On 2015-01-12 14:13, Andrei Borzenkov wrote:
On Mon, Jan 12, 2015 at 3:54 PM, Carlos E. R. <> wrote:
I simply have:
authCommunity log,execute,net public authCommunity log,execute,net private
I thought that would write things to the log.
No, it simply enables snmptrapd to perform selected actions for selected community strings. How exactly it performs these actions is defined by other options.
As I have no idea what strings the router may send (the documentation doesn't say), I can't write any action.
The log is created (/var/log/net-snmpd.log) but is empty. I noticed a packet coming, I saw it on the firewall log.
Yes, my experience with net-snmp is that it logs not that much by default. You may need to tweak logging options. But I must admit configuring net-snmp is not for the faint of heart ... :)
It logs nothing... I got that configuration from the "tutorial" here: http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd where it says "By default, it will simply log all incoming notifications via syslog." But it does not, apparently. Or the router is not sending things, despite the hit on the firewall log. So I try sending things from one computer to another, but I can't. The tutorial suggests: snmptrap -v 1 -c public host UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" \ SNMPv2-MIB::sysLocation.0 s "Just here" I try that, verbatim:
Telcontar:~ # snmptrap -v 1 -c public host UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "Just here" getaddrinfo: host Name or service not known getaddrinfo("host", NULL, ...): Name or service not known snmptrap: Telcontar:~ #
Ok, it needs a hostname, obviously. So I type it:
Telcontar:~ # snmptrap -v 1 -c public amonLanc.valinor UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "Just here" MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs Cannot find module (UCD-TRAP-TEST-MIB): At line 0 in (none) UCD-TRAP-TEST-MIB::demotraps: Unknown Object Identifier USAGE: snmptrap [OPTIONS] AGENT TRAP-PARAMETERS
Version: 5.7.2 Web: http://www.net-snmp.org/
or the other example:
Telcontar:~ # snmptrap -v 2c -c public amonLanc.valinor "" UCD-NOTIFICATION-TEST-MIB::demoNotif SNMPv2-MIB::sysLocation.0 s "Just here" MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs Cannot find module (UCD-NOTIFICATION-TEST-MIB): At line 0 in (none) UCD-NOTIFICATION-TEST-MIB::demoNotif: Unknown Object Identifier Telcontar:~ #
So the tutorial is useless. :-/ (the tutorial example logs are dated "1999-11-12", so they are a decade and a half old) Ok, at <http://www.net-snmp.org/wiki/index.php/TUT:snmptrap#SNMPv1_Traps" it says that the example will not work on SUSE because it needs extra things. Instead try this:
Telcontar:~ # snmptrap -v 1 -c public amonLanc.valinor NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification "" 6 17 "" netSnmpExampleHeartbeatRate i 123456 Telcontar:~ #
which at least doesn't produce an error. First attempt is blocked by the destination firewall, so I correct that, repeat, and still nothing is logged:
AmonLanc:~ # l /var/log/net-snmpd.log -rw-r--r-- 1 root root 0 Jan 11 17:59 /var/log/net-snmpd.log AmonLanc:~ #
AmonLanc:~ # rcsnmptrapd status Checking for service snmptrapd: running snmptrapd.service - LSB: Receive and log SNMP trap messages Loaded: loaded (/etc/init.d/snmptrapd) Active: active (running) since Mon 2015-01-12 13:46:52 CET; 1h 53min ago CGroup: /system.slice/snmptrapd.service └─4580 /usr/sbin/snmptrapd -A -LF n /var/log/net-snmpd.log -p /var/run/snmptrapd.pid
AmonLanc:~ #
Still, nothing is logged at the destination. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)