We'd like to modify the configuration via SNMPset command but unfortunately now the SNMPv3 was wrongly configured to Read-only. So, we can't add the cmd to cisco router now unless we are using console directly.
Any experts here could advise?
Also, May I ask the snmpset for v3 cmd is correct?
snmpset -v3 -l authPriv -u <SNMPv3 USER> -a MD5 -A <PASSWORD> <SWITCH_IP> .1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 integer 6
In the past, we could modify the config via SNMPv2.
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.2.222 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.3.222 = INTEGER: 1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.4.222 = INTEGER: 4
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.5.222 = IpAddress: 172.16.1.1
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.6.222 = STRING: "switch.config"
SNMPv2-SMI::enterprises.9.9.96.1.1.1.1.14.222 = INTEGER: 1
If the config error is not in the startup config, power cycle. Or use telnet/ssh/etc if that is available. Either way, you need legitimate access of course.
Related
I have started jboss EAP 6.4 server with following parameter:
JAVA_OPTS: -server -XX:+UseCompressedOops -verbose:gc -Xloggc:"/home/sshekhar/EAP-6.4.0/test02/standalone/log/gc.log"
-XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5
-XX:GCLogFileSize=3M -XX:-TraceClassUnloading -Djava.awt.headless=true -XX:MaxPermSize=512m
-XX:-UseGCOverheadLimit -Dcom.propFile=local_jboss -Dfile.encoding=UTF-8 -Dcom.sun.management.snmp.port=1610
-Dcom.sun.management.snmp.acl.file=/home/sshekhar/.snmp/mibs/snmp.acl
-Djboss.modules.system.pkgs=org.jboss.byteman,org.jboss.logmanager -Djava.awt.headless=true -Djava.util.logging.manager=org.jboss.logmanager.LogManager
-Xbootclasspath/p:/home/sshekhar/EAP-6.4.0/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-1.5.4.Final-redhat-1.jar
Server starts successfully.
I am running command: snmpwalk -c public -v 2c 127.0.0.1:1610
It gives
Error in packet.
Reason: authorizationError (access denied to that object)
File: /home/sshekhar/.snmp/mibs/snmp.acl has 700 access set to it.
I am new to SNMP and all I am looking forward is to configure JBoss 6.4 to use SNMP for monitoring.
Also, there is no data written in file: /home/sshekhar/.snmp/mibs/snmp.acl
Also, I created a user using
net-snmp-create-v3-user -ro -A password -X password -a MD5 -x DES myUser
Now, when I am trying to run the command snmpwalk -c public -v3 -u myUser -a MD5 -x DES -X password -A password localhost:1610
it gives me error saying snmpwalk: Unknown user name
snmpwalk -v1 -c public localhost:1610 gives no result
snmpwalk -v1 -c groupv3 localhost:1610 gives End of MIB
Can anyone please help me in understanding what might be the error and what should be my next steps to debug/resolve the issue?
I'm afraid I don't have an exact answer for you, but I can give you a little context about the SNMP versions-
SNMPv1 and SNMPv2c only use community string for authentication
An example SNMPv1 walk is as follows (community string is "public):
snmpwalk -v1 -c public 192.168.1.1
And an example SNMPv2c walk:
snmpwalk -v2c -c public 192.168.1.1
SNMPv3 has quite configurable authentication, using up to:
Security name (aka username)
Security level (noAuthNoPriv, authNoPriv, noAuthPriv, authPriv)
Auth protocol (e.g. SHA, AES)
Auth key (string)
Privacy protocol (e.g. MD5, DES)
Privacy key (string)
(optional) Context name
(optional Engine ID
As you can see, it can be quite complex- the "security level" is a setting that sometimes needs to be specified, it defines how much of the SNMPv3 security model you're using- if you're using an auth protocol and key and a privacy protocol and key, you'll need to use authPriv; if you're using none of those, you'll need to use noAuthNoPriv (just the security name).
An example SNMPv3 walk is as follows:
snmpwalk -v3 -u some_username -a SHA -A 'some_auth_key' -l authPriv -x AES -X 'some_privacy_key' 192.168.1.1
Basically, I'd recommend trying to setup SNMPv1 or SNMPv2c until you can get everything working nicely- I can't speak for JBoss, but on most networking devices this is simply a matter of picking an SNMP version (e.g. v2c) and specifying the read only community string (e.g. "public").
When/if you get to configuring SNMPv3, you might just have to be flexible with some of the different settings I find (again, in the context of network devices) that you won't find one setting that'll work on lots of different vendors of devices, you'll have to try some different auth protocols, different privacy protocols etc.
Best of luck!
I'm trying to convert snmp v1 traps to v3. I've followed this discussion but it's vague.
I've also looked here but without success.
To be more clear: I have a Centos 6 station, with net-snmp 5.5 on it. I need to generate v1 traps, receive them, convert them to v3, then forward them.
Regarding the first guide, this is what I managed so far:
Master:
snmpd -Lo --master=agentx --agentXSocket=tcp:192.168.58.64:42000 udp:1161
Listen:
snmpwalk -v3 -u snmpv3user -A snmpv3pass -a MD5 -l authnoPriv 192.168.58.64:1161
Later edit:
I have made some progress, I was able to run snmpd as master, connect snmptrapd as agent to it, then have v1 traps mechanism functional.
I did the following:
In order to get snmptrapd connected as a subagent to snmpd you need to do the following:
###1 EDIT /etc/hosts.allow and add
snmpd: $(your_ip)
smptrapd: $(your_ip)
this is important because snmptrapd fails silently if rejected
by tcp wrap.
###2 EDIT /etc/snmp/snmpd.conf and add at the bottom of the other
com2sec directives.
com2sec infwnet $(your_ip) YOUR-COMMUNITY
add these lines
group MyROGroup v1 infwnet
group MyROGroup v2c infwnet
group MyROGroup usm infwnet
under
"# Second, map the security names into group names:"
add this view at the bottom of the other views
view all included .1 80
add this group acces at the bottom of other group access directives
access MyROGroup "" any noauth exact all none none
add this line as well:
master agentx
###3 TEST it with this:
snmpwalk -v1 -c YOUR_COMMUNITY $(your_ip) .
###4 CREATE THE FOLLOWING TRAP TEST EXAMPLE:
touch /usr/share/snmp/mibs/UCD-TRAP-TEST-MIB.txt
###5 COPY PASTE THE TEXT BELOW INTO IT:
UCD-TRAP-TEST-MIB DEFINITIONS ::= BEGIN
IMPORTS ucdExperimental FROM UCD-SNMP-MIB;
demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 }
demoTrap TRAP-TYPE
ENTERPRISE demotraps
VARIABLES { sysLocation }
DESCRIPTION "An example of an SMIv1 trap"
::= 17
END
###6 EDIT /etc/sysconfig/snmptrapd (not /etc/default/snmptrapd !!)
replace OPTIONS with this:
OPTIONS="-Lsd -m ALL -M /usr/share/snmp/mibs -p /var/run/snmptrapd.pid"
###7 TEST IT WITH
snmptrap -v 1 -c public $(your_ip) UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "Just here"
Now I just need to find a way to convert them to v3 and read/receive them from a remote snmpd
I would like to send trap and specify clientaddress
As I search there is two ways:
edit /etc/snmp/snmp.conf and set: clientaddr [IP_OF_DEVICE]
specify IP as parameter: --clientAddr="[IP_OF_DEVICE]"
When i try to issue command:
snmptrap -v 3 -l noAuthNoPriv -u SomeUser -n "" AGENT_IP .1.3.6.1.4.1.161.5.2 .1.3.6.1.4.1.161.1.2.3.4 5
It gives an error
getaddrinfo(AGENT_IP, NULL, ...): Address family for hostname not supported
When I not specify clientadress it works as expected but it use IP of the machine where I issed a command as a client IP
To get rid of this I have to:
Define virtual interface for ip of device which you want to simulate
Specify protocol of agent ( by default when I set clientaddr in /etc/snmp/snmp.conf it looks like it tried to use IPv6 for agent )
snmptrap -v 3 -l noAuthNoPriv -u SomeUser -n "" udp:AGENT_IP ...
I am trying to send an snmp message with snmptrap from the commandline, and the manual isn't super clear.
I have managed to send the example message successfully (10.0.0.1 == where I'm sending the messages to)
snmptrap -v 1 -c private 10.0.0.1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "" 6 17 "" netSnmpExampleHeartbeatRate i 13546
But when I want to send a resynchronisation message such as:
snmptrap -v 1 -c private 10.0.0.1 HW-IMAPV1NORTHBOUND-TRAP-MIB::hwNmNorthboundEventSynchronizationCommandStart
I need to add a few more arguements. I've tried adding myip:myport:date:date or just myip:myport, but no success. I'm not too clear on what should be the following arguements. The man page:
snmptrap -v 1 [COMMON OPTIONS] [-Ci] enterprise-oid agent generic-trap specific-trap uptime [OID TYPE VALUE]
What should be the generic-trap, specific-trap etc?
From the MIB files:
: 1.3.6.1.4.1.2011.2.15.1.7.7.4
hwNmNorthboundEventSynchronizationCommandStart OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
Format to omit dst flag:- IP:port:start time:end time:timezone, will consider the dstflag to be 0
Does someone have a bit more experience than me with SNMP to understand what I need to put in the command line arguements?
thanks!
I don't know if I should delete this question, or leave it, but my problem was partly because somehow the mib file was no read, and I had to use the OID directly. Otherwise the "arguments" depends on the mib file, the 6 is always 6, the 17 on the otherhand should correspond to the last number in the oid of the mib..
I am trying to send an email from R, using the sendmailR package. The code below works fine when I run it on my PC, and I recieve the email. However, when I run it with my macbook pro, it fails with the following error:
library(sendmailR)
from <- sprintf("<sendmailR#%s>", Sys.info()[4])
to <- "<myemail#gmail.com>"
subject <- "TEST"
sendmail(from, to, subject, body,
control=list(smtpServer="ASPMX.L.GOOGLE.COM"))
Error in socketConnection(host = server, port = port, blocking = TRUE) :
cannot open the connection
In addition: Warning message:
In socketConnection(host = server, port = port, blocking = TRUE) :
ASPMX.L.GOOGLE.COM:25 cannot be opened
Any ideas as to why this would work on a PC, but not a mac? I turned the firewall off on both machines.
Are you able to send email via the command-line?
So, first of all, fire up a Terminal and then
$ echo “Test 123” | mail -s “Test” user#domain.com
Look into /var/log/mail.log, or better use
$ tail -f /var/log/mail.log
in a different window while you send your email. If you see something like
... setting up TLS connection to smtp.gmail.com[xxx.xx.xxx.xxx]:587
... Trusted TLS connection established to smtp.gmail.com[xxx.xx.xxx.xxx]:587:\
TLSv1 with cipher RC4-MD5 (128/128 bits)
then you succeeded. Otherwise, it means you have to configure you mailing system. I use postfix with Gmail for two years now, and I never had have problem with it. Basically, you need to grab the Equifax certificates, Equifax_Secure_CA.pem from here: http://www.geotrust.com/resources/root-certificates/. (They were using Thawtee certificates before but they changed last year.) Then, assuming you used Gmail,
Create relay_password in /etc/postfix and put a single line like this (with your correct login and password):
smtp.gmail.com login#gmail.com:password
then in a Terminal,
$ sudo postmap /etc/postfix/relay_password
to update Postfix lookup table.
Add the certificates in /etc/postfix/certs, or any folder you like, then
$ sudo c_rehash /etc/postfix/certs/
(i.e., rehash the certificates with Openssl).
Edit /etc/postfix/main.cf so that it includes the following lines (adjust the paths if needed):
relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
Finally, just reload the Postfix process, with e.g.
$ sudo postfix reload
(a combination of start/stop works too).
You can choose a different port for the SMTP, e.g. 465.
It’s still possible to use SASL without TLS (the above steps are basically the same), but in both case the main problem is that your login informations are available in a plan text file... Also, should you want to use your MobileMe account, just replace the Gmail SMTP server with smtp.me.com.