            integerValue
    serverRecvBuf            integerValue
    clientSendBuf            integerValue
    clientRecvBuf            integerValue
    noPersistentLoad         (1|yes|true|0|no|false)
    noPersistentSave         (1|yes|true|0|no|false)
    noContextEngineIDDiscovery (1|yes|true|0|no|false)
    defDomain                application domain
    defTarget                application domain target
    defSecurityModel         string
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defAuthMasterKey         string
    defPrivMasterKey         string
    defAuthLocalizedKey      string
    defPrivLocalizedKey      string
    defVersion               1|2c|3
    defAuthType              MD5|SHA
    defPrivType              DES|AES
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv
  In snmpapp.conf and snmpapp.local.conf:
    defDomain                application domain
    defTarget                application domain target
    engineID                 string
    engineIDType             num
    engineIDNic              string
UNKNOWN - No info is being retrieved.

Re: SNMP Password limitation

Posted: Fri Feb 13, 2015 5:03 pm
by JohnFLi
So now that I am not getting an error....

For Bandwidth on the ports, it all shows ZEROS
All times are UTC-05:00
Page 2 of 5

Powered by phpBB® Forum Software © phpBB Limited