Ad Widget

**richlv** · 05-10-2016, 00:14

your snmptrapd.conf contents seem to be a bit strange.

these two lines have the same community :

Code:

authCommunity log,execute,net trafficview
authCommunity execute trafficview

this puts snmptrapd logs in snmptt logfile :

Code:

logoption f /var/log/snmptt/snmptt-received.log

they are probably not the cause of the issue, though. i'd suggest enabling debug logging in snmptrapd and checking what happens with that specific trap.

**batchenr** · 05-10-2016, 09:21

ok so i changed it -

# you can set multiple community names:
# authCommunity execute public
authCommunity log,execute,net public
# authCommunity execute S7di@kjh8
authCommunity log,execute,net trafficview
logoption f /var/log/snmptrapd.log
disableAuthorization yes
#traphandle default snmptt
printeventnumbers 1
ignoreauthfailure no
perl do "/usr/bin/zabbix_trap_receiver.pl";

stil no change when i send a test trap i can see it only in the wireshark but not in /var/log/snmptrapd.log

more ideas ?

**richlv** · 05-10-2016, 09:38

did you try snmptrapd debug logging ?

**batchenr** · 05-10-2016, 09:39

how do i do that ?

**richlv** · 05-10-2016, 09:41

see "man snmptrapd", specifically -Lf, -d and -D flags

**batchenr** · 05-10-2016, 10:31

well did this :

snmptrapd -D -d -Lf /var/log/snmptrap/snmptrap.log

i dont see any debug or the test traps
only befor i can see a lot of output like this :

trace: netsnmp_udp_parse_security(): snmpUDPDomain.c, 1148:
netsnmp_udp_parse_security: <"trafficview", 0x00000000/0x00000000> => "comm2"
trace: vacm_gen_com2sec(): mibgroup/mibII/vacm_conf.c, 742:
com2sec: passing: group grpcomm2 v1 comm2
trace: vacm_gen_com2sec(): mibgroup/mibII/vacm_conf.c, 750:
com2sec: passing: group grpcomm2 v2c comm2
trace: vacm_create_simple(): mibgroup/mibII/vacm_conf.c, 960:
authCommunity: passing: com2secunix comm2 default 'trafficview'
trace: netsnmp_unix_parse_security(): snmpUnixDomain.c, 646:
netsnmp_unix_parse_security: <"trafficview"> => "comm2"
trace: vacm_gen_com2sec(): mibgroup/mibII/vacm_conf.c, 729:
com2sec6: passing: com2sec6 comm2 default 'trafficview'
trace: vacm_gen_com2sec(): mibgroup/mibII/vacm_conf.c, 742:
com2sec6: passing: group grpcomm2 v1 comm2
trace: vacm_gen_com2sec(): mibgroup/mibII/vacm_conf.c, 750:
com2sec6: passing: group grpcomm2 v2c comm2
trace: vacm_create_simple(): mibgroup/mibII/vacm_conf.c, 1048:
authCommunity: checking view levels for 38
trace: vacm_create_simple(): mibgroup/mibII/vacm_conf.c, 1059:
authCommunity: passing: setaccess grpcomm2 "" any noauth prefix log _all_
trace: vacm_parse_setaccess(): mibgroup/mibII/vacm_conf.c, 536:
vacm:conf:setaccess: no existing access found; creating a new one
trace: vacm_create_simple(): mibgroup/mibII/vacm_conf.c, 1059:
authCommunity: passing: setaccess grpcomm2 "" any noauth prefix execute _all_
trace: vacm_parse_setaccess(): mibgroup/mibII/vacm_conf.c, 539:
vacm:conf:setaccess: existing access found, using it
trace: vacm_create_simple(): mibgroup/mibII/vacm_conf.c, 1059:
authCommunity: passing: setaccess grpcomm2 "" any noauth prefix net _all_
trace: vacm_parse_setaccess(): mibgroup/mibII/vacm_conf.c, 539:
vacm:conf:setaccess: existing access found, using it
trace: read_config_new(): read_config.c, 815:
9:read_config:line: /etc/snmp/snmptrapd.conf:13 examining: logoption f /var/log/snmptrapd.log

**richlv** · 11-10-2016, 14:27

was the device sending any traps during that time ?
if yes, it seems like even the snmptrapd daemon isn't getting them.

**batchenr** · 13-10-2016, 08:15

Originally posted by richlv

was the device sending any traps during that time ?
if yes, it seems like even the snmptrapd daemon isn't getting them.

if i start wireshark then i see the EMC sending me the trap but for some reason
i dont see it in the snmptrap logs

any ideas?

**richlv** · 13-10-2016, 14:19

see the noauth examples here http://net-snmp.sourceforge.net/wiki..._notifications - does that help ?

**batchenr** · 13-10-2016, 14:46

Originally posted by richlv

see the noauth examples here http://net-snmp.sourceforge.net/wiki..._notifications - does that help ?

i add noauth to the snmptrapd.conf

still nothing

tshark is capturing all

6.188631404 192.168.11.199 -> 192.168.220.199 SNMP 350 snmpV2-trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0 1.3.6.1.4.1.1139.18.1.18.1.1 1.3.6.1.4.1.1139.18.1.18.1.2 1.3.6.1.4.1.1139.18.1.18.1.3 1.3.6.1.4.1.1139.18.1.18.1.4

21.279819073 192.168.11.199 -> 192.168.220.199 SNMP 350 snmpV2-trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0 1.3.6.1.4.1.1139.18.1.18.1.1 1.3.6.1.4.1.1139.18.1.18.1.2 1.3.6.1.4.1.1139.18.1.18.1.3 1.3.6.1.4.1.1139.18.1.18.1.4

but nothing on the logs.

**batchenr** · 13-10-2016, 14:59

Originally posted by batchenr

i add noauth to the snmptrapd.conf

still nothing

tshark is capturing all

but nothing on the logs.

ok i see some change
i add this line :

authUser log,execute,net trafficview noauth

and i can see in the tshark :

192.168.11.199 -> 192.168.220.199 SNMP 350 snmpV2-trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0 1.3.6.1.4.1.1139.18.1.18.1.1 1.3.6.1.4.1.1139.18.1.18.1.2 1.3.6.1.4.1.1139.18.1.18.1.3 1.3.6.1.4.1.1139.18.1.18.1.4

192.168.220.199 -> 192.168.11.199 SNMP 106 get-request

i never has the 192.168.220.199 -> 192.168.11.199 SNMP 106 get-request

but still nothing on the logs

**richlv** · 13-10-2016, 21:13

which port are the packets arriving on ?
i'm out of quick ideas. one way to continue would be comparing the trap packets sent by other hosts and this one.
another - setting up a temporary interface, running another snmptrapd there at debug level and thus making sure that the debug log only has the information, related to your problematic host.

**batchenr** · 18-10-2016, 08:54

Originally posted by richlv

which port are the packets arriving on ?
i'm out of quick ideas. one way to continue would be comparing the trap packets sent by other hosts and this one.
another - setting up a temporary interface, running another snmptrapd there at debug level and thus making sure that the debug log only has the information, related to your problematic host.

port 162
i will try to check and update here.

Ad Widget

EMC Snmp issue

EMC Snmp issue

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment