Menu

#1404 The NOTIFICATION-LOG-MIB in context "snmptrapd" can't be wal

closed
Robert Story
None
5
2012-11-08
2005-07-24
claus klein
No

Desciption:

An walk over the nlmLogTable is not possible.
Since NET-SNMP version: 5.2.X the snmptrapd registers
MIBs under the "snmptrapd" SNMPv3 context

The are no entries in the MIB when I try to read the
NOTIFICATION-LOG-MIB with
sh> /usr/bin/snmpwalk -v 3 -n snmptrapd localhost
usmUserTable
SNMP-USER-BASED-SM-MIB::usmUserTable = No more
variables left in this MIB View (It is past the end of the
MIBtree)

My test environment:

root@www:/var/log# ps ps ax | grep snmp
903 ? S 0:13 /usr/sbin/snmpd
-Dregister_mib,subtree,agentx/master,agent_registry -Lsd
-Lf /var/log/snmpd.log -p /var/run/snmpd.pid
-c /etc/snmp/snmpd.conf
907 ? Ss 0:00 /usr/sbin/snmptrapd
-Dagentx/subagent -Lsd -Lf /var/log/snmptrapd.log
-p /var/run/snmptrapd.pid -C -c /etc/snmp/snmptrapd.conf
root@www:/var/log#

root@www:/var/log# snmpd -v

NET-SNMP version: 5.2.1.2
Web: http://www.net-snmp.org/
Email: net-snmp-coders@lists.sourceforge.net

root@www:/var/log# /usr/bin/snmpwalk --version
NET-SNMP version: 5.2.1.2

root@www:/var/log# uname -a
Linux www.clausklein.homelinux.net 2.4.22-xfs #1 SMP Fr
Okt 3 20:36:25 CEST 2003 i686 GNU/Linux

root@www:/var/log# /usr/bin/snmpwalk -v 3 -n '' localhost
sysname
SNMPv2-MIB::sysName.0 = STRING:
www.clausklein.homelinux.net
root@www:/var/log#

NET-SNMP was configured by my:
---------------------------------------------------------
Net-SNMP configuration summary:
---------------------------------------------------------

SNMP Versions Supported: 1 2c 3
UCD-SNMP compatability: enabled
Net-SNMP Version: 5.2.1.2
Building for: linux
Network transport support: Callback Unix TCP UDP
SNMPv3 Security Modules: usm
Agent MIB code: mibII ucd_snmp snmpv3mibs
notification target agent_mibs agentx utilities host smux
ucd-snmp/dlmod tunnel disman/event-mib
SNMP Perl modules: disabled
Embedded perl support: disabled
Authentication support: MD5 SHA1
Encryption support: DES AES

---------------------------------------------------------

Discussion

  • claus klein

    claus klein - 2005-07-24

    detailed log of my tests

     
    test.log

  • claus klein

    claus klein - 2005-07-25

    Logged In: YES
    user_id=897181

    Additional notes:

    Both, the NOTIFICATION-LOG-MIB and the SNMP-USER-BASED-SM-MIB are handled by agentx subagent ( registered in condext "snmptrapd") as you can see:

    root@www:/var/log# /usr/bin/snmpwalk -v 2c localhost nsModuleModes | egrep -w 'NOTIFICATION-LOG-MIB|snmptrapd'
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][ccitt][0] = BITS: 80
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][iso][0] = BITS: 80
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][joint-iso-ccitt][0] = BITS: 80
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmLogTable][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmLogVariableTable][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserSpinLock][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmConfigGlobalEntryLimit.0][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmConfigGlobalAgeOut.0][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsLogged.0][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][NOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsBumped.0][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserSecurityName][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserCloneFrom][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserAuthProtocol][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserAuthKeyChange][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserOwnAuthKeyChange][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserPrivProtocol][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserOwnPrivKeyChange][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserPublic][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserStorageType][127] = BITS: E0
    NET-SNMP-AGENT-MIB::nsModuleModes["snmptrapd"][SNMP-USER-BASED-SM-MIB::usmUserStatus][127] = BITS: E0
    root@www:/var/log#

    and both can't be walk with or without context:

    protocol v2c:

    root@www:/var/log# /usr/bin/snmpwalk -v 2c localhost nlmLogTable
    NOTIFICATION-LOG-MIB::nlmLogTable = No Such Object available on this agent at this OID

    root@www:/var/log# /usr/bin/snmpwalk -v 2c localhost usmUserTable
    SNMP-USER-BASED-SM-MIB::usmUserSecurityName[".....1968603128"][STRING: initial] = STRING: initial
    SNMP-USER-BASED-SM-MIB::usmUserCloneFrom[".....1968603128"][STRING: initial] = OID: SNMPv2-SMI::zeroDotZero
    SNMP-USER-BASED-SM-MIB::usmUserAuthProtocol[".....1968603128"][STRING: initial] = OID: SNMP-USER-BASED-SM-MIB::usmHMACMD5AuthProtocol
    SNMP-USER-BASED-SM-MIB::usmUserAuthKeyChange[".....1968603128"][STRING: initial] = ""
    SNMP-USER-BASED-SM-MIB::usmUserOwnAuthKeyChange[".....1968603128"][STRING: initial] = ""
    SNMP-USER-BASED-SM-MIB::usmUserPrivProtocol[".....1968603128"][STRING: initial] = OID: SNMP-USER-BASED-SM-MIB::usmDESPrivProtocol
    SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange[".....1968603128"][STRING: initial] = ""
    SNMP-USER-BASED-SM-MIB::usmUserOwnPrivKeyChange[".....1968603128"][STRING: initial] = ""
    SNMP-USER-BASED-SM-MIB::usmUserPublic[".....1968603128"][STRING: initial] = ""
    SNMP-USER-BASED-SM-MIB::usmUserStorageType[".....1968603128"][STRING: initial] = INTEGER: nonVolatile(3)
    SNMP-USER-BASED-SM-MIB::usmUserStatus[".....1968603128"][STRING: initial] = INTEGER: active(1)
    root@www:/var/log#

    protocol v3:

    root@www:/var/log# /usr/bin/snmpwalk -v 3 -n snmptrapd localhost usmUserTable
    SNMP-USER-BASED-SM-MIB::usmUserTable = No more variables left in this MIB View (It is past the end of the MIBtree)
    root@www:/var/log# /usr/bin/snmpwalk -v 3 -n snmptrapd localhost nlmLogTable
    NOTIFICATION-LOG-MIB::nlmLogTable = No more variables left in this MIB View (It is past the end of the MIB tree)
    root@www:/var/log#

     

  • Robert Story

    Robert Story - 2005-08-17

    Logged In: YES
    user_id=76148

    I think this is an access control issue. How do you have you
    users configured? Do they have access to the snmptrapd context?

     

  • claus klein

    claus klein - 2005-08-17

    Logged In: YES
    user_id=897181

    Yes, it is an access control issue.
    The user have access to the snmptrapd context.
    But with snmpd -D... I found, that there is no way to grand
    access to this context 'snmptrapd'

    Can somebody give me a VACM configuration that solve my problem?

    claus

     

  • Robert Story

    Robert Story - 2005-08-18

    Logged In: YES
    user_id=76148

    It depends on how you are configuring your access control.
    If you are using rouser or rocommunity, you'll have to
    change to using the view/com2sec/group/access entries
    instead. The access token allows you to specify contexts.
    See the man page for details, and write the users list if
    you need more help.

     

Log in to post a comment.

MongoDB Logo MongoDB