Discussion:
snmptrapd snmp v3 fails on long engine id
(too old to reply)
Brian Fernald
2016-03-04 22:28:10 UTC
Permalink
Hello All -

I am pulling hairs on this one.

I have a network device that generates EngineIDs such as this one : 80001F8804303039343031303131313331




My snmptrapd.conf has:


createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA test12345 AES test12345

authuser log econv3_admin


Restarting snmptrapd results in :


No log handling enabled - turning on stderr logging

registered debug token snmptrapd, 1

registered debug token usm, 1

registered debug token usmUser, 1

snmptrapd: Freeing trap handler lists

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

31


This works fine and log shows the following along with the trap details:


usm: USM processing begun...

usm: match on user econv3_admin

usm: Verification succeeded.

usm: USM processing completed.





I then add a second device, so now the snmptrapd.conf looks like


createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA test12345 AES test12345

createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA test12345 AES test12345

authuser log econv3_admin


Restarting snmptrapd results in :


No log handling enabled - turning on stderr logging

registered debug token snmptrapd, 1

registered debug token usm, 1

registered debug token usmUser, 1

snmptrapd: Freeing trap handler lists

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

31

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

34


This time , the logs show the following, AND is also followed by the trap details.


usm: USM processing begun...

usm: match on user econv3_admin

########### > usm: no match on engineID (80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33 34 )

usm: match on user econv3_admin

usm: Verification succeeded.

usm: USM processing completed.



Why is it reporting usm: no match on engineID (80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

34 ) and yet seemingly working (it logs the trap) ?


To test what was going on, I replaced the engineID with the identical ID, minus the last 34 at the end. Restarted snmptrapd. It worked fine without the Match error. I then re-added the 34, restarted snmptrapd and it reports the no match error again.


Can anyone explain to me what is going on and if it is or is not working ?


Thanks much !

Brian
Pushpa Thimmaiah
2016-03-07 12:19:40 UTC
Permalink
Hi Brian,



*Can you paste usmUser entries for that configuration . Its available in
snmp persistent file.*


*Its better to use different usernames*

*Thanks,*

*Pushpa.T*
Post by Brian Fernald
Hello All -
I am pulling hairs on this one.
80001F8804303039343031303131313331
*createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA
test12345 AES test12345*
*authuser log econv3_admin*
*No log handling enabled - turning on stderr logging*
*registered debug token snmptrapd, 1*
*registered debug token usm, 1*
*registered debug token usmUser, 1*
*snmptrapd: Freeing trap handler lists*
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30
31 30 31 31 31 33 *
*31 *
*usm: USM processing begun...*
*usm: match on user econv3_admin*
*usm: Verification succeeded.*
*usm: USM processing completed.*
I then add a second device, so now the snmptrapd.conf looks like
*createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA
test12345 AES test12345*
*createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA
test12345 AES test12345*
*authuser log econv3_admin*
*No log handling enabled - turning on stderr logging*
*registered debug token snmptrapd, 1*
*registered debug token usm, 1*
*registered debug token usmUser, 1*
*snmptrapd: Freeing trap handler lists*
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30
31 30 31 31 31 33 *
*31 *
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30
31 30 31 31 31 33 *
*34 *
This time , the logs show the following, AND is also followed by the trap
details.
*usm: USM processing begun...*
*usm: match on user econv3_admin*
*########### > usm: no match on engineID (80 00 1F 88 04 30 30 39 34
30 31 30 31 31 31 33 **34 )*
*usm: match on user econv3_admin*
*usm: Verification succeeded.*
*usm: USM processing completed.*
Why is it reporting *usm: no match on engineID (80 00 1F 88 04 30 30
39 34 30 31 30 31 31 31 33 *
*34 )* and yet seemingly working (it logs the trap) ?
To test what was going on, I replaced the engineID with the identical
ID, minus the last 34 at the end. Restarted snmptrapd. It worked fine
without the Match error. I then re-added the 34, restarted snmptrapd and
it reports the no match error again.
Can anyone explain to me what is going on and if it is or is not working ?
Thanks much !
Brian
------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Brian Fernald
2016-03-07 14:49:04 UTC
Permalink
Hello Pushpa,

Which persistent file are you looking for ? Only place I have snmp v3 configurations on the server are snmptrap.conf


createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA test12345 AES test12345

createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA test12345 AES test12345

authuser log econv3_admin


The remote device we are currently testing as an agent is a cluster of firewalls. This is requires the username is the same. It is configured once for the config, then utilized on both devices within the cluster. You cannot set unique usernames for the cluster unfortunately.

Thanks much,
Brian


From: Pushpa Thimmaiah <***@gmail.com<mailto:***@gmail.com>>
Date: Monday, March 7, 2016 at 4:19 AM
To: Brian Fernald <***@econtinuity.net<mailto:***@econtinuity.net>>
Cc: "net-snmp-***@lists.sourceforge.net<mailto:net-snmp-***@lists.sourceforge.net>" <net-snmp-***@lists.sourceforge.net<mailto:net-snmp-***@lists.sourceforge.net>>
Subject: Re: snmptrapd snmp v3 fails on long engine id

Hi Brian,

Can you paste usmUser entries for that configuration . Its available in snmp persistent file.

Its better to use different usernames

Thanks,
Pushpa.T

On Sat, Mar 5, 2016 at 3:58 AM, Brian Fernald <***@econtinuity.net<mailto:***@econtinuity.net>> wrote:
Hello All -

I am pulling hairs on this one.

I have a network device that generates EngineIDs such as this one : 80001F8804303039343031303131313331




My snmptrapd.conf has:


createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA test12345 AES test12345

authuser log econv3_admin


Restarting snmptrapd results in :


No log handling enabled - turning on stderr logging

registered debug token snmptrapd, 1

registered debug token usm, 1

registered debug token usmUser, 1

snmptrapd: Freeing trap handler lists

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

31


This works fine and log shows the following along with the trap details:


usm: USM processing begun...

usm: match on user econv3_admin

usm: Verification succeeded.

usm: USM processing completed.





I then add a second device, so now the snmptrapd.conf looks like


createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA test12345 AES test12345

createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA test12345 AES test12345

authuser log econv3_admin


Restarting snmptrapd results in :


No log handling enabled - turning on stderr logging

registered debug token snmptrapd, 1

registered debug token usm, 1

registered debug token usmUser, 1

snmptrapd: Freeing trap handler lists

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

31

usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

34


This time , the logs show the following, AND is also followed by the trap details.


usm: USM processing begun...

usm: match on user econv3_admin

########### > usm: no match on engineID (80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33 34 )

usm: match on user econv3_admin

usm: Verification succeeded.

usm: USM processing completed.



Why is it reporting usm: no match on engineID (80 00 1F 88 04 30 30 39 34 30 31 30 31 31 31 33

34 ) and yet seemingly working (it logs the trap) ?


To test what was going on, I replaced the engineID with the identical ID, minus the last 34 at the end. Restarted snmptrapd. It worked fine without the Match error. I then re-added the 34, restarted snmptrapd and it reports the no match error again.


Can anyone explain to me what is going on and if it is or is not working ?


Thanks much !

Brian



------------------------------------------------------------------------------

_______________________________________________
Net-snmp-users mailing list
Net-snmp-***@lists.sourceforge.net<mailto:Net-snmp-***@lists.sourceforge.net>
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Pushpa Thimmaiah
2016-03-10 10:30:26 UTC
Permalink
Hi Brian,

Trap persistent configuration available in /var/net-snmp/snmptrad.conf or
/var/lib/snmp/snmptrapd.conf .

Thanks,
Pushpa.T
Post by Brian Fernald
Hello Pushpa,
Which persistent file are you looking for ? Only place I have snmp v3
configurations on the server are snmptrap.conf
createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA
test12345 AES test12345
createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA
test12345 AES test12345
authuser log econv3_admin
The remote device we are currently testing as an agent is a cluster of
firewalls. This is requires the username is the same. It is configured
once for the config, then utilized on both devices within the cluster.
You cannot set unique usernames for the cluster unfortunately.
Thanks much,
Brian
Date: Monday, March 7, 2016 at 4:19 AM
Subject: Re: snmptrapd snmp v3 fails on long engine id
Hi Brian,
*Can you paste usmUser entries for that configuration . Its available in
snmp persistent file. *
*Its better to use different usernames *
*Thanks, *
*Pushpa.T *
Post by Brian Fernald
Hello All -
I am pulling hairs on this one.
80001F8804303039343031303131313331
*createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA
test12345 AES test12345*
*authuser log econv3_admin*
*No log handling enabled - turning on stderr logging*
*registered debug token snmptrapd, 1*
*registered debug token usm, 1*
*registered debug token usmUser, 1*
*snmptrapd: Freeing trap handler lists*
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34
30 31 30 31 31 31 33 *
*31 *
*usm: USM processing begun...*
*usm: match on user econv3_admin*
*usm: Verification succeeded.*
*usm: USM processing completed.*
I then add a second device, so now the snmptrapd.conf looks like
*createUser -e 0x80001F8804303039343031303131313331 econv3_admin SHA
test12345 AES test12345*
*createUser -e 0x80001F8804303039343031303131313334 econv3_admin SHA
test12345 AES test12345*
*authuser log econv3_admin*
*No log handling enabled - turning on stderr logging*
*registered debug token snmptrapd, 1*
*registered debug token usm, 1*
*registered debug token usmUser, 1*
*snmptrapd: Freeing trap handler lists*
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34
30 31 30 31 31 31 33 *
*31 *
*usmUser: created a new user econv3_admin at 80 00 1F 88 04 30 30 39 34
30 31 30 31 31 31 33 *
*34 *
This time , the logs show the following, AND is also followed by the trap
details.
*usm: USM processing begun...*
*usm: match on user econv3_admin*
*########### > usm: no match on engineID (80 00 1F 88 04 30 30 39 34
30 31 30 31 31 31 33 **34 )*
*usm: match on user econv3_admin*
*usm: Verification succeeded.*
*usm: USM processing completed.*
Why is it reporting *usm: no match on engineID (80 00 1F 88 04 30 30
39 34 30 31 30 31 31 31 33 *
*34 )* and yet seemingly working (it logs the trap) ?
To test what was going on, I replaced the engineID with the identical
ID, minus the last 34 at the end. Restarted snmptrapd. It worked fine
without the Match error. I then re-added the 34, restarted snmptrapd and
it reports the no match error again.
Can anyone explain to me what is going on and if it is or is not working ?
Thanks much !
Brian
------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Loading...