NET-SNMP: custom disman monitor not sending trap - snmp

I configured in the snmpd.conf file the "extend" function to monitor a custom script.
extend shelltest /bin/sh /tmp/snmptest.sh
Then I checked the MIB for this if this "extend" function is working or not. I am able to see all Mibs for this.
snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.8072.1.3.2
If the output of my custom script returns a failed state then the following OID returns other valued then 0.
NET-SNMP-EXTEND-MIB::nsExtendResult."shelltest" = INTEGER: 3
The disman monitors looks like this:
monitor -r 30 -u internal -o ErrorMsg "False" nsExtendResult."shelltest" != 0
So from my point of view if the nsExtendResult."shelltest" return other values then 0 a trap should be triggered.
I tried several options for the monitor function but it was never working. The default monitors for example disk monitor or file monitors are working well.

Related

snmpd.conf clientaddr not working for sending trap /inform with given IP source address

Given the following sample/simple snmpd.conf (Net-SNMP 5.7.2 on RHEL 7.4)
rwcommunity private 192.168.56.101
trapsess -Ci --clientaddr=192.168.56.128 -v 2c -c private 192.168.56.101:162
when starting a SNMP Daemon
snmpd -f -Lo -D -C -c data/snmpd_test.conf udp:192.168.56.128:161
We obtain ''Start Up'' InformRequest with IP source 192.56.168.1 instead of ...128 (WireShark snapshot below)
It is not surprising as the -D option allows us to output the debug information saying that
trace: netsnmp_config_process_memory_list(): read_config.c, 696:
read_config:mem: processing memory: clientaddr 192.168.56.128
trace: run_config_handler(): read_config.c, 562:
9:read_config:parser: clientaddr handler not registered for this time
Web sources however say:
snmp.conf
...This value is also used by snmpd when generating notifications.
snmpd.conf
trapsess [SNMPCMD_ARGS] HOST
provides a more generic mechanism for defining notification destinations.
SNMPCMD_ARGS should be the command-line options required for an equivalent
snmptrap (or snmpinform) command to send the desired notification
I read also some old threads like this one
However this option is working well with snmptrap
snmptrap -D -Lo -Ci --clientaddr=192.168.56.128 -M+path_to_my_mibs -v 2c -c private 192.168.56.101:162 "" .1.3.6.1.4.1.a.b.c.d.e.f.0 i 0
This option is also working when placed in snmp.conf ( mind there is no 'd' here ) and then it applies to snmpset and snmpget (and maybe other)
So my question is: Is it a documentation error, a bug, a misuse of the Net-SNMP stack ?
After a long struggle I may have an answer and I write a short note as I just found a trick
It seems that clientaddr is not parsed correctly wherever in the snmpd.conf
(I tried not also inside the trapsess line)
But it seems to be a valid option in the command line of snmpd
like it was a valid option in the snmptrap command line. So I assumed it could be the same parsing mechanism for both.
a condition also is that the IP addres must be valid one
which means that
snmpd -f -Lo -D -C -c data/snmpd_test.conf --clientaddr=192.168.56.128 udp:192.168.56.128:161
seems to fully solve my problem.
I will perform more tests and if accurate format this answer a little bit better but it seems a good hint.

Enabling MIB file with Net-SNMP

I'm using Net-SNMP 5.5.0-2.x64 on Windows 10 1803. I'm trying to get SNMP values from a Ricoh printer. I've downloaded Printer-MIB and placed it in my C:\usr\share\snmp\mibs folder. I also downloaded and placed IANA-CHARSET-MIB and IANA-PRINTER-MIB. I also double checked snmp.conf to make sure they're in the right mibdirs folder.
I'm trying to access the value for black toner. I found some OIDs here, which I was trying to use for my example.
When I try to access the value for black toner:
snmpwalk -v 1 -c public -m Printer-MIB x.x.x.x 1.3.6.1.4.1.367.3.2.1.2.24.1.1.5.1
I get
SNMPv2-SMI::enterprises.367.3.2.1.2.24.1.1.5.1 = INTEGER: 80
I get the same result when I try -m ALL as well. Also if I try added Printer-MIB::printmib at the end, I get the same exact message.
When I try the command:
snmptranslate -IR -Td Printer-MIB::prtMarkerSuppliesLevel.1.1
I get
Printer-MIB::prtMarkerSuppliesLevel.1.1
prtMarkerSuppliesLevel OBJECT-TYPE
-- FROM Printer-MIB
SYNTAX Integer32 (-3..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION "The current level if this supply is a container; the remaining
space if this supply is a receptacle. If this supply
container/receptacle can reliably sense this value, the value
is reported by the printer and is read-only; otherwise, the
value may be written (by a Remote Control Panel or a Management
Application). The value (-1) means other and specifically
indicates that the sub-unit places no restrictions on this
parameter. The value (-2) means unknown. A value of (-3) means
that the printer knows that there is some supply/remaining
space, respectively."
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) printmib(43) prtMarkerSupplies(11) prtMarkerSuppliesTable(1) prtMarkerSuppliesEntry(1) prtMarkerSuppliesLevel(9) 1 1 }
So doesn't that mean SNMP sees the file and can parse it?
Edit:
I was able to get the MIB file to work, but the OID values are confusing me. I ran snmpwalk -v 1 -c public x.x.x.x Printer-MIB::printmib and now the values with their MIB tags print. However, when I come across the value for black ink, the OID doesn't match the one I had found online, but they return the same value.
C:\usr\bin>snmpwalk -v 1 -c public x.x.x.x Printer-MIB::prtMarkerSuppliesLevel.1.1
Printer-MIB::prtMarkerSuppliesLevel.1.1 = INTEGER: 80
and
C:\usr\bin>snmpwalk -v 1 -c public x.x.x.x 1.3.6.1.4.1.367.3.2.1.2.24.1.1.5.1 Printer-MIB::printmib
SNMPv2-SMI::enterprises.367.3.2.1.2.24.1.1.5.1 = INTEGER: 80
If I run snmptranslate, I get a completely different OID than the one I had been using before:
C:\usr\bin>snmptranslate -On Printer-MIB::prtMarkerSuppliesLevel.1.1
.1.3.6.1.2.1.43.11.1.1.9.1.1
Not sure why the OID I found online works to retrieve the value, but not to work with the MIB file. Some sort of mix between proprietary and public MIB data?
Try the right OID
snmpwalk ... 1.3.6.1.2.1.43.5.1.1.16

Returning a value to a SNMP server via a shell script

Hello my dear coder friends, I have an hard problem to solve.
Me trying to create a SNMP server that tells the status of a physical device. Status of this device is stored in Redis database.
I am using the following .sh for retrieving device status:
tempratureStatus=$(redis-cli get tempratureStatus)
echo "Temperature Status: $tempratureStatus"
if [ "$tempratureStatus" = "True" ]; then
exit 1
else
exit 0
fi;
This script returns whether the device is over heated or not. I am also using following conf file to call this .sh script with SNMP server (see the very last extend postgresfile line):
rwuser bootstrap priv
rwuser demo priv
sysLocation Sitting on the Dock of the Bay
sysContact Me <me#example.org>
sysServices 72
proc mountd
proc ntalkd 4
proc sendmail 10 1
disk / 10000
disk /var 5%
includeAllDisks 10%
load 12 10 5
trapsink localhost public
iquerySecName internalUser
rouser internalUser
defaultMonitors yes
linkUpDownNotifications yes
extend postgresfiles /etc/snmp/scripts/battleshort_local.sh
However, when I use the command,
snmpget -v2c -c public 192.168.1.106 'NET-SNMP-EXTEND-MIB::nsExtendOutLine."postgresfiles".1'
I get the following Error:
NET-SNMP-EXTEND-MIB::nsExtendOutLine."postgresfiles".1 = No Such Object available on this agent at this OID
Whats the problem here I can figure it out. Am I returning undefined? Or am I even returning something?

command output not captured by shell script when invoked by snmp pass

The problem
SNMPD is correctly delegating SNMP polling requests to another program but the response from that program is not valid. A manual run of the program with the same arguments is responding correctly.
The detail
I've installed the correct LSI raid drivers on a server and want to configure SNMP. As per the instructions, I've added the following to /etc/snmp/snmpd.conf to redirect SNMP polling requests with a given OID prefix to a program:
pass .1.3.6.1.4.1.3582 /usr/sbin/lsi_mrdsnmpmain
It doesn't work correctly for SNMP polling requests:
snmpget -v1 -c public localhost .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.1
I get the following response:
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: SNMPv2-SMI::enterprises.3582.5.1.4.2.1.2.1.32.1
What I've tried
SNMPD passes two arguments, -g and <oid> and expects a three line response <oid>, <data-type> and <data-value>.
If I manually run the following:
/usr/sbin/lsi_mrdsnmpmain -g .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0
I correctly get a correct three line response:
.1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0
integer
30
This means that the pass command is working correctly and the /usr/sbin/lsi_mrdsnmpmain program is working correctly in this example
I tried replacing /usr/sbin/lsi_mrdsnmpmain with a bash script. The bash script delegates the call and logs the supplied arguments and output from the delegated call:
#!/bin/bash
echo "In: '$#" > /var/log/snmp-pass-test
RETURN=$(/usr/sbin/lsi_mrdsnmpmain $#)
echo "$RETURN"
echo "Out: '$RETURN'" >> /var/log/snmp-pass-test
And modified the pass command to redirect to the bash script. If I run the bash script manually /usr/sbin/snmp-pass-test -g .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0 I get the correct three line response as I did when I ran /usr/sbin/lsi_mrdsnmpmain manually and I get the following logged:
In: '-g .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0
Out: '.1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0
integer
30'
When I rerun the snmpget test, I get the same Error in packet... error and the bash script's logging shows that the captured delegated call output is empty:
In: '-g .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.0
Out: ''
If I modify the bash script to only echo an empty line I also get the same Error in packet... message.
I've also tried ensuring that the environment variables that are present when I manually call /usr/sbin/lsi_mrdsnmpmain are the same for the bash script but I get the same empty output.
Finally, my questions
Why would the bash script behave differently in these two scenarios?
Is it likely that the problem that exists with the bash scripts is the same as originally noticed (manually running program has different output to SNMPD run program)?
Updates
eewanco's suggestions
What user is running the program in each scenario?
I added echo "$(whoami)" > /var/log/snmp-pass-test to the bash script and root was added to the logs
Maybe try executing it in cron
Adding the following to root's crontab and the correct three line response was logged:
* * * * * /usr/sbin/lsi_mrdsnmpmain -g .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.1 >> /var/log/snmp-test-cron 2>&1
Grisha Levit's suggestion
Try logging the stderr
There aren't any errors logged
Checking /var/log/messages
When I run it via SNMPD, I get MegaRAID SNMP AGENT: Error in getting Shared Memory(lsi_mrdsnmpmain) logged. When I run it directly, I don't. I've done a bit of googling and I may need lm_sensors installed; I'll try this.
I installed lm_sensors & compat-libstdc++-33.i686 (the latter because it said it was a pre-requisite from the instructions and I was missing it), uninstalled and reinstalled the LSI drivers and am experiencing the same issue.
SELinux
I accidently stumbled upon a page about extending snmpd with scripts and it says to check the script has the right SELinux context. I ran grep AVC /var/log/audit/audit.log | grep snmp before and after running a snmpget and the following entry is added as a direct result from running snmpget:
type=AVC msg=audit(1485967641.075:271): avc: denied { unix_read unix_write } for pid=5552 comm="lsi_mrdsnmpmain" key=558265 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=shm
I'm now assuming that SELinux is causing the call to fail; I'll dig further...see answer for solution.
strace (eewanco's suggestion)
Try using strace with and without snmp and see if you can catch a system call failure or some additional hints
For completeness, I wanted to see if strace would have hinted that SELinux was denying. I had to remove the policy packages using semodule -r <policy-package-name> to reintroduce the problem then ran the following:
strace snmpget -v1 -c public localhost .1.3.6.1.4.1.3582.5.1.4.2.1.2.1.32.1 >> strace.log 2>&1
The end of strace.log is as follows and unless I'm missing something, it doesn't seem to provide any hints:
...
sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(161), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)= [{"0;\2\1\0\4\20public\240$\2\4I\264-m\2"..., 61}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=, ...}, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 61
select(4, [3], NULL, NULL, {0, 999997}) = 1 (in [3], left {0, 998475})
brk(0xab9000) = 0xab9000
recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(161), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)= [{"0;\2\1\0\4\20public\242$\2\4I\264-m\2"..., 65536}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 61
write(2, "Error in packet\nReason: (noSuchN"..., 81Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
) = 81
write(2, "Failed object: ", 15Failed object: ) = 15
write(2, "SNMPv2-SMI::enterprises.3582.5.1"..., 48SNMPv2- SMI::enterprises.3582.5.1.4.2.1.2.1.32.1
) = 48
write(2, "\n", 1
) = 1
brk(0xaa9000) = 0xaa9000
close(3) = 0
exit_group(2) = ?
+++ exited with 2 +++
It was SELinux that was denying snmpd a delegated call to /usr/sbin/lsi_mrdsnmpmain (and probably beyond).
To identify it, I ran grep AVC /var/log/audit/audit.log and for each entry, I ran the following:
echo "<grepped-output>" | audit2allow -a -M <filename>
This creates a SELinux policy package that should allow the delegated call through. The package is then loaded using the following:
semodule -i <filename>.pp
I had to do this 5 times as there were different causes of denial (unix_read unix_write, associate, read write). I'll look to combine the modules into one.
Now when I run snmpget I get the correct delegated output:
SNMPv2-SMI::enterprises.3582.5.1.4.2.1.2.1.32.1 = INTEGER: 34

I am trying to send a snmp message via snmptrap

I am trying to send an snmp message with snmptrap from the commandline, and the manual isn't super clear.
I have managed to send the example message successfully (10.0.0.1 == where I'm sending the messages to)
snmptrap -v 1 -c private 10.0.0.1 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "" 6 17 "" netSnmpExampleHeartbeatRate i 13546
But when I want to send a resynchronisation message such as:
snmptrap -v 1 -c private 10.0.0.1 HW-IMAPV1NORTHBOUND-TRAP-MIB::hwNmNorthboundEventSynchronizationCommandStart
I need to add a few more arguements. I've tried adding myip:myport:date:date or just myip:myport, but no success. I'm not too clear on what should be the following arguements. The man page:
snmptrap -v 1 [COMMON OPTIONS] [-Ci] enterprise-oid agent generic-trap specific-trap uptime [OID TYPE VALUE]
What should be the generic-trap, specific-trap etc?
From the MIB files:
: 1.3.6.1.4.1.2011.2.15.1.7.7.4
hwNmNorthboundEventSynchronizationCommandStart OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
Format to omit dst flag:- IP:port:start time:end time:timezone, will consider the dstflag to be 0
Does someone have a bit more experience than me with SNMP to understand what I need to put in the command line arguements?
thanks!
I don't know if I should delete this question, or leave it, but my problem was partly because somehow the mib file was no read, and I had to use the OID directly. Otherwise the "arguments" depends on the mib file, the 6 is always 6, the 17 on the otherhand should correspond to the last number in the oid of the mib..

Resources