Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SNMPv3 on check_nwc_health

https://support.nagios.com/forum/viewtopic.php?t=62546

Page 1 of 1

SNMPv3 on check_nwc_health

Posted: Wed May 12, 2021 3:31 am
by huaming
Hi Support,

I used SNMPv3 feature on check_new_health, which is working on checkpoint/cisco. However, it's not working on a particular cisco 2960 device. I am wondering you can help on this.

Nagios command:
check_nwc_health --hostname *** --protocol 3 --username *** --authprotocol sha --privprotocol aes128 --privpassword *** --mode ***

I can get the correct result from other Cisco/checkpoint devices, only on one 2960 switch, I got below error
'UNKNOWN - got neither sysUptime nor sysDescr nor any other useful information, is this snmp agent working correctly'. but if I configured a snmp community on this switch, and use this command 'check_nwc_health --hostname *** --community *** --mode ***', I can get the correct result. I also used 'show snmp status' on that switch, and found the snmp agent is active.
Would you please provide some advices, Thanks

Re: SNMPv3 on check_nwc_health

Posted: Wed May 12, 2021 2:01 pm
by ssax
Does it work if you wrap the credentials in single quotes?

/usr/local/nagios/libexec/check_nwc_health --hostname *** --protocol 3 --username '***' --authprotocol sha --privprotocol aes128 --privpassword '***' --mode ***

What about with regular aes?

Code: Select all

/usr/local/nagios/libexec/check_nwc_health --hostname *** --protocol 3 --username '***' --authprotocol sha --privprotocol aes --privpassword '***' --mode ***
Does this work?
- Change snmpv3user, authPass, privPass, and set X.X.X.X to the IP of the remote device.

Code: Select all

snmpwalk -v3 -u snmpv3user -A 'authPass' -a SHA -X 'privPass' -x AES -l authPriv X.X.X.X system

Re: SNMPv3 on check_nwc_health

Posted: Wed May 12, 2021 7:35 pm
by huaming
Thanks for your help.

1. If i use 'AES' instead of 'AES128', the result is same
2. if i use snmpwalk v3, I got below error

'Error in packet'
'Reason: authorizationError (access denied to that object)'

Then, I tried snmpwalk v3 at another switch, I can get the snmp result. It looks like some mis-configuration at Switch end. I've crosschecked with both switch, no lucky. I tried to google it, and found this one, https://github.com/lausser/check_nwc_health/issues/236, But i don't know how to grant the permission.

Re: SNMPv3 on check_nwc_health

Posted: Thu May 13, 2021 2:14 pm
by ssax
If you're getting authorizationError (access denied to that object) from the base snmpwalk command then it's very likely either a misconfiguration or an issue with the switch's snmp functionality. It's almost like it can connect but trying to grab the OIDs it's trying to grab is not allowed. You should reach out to your switch vendor and ask them what options you have, it may just be a misconfiguration.

Re: SNMPv3 on check_nwc_health

Posted: Thu May 13, 2021 11:30 pm
by huaming
Noted with thanks, let me check with our vendor.

Re: SNMPv3 on check_nwc_health

Posted: Fri May 14, 2021 2:42 pm
by ssax
Sounds good, we'll keep an eye out for your update.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited