Discussion:
Snmpwalk only gives me system group.
(too old to reply)
Richard
2003-06-12 15:51:08 UTC
Permalink
Raw Message
Hi,

I am using net-snmp-5.0.6-17 and net-snmp-utils-5.0.6-17 rpms.

Below is the output I keep on getting everytime I try and snmpwalk on my
linux machine. I have tried the following things:

1) Making sure my VACM is correct (access control)
2) Making sure my configuration files are in /usr/share/snmp/
3) Making sure my mib directory is in /usr/share/snmp/mibs/
4) Many other configurations doublechecked
5) Read the FAQ many times

I have been stuck on this problem for 3 days now, so any help would be
greatly appreciated. Thank you very much.

[***@Iroquois net-snmp-5.0.6]# snmpwalk -v 1 -c public <MY IP ADDRESS>
MODULE-IDENTITY MACRO (lines 55..79 parsed and ignored).
OBJECT-IDENTITY MACRO (lines 81..103 parsed and ignored).
OBJECT-TYPE MACRO (lines 212..298 parsed and ignored).
NOTIFICATION-TYPE MACRO (lines 302..334 parsed and ignored).
TEXTUAL-CONVENTION MACRO (lines 8..48 parsed and ignored).
OBJECT-TYPE MACRO (lines 25..39 parsed and ignored).
OBJECT-GROUP MACRO (lines 8..39 parsed and ignored).
NOTIFICATION-GROUP MACRO (lines 43..73 parsed and ignored).
MODULE-COMPLIANCE MACRO (lines 77..183 parsed and ignored).
AGENT-CAPABILITIES MACRO (lines 187..320 parsed and ignored).
TRAP-TYPE MACRO (lines 14..35 parsed and ignored).
SNMPv2-MIB::sysDescr.0 Linux Iroquois 2.4.20-13.9 #1 Mon May 12 10:55:37
EDT 2003 i686
SNMPv2-MIB::sysObjectID.0 NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 208533
SNMPv2-MIB::sysContact.0 ***@uregina.ca
SNMPv2-MIB::sysName.0 Iroquois
SNMPv2-MIB::sysLocation.0 "8th Floor"
SNMPv2-MIB::sysServices.0 12
SNMPv2-MIB::sysORLastChange.0 1
SNMPv2-MIB::sysORID.1 IF-MIB::ifMIB
SNMPv2-MIB::sysORID.2 SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.3 TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.4 IP-MIB::ip
SNMPv2-MIB::sysORID.5 UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.6 SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.7 SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.8 SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.9 SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORDescr.1 The MIB module to describe generic objects for
network interface sub-layers
SNMPv2-MIB::sysORDescr.2 The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.3 The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.4 The MIB module for managing IP and ICMP
implementations
SNMPv2-MIB::sysORDescr.5 The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.6 View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.7 The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.8 The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.9 The management information definitions for the
SNMP User-based Security Model.
SNMPv2-MIB::sysORUpTime.1 0
SNMPv2-MIB::sysORUpTime.2 0
SNMPv2-MIB::sysORUpTime.3 0
SNMPv2-MIB::sysORUpTime.4 0
SNMPv2-MIB::sysORUpTime.5 0
SNMPv2-MIB::sysORUpTime.6 0
SNMPv2-MIB::sysORUpTime.7 1
SNMPv2-MIB::sysORUpTime.8 1
SNMPv2-MIB::sysORUpTime.9 1
HOST-RESOURCES-MIB::hrSystemUptime.0 2680418
Timeout: No Response from 10.10.10.204
[***@Iroquois net-snmp-5.0.6]#
Nikolai Devereaux
2003-06-12 16:00:13 UTC
Permalink
Raw Message
I thought that was the (documented?) default behavior. If you don't pass a
root OID to walk, snmpwalk just walks the system OID.

If you want to walk the ENTIRE system, you'll need to pass a root OID. like
"1".


Take care,

nik
Dave Shield
2003-06-13 01:30:05 UTC
Permalink
Raw Message
Post by Richard
Below is the output I keep on getting everytime I try and snmpwalk on my
linux machine.
As Nikolai says, a "bare" snmpwalk should give you the whole of the 'mib-2'
tree, and nothing else (i.e. enterprise specific stuff).

But I'd expect to see more from the Host Resources MIB than just the
system uptime.


It looks as if there are actually two separate problems.
a) the MIB parsing warnings
b) the request timeout

The MIB errors don't actually specify which MIB file it's complaining about,
but it looks suspiciously like SNMPv2-SMI. Are you using the version
of this file that we provide, or a "full" version from somewhere else?

What happens if you run with the flag -Dparse-mibs ?
That will log which MIB files it's reading each time, and may help pin
down exactly where these errors are being generated.


As far as the timeout is concerned,
Post by Richard
1) Making sure my VACM is correct (access control)
that's certainly the most likely cause.
Try running the *agent* using the flag -Dread_config and check that it's
picking up the access config settings you expect (and nothing else).


I'd also try running a 'snmpgetnext' command on both hrSystemUptime and
hrSystemUptime.0 - probably with a long timeout setting, and no repeats.
i.e.
snmpgetnext -v 1 -c public -r 0 -t 600 <IP> hrSystemUptime
snmpgetnext -v 1 -c public -r 0 -t 600 <IP> hrSystemUptime.0

What does that return?

Dave
Dave Shield
2003-06-16 01:19:29 UTC
Permalink
Raw Message
I am using the rpms i found for my OS (Red Hat 9) at
rpmfind.net (version: 5.0.6-17)
OK - I'll have a look at this.
Installing RedHat 9 is on my list of Things To Do This Week.
Post by Dave Shield
What happens if you run with the flag -Dparse-mibs ?
You were right, I found many of the errors were from the SNMPv2:SMI mib.
Well, it's probably not so much that the MIB contains errors.
Just that our parser can't handle the (valid) definitions
for the "core" elements of SMI syntax.

Your best bet is to grab one of the source tarballs, and install
our version of the SNMPv2-SMI file.
Ideally, our parser should skip this automatically.
I'll add that to the task list.
# snmpgetnext -v 1 -c public -r 0 -t 600 <IP> hrSystemUptime.0
Error in packet.
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: HOST-RESOURCES-MIB::hrSystemUptime.0
# snmpwalk -v 1 -c public <IP> -t 120
[snip]
HOST-RESOURCES-MIB::hrSystemUptime.0 8475805
End of MIB
I don't know why it gives the message "End of MIB"
It's giving you "End of MIB", because it's discovered that there
are no more (accessible) MIB values.
That's essentially the same message as the 'noSuchName' error in the
snmpgetnext example.
(If you try the same request with -v 2c instead, then you'll
get this response explicitly.)
I still cannot get past the HOST RESOURCES MIB. Any suggestions?
The "End of MIB" message either means that the agents *doesn't* support
any other values after hrSystemUptime.
Or that it does, but you're not authorised to access them.

Given that the request tends to time out (unless you extend the timeout
period), that sounds to me like an access control problem.

You say that your access control settings are being read in correctly?
I think the time has come to see what you've got set up.
Can you please post the relevant -Dread_config debugging output


Dave
Bene Tam
2003-06-16 18:27:07 UTC
Permalink
Raw Message
Dear all

I have proposed the memory leak problem i am encountering before.

When I try to debug my memory leaking application(debug build, link with
5.0.8 version snmp_d.lib)

I really like to look for someone who can tell the possible cause of memory
leak in such case, thx so much
Quanah Gibson-Mount
2003-06-16 18:58:07 UTC
Permalink
Raw Message
Post by Bene Tam
Dear all
I have proposed the memory leak problem i am encountering before.
When I try to debug my memory leaking application(debug build, link with
5.0.8 version snmp_d.lib)
I really like to look for someone who can tell the possible cause of
memory leak in such case, thx so much
Did you compile with Kerberos 5 support? Net-SNMP only compiles against
MIT Krb5, which is full of terrible memory leaks. I filed a bug some time
ago that they should update it to use Heimdal K5, but I've seen no progress
on it. I attempted some work at converting it, but got lost in the attempt.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Bene Tam
2003-06-16 19:40:10 UTC
Permalink
Raw Message
As I am using only version 1 in my hardware
I would also only use version 1 in my PC platform

I just compile following the instructions in the READEM.w32

seems there is no note talking about the kerberos when building the library

----- Original Message -----
From: "Quanah Gibson-Mount" <***@stanford.edu>
To: <net-snmp-***@lists.sourceforge.net>
Sent: Tuesday, June 17, 2003 9:57 AM
Subject: Re: question of memory consumption in net-snmp library
Post by Quanah Gibson-Mount
Post by Bene Tam
Dear all
I have proposed the memory leak problem i am encountering before.
When I try to debug my memory leaking application(debug build, link with
5.0.8 version snmp_d.lib)
I really like to look for someone who can tell the possible cause of
memory leak in such case, thx so much
Did you compile with Kerberos 5 support? Net-SNMP only compiles against
MIT Krb5, which is full of terrible memory leaks. I filed a bug some time
ago that they should update it to use Heimdal K5, but I've seen no progress
on it. I attempted some work at converting it, but got lost in the attempt.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Ken Hornstein
2003-06-16 20:54:12 UTC
Permalink
Raw Message
Post by Quanah Gibson-Mount
Did you compile with Kerberos 5 support? Net-SNMP only compiles against
MIT Krb5, which is full of terrible memory leaks.
Say what?

Speaking as someone who runs and consults on a number of large Kerberos
realms with thousands of users and a dozen different operating systems,
I have seen _no_ evidence of these "terrible" memory leaks you are talking
about. Now, it's certainly possible there are memory leaks with the
Kerberos code in net-snmp, but if there are, then those are my fault.
I'd be glad to look at them, if you could give me some concrete examples.
Post by Quanah Gibson-Mount
I filed a bug some time
ago that they should update it to use Heimdal K5, but I've seen no progress
on it. I attempted some work at converting it, but got lost in the attempt.
"update"? Whatever.

--Ken
Quanah Gibson-Mount
2003-06-16 21:01:11 UTC
Permalink
Raw Message
--On Monday, June 16, 2003 11:53 PM -0400 Ken Hornstein
Post by Ken Hornstein
Post by Quanah Gibson-Mount
Did you compile with Kerberos 5 support? Net-SNMP only compiles against
MIT Krb5, which is full of terrible memory leaks.
Say what?
Speaking as someone who runs and consults on a number of large Kerberos
realms with thousands of users and a dozen different operating systems,
I have seen _no_ evidence of these "terrible" memory leaks you are talking
about. Now, it's certainly possible there are memory leaks with the
Kerberos code in net-snmp, but if there are, then those are my fault.
I'd be glad to look at them, if you could give me some concrete examples.
Post by Quanah Gibson-Mount
I filed a bug some time
ago that they should update it to use Heimdal K5, but I've seen no
progress on it. I attempted some work at converting it, but got lost
in the attempt.
Ken,

It has a lot to do with the MIT K5 libraries. In our move to OpenLDAP,
compiling it with Cyrus-SASL and GSSAPI support, we found that when we used
the MIT K5 libraries that there were all sorts of memory leaks when using
them in threaded applications. Moving from MIT to Heimdal solved that
problem. Further development on other applications has also consistently
found that MIT's K5 libraries are problematic in threaded applications.
That can also solved by carefully mutexing the calls to MIT K5 libs.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Dave Shield
2003-06-17 01:08:09 UTC
Permalink
Raw Message
I found that there was an error in my snmpd.conf in the access control
view all included 1.3.6.1.
All I did was take the dot off the end of the OID and my snmpwalk went
just fine.
Hmmm...
I'm surprised (and disappointed) that such an error would break things.
I'm about to commit a patch to stamp on such trailing dots, to prevent
such problems in the future.

But shouldn't the agent have spit out an error like:

/usr/local/etc/snmp/snmpd.conf: line 7: Error: bad SUBTREE object id

?

Dave
Ken Hornstein
2003-06-17 06:39:08 UTC
Permalink
Raw Message
Post by Quanah Gibson-Mount
It has a lot to do with the MIT K5 libraries. In our move to OpenLDAP,
compiling it with Cyrus-SASL and GSSAPI support, we found that when we used
the MIT K5 libraries that there were all sorts of memory leaks when using
them in threaded applications. Moving from MIT to Heimdal solved that
problem. Further development on other applications has also consistently
found that MIT's K5 libraries are problematic in threaded applications.
That can also solved by carefully mutexing the calls to MIT K5 libs.
MIT Kerberos isn't thread-safe. This has been known forever (technically,
Heimdal isn't either; you're just getting lucky because there isn't a replay
cache in Heimdal, which results in weaker security). I've used Cyrus-SASL
in plenty of non-threaded applications with GSSAPI and MIT Kerberos, and
it works just fine. This is a complete non-issue for net-snmp of course,
since it's not threaded.

--Ken
Dave Shield
2003-06-19 01:04:46 UTC
Permalink
Raw Message
[ First - *please* don't mail me privately, without copying
any responses to the mailing list. I don't have the time
or inclination to offer private, unpaid, SNMP consultancy.
Keep discussions to the list, where others can both learn
and offer advice. Thanks. ]


Dave> But shouldn't the agent have spit out an error like:
Dave> /usr/local/etc/snmp/snmpd.conf: line 7: Error: bad SUBTREE object id


Richard> If you are referring to before I had "dodebugging" on, No the agent
Richard> didn't spit out the error.
Richard>> It was only after I had turned on "read_config" that the exact
Richard> error you mentioned showed up.


Strange.
I've checked the code again, and it's definitely a "config_perror" call
that reports this message. These should be displayed, regardless of
any debugging settings. It'll be logged to the "normal" destination,
of course - typically via syslog (unless you specify otherwise). But
you shouldn't need to turn on "dodebugging" to get it.

I've just tried with the current code, and it does whinge about invalid
SUBTREE oids, without needing to turn on debugging.

I'm very confused as to why you weren't seeing this.
What happens if you run

snmpd -f -L

(with no debugging settings), and an invalid OID in the config file?

Dave

Loading...