Discussion:
SNMPTRAP doesn't work
mohamad hosein jafari
2012-07-24 00:24:08 UTC
Permalink
Hi

I set snmptrap configure and then I change these conf file but I can't fine
/etc/default/snmptrap.conf

So when I run a snmptrap instruction on my agent this instruction run but I
don't have anything in my log file

can you help me? ot can you tell me snmptrap step by step?

thanks
mohamad hosein jafari
2012-07-24 04:44:12 UTC
Permalink
---------- Forwarded message ----------
From: mohamad hosein jafari <***@gmail.com>
Date: Tue, Jul 24, 2012 at 9:13 AM
Subject: Re: SNMPTRAP doesn't work
To: Mohammad Waqas Athar <***@hotmail.com>


Thanks

I run snmp trap demon and I get answer like this
]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le
/tmp/snmptrapd.conf: No such file or directory
/tmp/snmptrapd.conf: No such file or directory
Warning: no access control information configured.
This receiver will *NOT* accept any incoming notifications.
NET-SNMP version 5.3.2.2 .......

and after that this process take long time and I should stop it

- but about I think I have problem in snmptrapd.conf because when I run
snmptrap I don't have any error but I don't have anything in my log file
I set my snmptrapd.conf like this :
logOption f /var/log/snmptraps.log
authCommunity log,execute,net public


and in this path : /etc/sysconfig/snmpd.options I set like this :

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)"

and also I turnd my IPtable off for test but I dont have anything in my log
file after I run snmptrap .

I TEST my request in debian and I get true answer but in CentOS I didn't
get any answer

On Tue, Jul 24, 2012 at 8:55 AM, Mohammad Waqas Athar <
***@hotmail.com> wrote:

>
> Well if you are new to using net-snmp library you will come across such
> kind of problems. I think you are having problem setting up
> snmptrap daemon . If this is the case then
>
> 1- First of all make sure your snmptrapd.conf configuration file is in
> (any) directory as pointed out by `net-snmp-config --snmpconfpath`
> 2- Secondly make sure you flush your iptables rule by sudo iptables -F so
> that snmp trap messages are not blocked by firewall.
> 3- Try to run snmptrap daemon using sudo /usr/local/sbin/snmptrapd -f -L
> o and generate a dummy snmptrap as given in net snmp tutorial and check
> does your daemon works or not.
>
> When you run snmptrap , you will get an error of some config file. Ignore
> that message if you follow the correct syntax then message
> would definitively be delivered to snmptrap daemon.
>
> Regards,
> Muhammad Waqas.
>
>
>
> ------------------------------
> Date: Tue, 24 Jul 2012 04:54:08 +0430
> Subject: SNMPTRAP doesn't work
> From: ***@gmail.com
> To: net-snmp-***@lists.sourceforge.net
>
>
> Hi
>
> I set snmptrap configure and then I change these conf file but I can't
> fine /etc/default/snmptrap.conf
>
> So when I run a snmptrap instruction on my agent this instruction run but
> I don't have anything in my log file
>
> can you help me? ot can you tell me snmptrap step by step?
>
> thanks
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference Exclusive live event will cover all the
> ways today's security and threat landscape has changed and how IT managers
> can respond. Discussions will include endpoint security, mobile security
> and the latest in malware threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________ Net-snmp-users mailing
> list Net-snmp-***@lists.sourceforge.net Please see the following page
> to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
>
Dave Shield
2012-07-24 07:23:21 UTC
Permalink
> I run snmp trap demon and I get answer like this
> ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le

You are explicitly telling the trap receiver to use the
configuration file '/tmp/snmptrapd.conf'
(That's the meaning of the -c option)

Have you created this file?

> /tmp/snmptrapd.conf: No such file or directory

Probably not :-)



> - but about I think I have problem in snmptrapd.conf because when I run
> snmptrap I don't have any error

Again - are you talking about snmptrap, or snmptrapd?
What exactly do you mean by "run snmptrap"

If you run the command "snmptrap" with no options,
then you *will* get an error, because that's not valid.
What is the *exact* command(s) that you are running?



> I set my snmptrapd.conf like this :
> logOption f /var/log/snmptraps.log
> authCommunity log,execute,net public

And where is this file located?



> and in this path : /etc/sysconfig/snmpd.options I set like this :
>
> OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)"

That file, and those options are relating to the SNMP agent ('snmpd').
They are nothing to do with either the trap receiver ('snmptrapd')
or the trap sender ('snmptrap').
Please don't confuse the various elements - they are different commands
used for different purposes, and controlled by different files.



> and also I turnd my IPtable off for test but I dont have anything in my log
> file after I run snmptrap .
>
> I TEST my request in debian and I get true answer but in CentOS I didn't get
> any answer

Please report *exactly* what you are doing.
There's simply not enough detail in what you have said so far.

Dave
Mohammad Waqas Athar
2012-07-24 05:06:15 UTC
Permalink
mohamad hosein jafari
2012-07-24 05:27:56 UTC
Permalink
Dave Shield
2012-07-24 07:17:42 UTC
Permalink
On 24 July 2012 01:24, mohamad hosein jafari <***@gmail.com> wrote:
> I set snmptrap configure and then I change these conf file but I can't fine
> /etc/default/snmptrap.conf

First thing - are you talking about "snmptrap" or "snmptrapd"?
These are very different!

Secondly, /etc/default is typically provided by a vendor installation
(rather than when using a setup compiled from source), and is
used to configure the settings used for *starting* a service
(i.e. the command line options).
It's not normally a place to put the run-time configuration file.


> So when I run a snmptrap instruction on my agent this instruction run
> but I don't have anything in my log file

What exactly do you mean by "run a snmptrap instruction"?
What command(s) are you running here?

Dave
mohamad hosein jafari
2012-07-24 07:58:01 UTC
Permalink
Thanks my friend

I want to use snmptrap but I think first of all I should config snmptrapd
on my server to receive snmp information on server .Am I Right??? Or Please
tell me true thing

>> I run snmp trap demon and I get answer like this
>> ]# snmptrapd -f -C -c /tmp/snmptrapd.conf -Le
>>You are explicitly telling the trap receiver to use the
>>configuration file '/tmp/snmptrapd.conf'
>> (That's the meaning of the -c option)

Ok what is this problem?

>>Have you created this file?
>>> /tmp/snmptrapd.conf: No such file or directory
>>Probably not :-)

No I can't find this file in this path . my snmptrapd.conf is
in /etc/snmp/snmptrapd.conf . how I can make it in the path that you say?


>>> - but about I think I have problem in snmptrapd.conf because when I run
>>> snmptrap I don't have any error
>>Again - are you talking about snmptrap, or snmptrapd?
>>What exactly do you mean by "run snmptrap"
>>If you run the command "snmptrap" with no options,
>>then you *will* get an error, because that's not valid.
>>What is the *exact* command(s) that you are running?

I want to run snmp . I want to send information from agent to manager . I
run this sample
snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
\netSnmpExampleInteger i 123456

>>> I set my snmptrapd.conf like this :
>>> logOption f /var/log/snmptraps.log
>>> authCommunity log,execute,net public
>>And where is this file located?

in /etc/snmp/snmptrapd.conf I set this lines

>>> and in this path : /etc/sysconfig/snmpd.options I set like this :
>>> OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x (MY IP)"
>>That file, and those options are relating to the SNMP agent ('snmpd').
>>They are nothing to do with either the trap receiver ('snmptrapd')
>>or the trap sender ('snmptrap').
>> Please don't confuse the various elements - they are different commands
>>used for different purposes, and controlled by different files.

but I read in conf instruction level to set this line for agent

>>> and also I turnd my IPtable off for test but I dont have anything in my
log
>>> file after I run snmptrap .
>>> I TEST my request in debian and I get true answer but in CentOS I
didn't get
>>> any answer
>>Please report *exactly* what you are doing.
>>There's simply not enough detail in what you have said so far.

I used this command for this work

# /etc/init.d/iptables stop

# chkconfig iptables off


thanks for your help
Dave Shield
2012-07-24 08:06:18 UTC
Permalink
On 24 July 2012 08:58, mohamad hosein jafari <***@gmail.com> wrote:
> I want to use snmptrap but I think first of all I should config snmptrapd on
> my server to receive snmp information on server .Am I Right???

Correct


> my snmptrapd.conf is in /etc/snmp/snmptrapd.conf

So why were you telling snmptrapd to look in /tmp ?
If your snmptrapd.conf file is under /etc/snmp
then try running

snmptrapd -f -Le

If that complains about "no access control"
(and *only* if it complains)
then try
snmptrapd -c /etc/snmp/snmptrapd.conf -f -Le
instead

Run those command(s) - and please report back what it says.


Dave
mohamad hosein jafari
2012-07-24 08:10:32 UTC
Permalink
I use these command

and I get this answer:

NET-SNMP version 5.3.2.2
couldn't open udp:162 -- errno 98 ("Address already in use")


On Tue, Jul 24, 2012 at 12:36 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 24 July 2012 08:58, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I want to use snmptrap but I think first of all I should config
> snmptrapd on
> > my server to receive snmp information on server .Am I Right???
>
> Correct
>
>
> > my snmptrapd.conf is in /etc/snmp/snmptrapd.conf
>
> So why were you telling snmptrapd to look in /tmp ?
> If your snmptrapd.conf file is under /etc/snmp
> then try running
>
> snmptrapd -f -Le
>
> If that complains about "no access control"
> (and *only* if it complains)
> then try
> snmptrapd -c /etc/snmp/snmptrapd.conf -f -Le
> instead
>
> Run those command(s) - and please report back what it says.
>
>
> Dave
>
Dave Shield
2012-07-24 08:11:43 UTC
Permalink
On 24 July 2012 09:10, mohamad hosein jafari <***@gmail.com> wrote:
> I use these command
>
> and I get this answer:
>
> NET-SNMP version 5.3.2.2
> couldn't open udp:162 -- errno 98 ("Address already in use")

OK - that shows you've already got a trap receiver running.
Shut that down, and try again

Dave
mohamad hosein jafari
2012-07-24 08:16:54 UTC
Permalink
you means I use Killall snmptrap command?


On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 24 July 2012 09:10, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I use these command
> >
> > and I get this answer:
> >
> > NET-SNMP version 5.3.2.2
> > couldn't open udp:162 -- errno 98 ("Address already in use")
>
> OK - that shows you've already got a trap receiver running.
> Shut that down, and try again
>
> Dave
>
mohamad hosein jafari
2012-07-24 08:19:20 UTC
Permalink
and why I can't find
/etc/default/snmptrap.conf

???

can you help me?

On Tue, Jul 24, 2012 at 12:46 PM, mohamad hosein jafari <
***@gmail.com> wrote:

> you means I use Killall snmptrap command?
>
>
> On Tue, Jul 24, 2012 at 12:41 PM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 24 July 2012 09:10, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> > I use these command
>> >
>> > and I get this answer:
>> >
>> > NET-SNMP version 5.3.2.2
>> > couldn't open udp:162 -- errno 98 ("Address already in use")
>>
>> OK - that shows you've already got a trap receiver running.
>> Shut that down, and try again
>>
>> Dave
>>
>
>
Dave Shield
2012-07-24 08:40:31 UTC
Permalink
On 24 July 2012 09:16, mohamad hosein jafari <***@gmail.com> wrote:
> you means I use Killall snmptrap command?

No
You are still getting confused between "snmptrap" and "snmptrapd"

"snmptrapd" is the trap receiver - the program that runs all the time, listening
for incoming traps and processing/logging them.
"snmptrap" is used for generating traps - a command-line tool that is run
individually.

snmptrap sends the trap to snmptrapd
Note the 'd' at the end of the name - this stands for "daemon".

It's the daemon (snmptrapd) that's running all the time,
which is blocking the (new) daemon that you are trying to start.
So it's the daemon that you need to shut down.

Try
killall snmptrapd

Please try to keep these two clear in your mind (and in your messages).
The potential for confusion if you mix them up is immense!

Dave
mohamad hosein jafari
2012-07-24 11:19:56 UTC
Permalink
Thank

yes I think because my agent and server is on 1 system

I do your instruction to kill snmptrapd and then I rewrite that
instruction snmptrapd -f -Le

but my output take long time and I didn't receive anything so I stopped it
this is my output

NET-SNMP version 5.3.2.2
2012-07-23 17:26:38 NET-SNMP version 5.3.2.2 Stopped.

--------------------------

On Tue, Jul 24, 2012 at 1:10 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 24 July 2012 09:16, mohamad hosein jafari <***@gmail.com>
> wrote:
> > you means I use Killall snmptrap command?
>
> No
> You are still getting confused between "snmptrap" and "snmptrapd"
>
> "snmptrapd" is the trap receiver - the program that runs all the time,
> listening
> for incoming traps and processing/logging them.
> "snmptrap" is used for generating traps - a command-line tool that is run
> individually.
>
> snmptrap sends the trap to snmptrapd
> Note the 'd' at the end of the name - this stands for "daemon".
>
> It's the daemon (snmptrapd) that's running all the time,
> which is blocking the (new) daemon that you are trying to start.
> So it's the daemon that you need to shut down.
>
> Try
> killall snmptrapd
>
> Please try to keep these two clear in your mind (and in your messages).
> The potential for confusion if you mix them up is immense!
>
> Dave
>
Dave Shield
2012-07-24 12:10:18 UTC
Permalink
On 24 July 2012 12:19, mohamad hosein jafari <***@gmail.com> wrote:
> yes I think because my agent and server is on 1 system

No - ther's absolutely no problem about running an SNMP agent
and a trap receiver on the same system. They are different
services, and listen on different network ports. They shouldn't
interfere with each other in the slightest.


> I do your instruction to kill snmptrapd and then I rewrite that
> instruction snmptrapd -f -Le

> this is my output
>
> NET-SNMP version 5.3.2.2

Good - that seems to be working.


> but my output take long time and I didn't receive anything so I stopped it

<sigh>
No - please don't do that.
You are quite correct - it's running for a "long time".
In fact it will keep running for ever, until you explicitly stop it.

That's the whole point - you are running this as a trap receiver.
It's expected to keep running - waiting to receive incoming traps,
and logging them. It will do that for as long as the system is up.
Eventually we'll look at having this run in the background,
but for the time being - let's concentrate on checking that
the basic sending/receiving of traps is working.


Please re-start the 'snmptrapd' command again,
and make sure it gives the same
NET-SNMP version 5.3.2.2
output. (With no mention of "access control")

Assuming that works, and while it is still running in one terminal window.
try running the
snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
\netSnmpExampleInteger i 123456
command you mentioned, in a different terminal window.

Do you see anything in the first window?


Dave
mohamad hosein jafari
2012-07-25 03:56:04 UTC
Permalink
yes I did it

and in the first window I got Log of my snmptrap instruction

thanks

But excuse me I have another question :
How I can senf snmptrap by windows Agent?
can you help me?

Thanks

On Tue, Jul 24, 2012 at 4:40 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 24 July 2012 12:19, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes I think because my agent and server is on 1 system
>
> No - ther's absolutely no problem about running an SNMP agent
> and a trap receiver on the same system. They are different
> services, and listen on different network ports. They shouldn't
> interfere with each other in the slightest.
>
>
> > I do your instruction to kill snmptrapd and then I rewrite that
> > instruction snmptrapd -f -Le
>
> > this is my output
> >
> > NET-SNMP version 5.3.2.2
>
> Good - that seems to be working.
>
>
> > but my output take long time and I didn't receive anything so I stopped
> it
>
> <sigh>
> No - please don't do that.
> You are quite correct - it's running for a "long time".
> In fact it will keep running for ever, until you explicitly stop it.
>
> That's the whole point - you are running this as a trap receiver.
> It's expected to keep running - waiting to receive incoming traps,
> and logging them. It will do that for as long as the system is up.
> Eventually we'll look at having this run in the background,
> but for the time being - let's concentrate on checking that
> the basic sending/receiving of traps is working.
>
>
> Please re-start the 'snmptrapd' command again,
> and make sure it gives the same
> NET-SNMP version 5.3.2.2
> output. (With no mention of "access control")
>
> Assuming that works, and while it is still running in one terminal window.
> try running the
> snmptrap -v 1 -c public 192.168.150.227
> NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
> \netSnmpExampleInteger i 123456
> command you mentioned, in a different terminal window.
>
> Do you see anything in the first window?
>
>
> Dave
>
Dave Shield
2012-07-25 07:59:29 UTC
Permalink
On 25 July 2012 04:56, mohamad hosein jafari <***@gmail.com> wrote:
> yes I did it
>
> and in the first window I got Log of my snmptrap instruction

Good - that's progress


> But excuse me I have another question :
> How I can senf snmptrap by windows Agent?
> can you help me?

Too hasty you are, young padawan.
Much to learn, you still have.
Rome, built in a day, wasn't
[Hmmm... that last one doesn't quite work somehow!]

You've taken the first step in setting up the receipt of traps,
but there's still a way to go.
The next two tasks (which are complementary, but
independent, so can be tackled in either order) are:

- sending a trap from the (local) agent
(rather than the command line 'snmptrap')
- running the trap receiver as a daemon,
not via the command line.

Let's look at the first one first.

Is there a file /etc/snmp/snmpd.conf ?
If so, does it contain a link of the form
"trapsink ...."
or
"trap2sink ....."
If so - what exactly does this look like?

If there isn't a file /etc/snmp/snmpd.conf,
then can you find a file called 'snmpd.conf'
somewhere else on the system?
If so, where?
Note that there may be more than one. Try
running "locate snmpd.conf" which should
report all of them (assuming this is set up right)
Same question - do any of these contain
'trapsink' (or similar) lines?

Dave
mohamad hosein jafari
2012-07-25 08:33:05 UTC
Permalink
yes :) I think I,m too hasty

because I have a limit time

I have snmpd.conf in this path and contain

# where to send v2 traps:

trap2sink (server_ip_address) public

# send traps on authentication failures

authtrapenable 1


But I have a force to send a trap by windows Agent (without get by
server Only sending trap by win agent)

can you help me in this step before continue?

I read this link and do config But I don't know how to manage MIB file
to sent as a trap

http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper


ThankS






On Wed, Jul 25, 2012 at 12:29 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 04:56, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes I did it
> >
> > and in the first window I got Log of my snmptrap instruction
>
> Good - that's progress
>
>
> > But excuse me I have another question :
> > How I can senf snmptrap by windows Agent?
> > can you help me?
>
> Too hasty you are, young padawan.
> Much to learn, you still have.
> Rome, built in a day, wasn't
> [Hmmm... that last one doesn't quite work somehow!]
>
> You've taken the first step in setting up the receipt of traps,
> but there's still a way to go.
> The next two tasks (which are complementary, but
> independent, so can be tackled in either order) are:
>
> - sending a trap from the (local) agent
> (rather than the command line 'snmptrap')
> - running the trap receiver as a daemon,
> not via the command line.
>
> Let's look at the first one first.
>
> Is there a file /etc/snmp/snmpd.conf ?
> If so, does it contain a link of the form
> "trapsink ...."
> or
> "trap2sink ....."
> If so - what exactly does this look like?
>
> If there isn't a file /etc/snmp/snmpd.conf,
> then can you find a file called 'snmpd.conf'
> somewhere else on the system?
> If so, where?
> Note that there may be more than one. Try
> running "locate snmpd.conf" which should
> report all of them (assuming this is set up right)
> Same question - do any of these contain
> 'trapsink' (or similar) lines?
>
> Dave
>
Dave Shield
2012-07-25 09:27:36 UTC
Permalink
On 25 July 2012 09:33, mohamad hosein jafari <***@gmail.com> wrote:
> yes :) I think I,m too hasty
> because I have a limit time

In which case, you can't affort to race ahead of yourself!

You should also get in the habit of providing the *full* information
that I ask for. That will save time currently wasted in forcing me to
ask additional questions to find out the details that you have omitted.


> I have snmpd.conf in this path

In which path?
What is the full location of this file?


> # where to send v2 traps:
>
> trap2sink (server_ip_address) public

Is this the exact line as it appears in the file?
Or is there an actual IP address there?
If so - what is it?


> But I have a force to send a trap by windows Agent (without get by server
> Only sending trap by win agent)
>
> can you help me in this step before continue?

No.
We can get there, but only by taking things in the correct order.
We need to ensure that sending/receipt of traps is working properly,
before looking at automatically generating traps from the agent.


> I read this link and do config But I don't know how to manage MIB file to
> sent as a trap
>
> http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper

Don't be so impatient!
Let's get the basic configuration correct first.

Dave
mohamad hosein jafari
2012-07-25 09:35:48 UTC
Permalink
>
>
> In which path?
> What is the full location of this file?
>
in the path that you said
/etc/snmp/snmpd.conf


> Is this the exact line as it appears in the file?
> Or is there an actual IP address there?
> If so - what is it?
>
> No I replaced my system IP address like 192......... by IP ADDRESS name

Thnks

> Dave
>
Dave Shield
2012-07-25 09:51:45 UTC
Permalink
On 25 July 2012 10:35, mohamad hosein jafari <***@gmail.com> wrote:
>> Is this the exact line as it appears in the file?
>> Or is there an actual IP address there?
>> If so - what is it?
>>
> No I replaced my system IP address like 192......... by IP ADDRESS name

<sigh>
When I ask for the exact line - then that is what I need to see.
Not something vague like "my system IP addres like 192...."
the *ACTUAL* IP address!
Please don't omit information just because you don't think it's
important. Give me the exact details - then I can ignore the
bits I don't need.

Given that the command-line 'snmptrap' was using the IP address
192.168.150.227, then I assume that the line in /etc/snmp/snmpd.conf
actually reads

trap2sink 192.168.150.227 public

Is this correct?

Dave
Dave Shield
2012-07-25 09:58:11 UTC
Permalink
On 25 July 2012 10:54, mohamad hosein jafari <***@gmail.com> wrote:
> yes . this is exactly :
> # where to send v2 traps:
> trap2sink 192.168.150.227 public
> # send traps on authentication failures
> authtrapenable 1

Right.

Assuming that the 'snmptrapd' command is still running in your first window,
(and if not, then restart this first, and check it's working using the
same 'snmptrap' command as before).
then please try restarting the 'snmp' agent.

I seem to remember that you said you were working with a CentOS box.
In which case, the command to do this should be

service snmpd restart

What do you see in the snmptrapd output?

Dave
mohamad hosein jafari
2012-07-25 10:04:22 UTC
Permalink
I restart it
and I saw in first window:

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10


On Wed, Jul 25, 2012 at 2:28 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 10:54, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes . this is exactly :
> > # where to send v2 traps:
> > trap2sink 192.168.150.227 public
> > # send traps on authentication failures
> > authtrapenable 1
>
> Right.
>
> Assuming that the 'snmptrapd' command is still running in your first
> window,
> (and if not, then restart this first, and check it's working using the
> same 'snmptrap' command as before).
> then please try restarting the 'snmp' agent.
>
> I seem to remember that you said you were working with a CentOS box.
> In which case, the command to do this should be
>
> service snmpd restart
>
> What do you see in the snmptrapd output?
>
> Dave
>
Dave Shield
2012-07-25 10:15:38 UTC
Permalink
On 25 July 2012 11:04, mohamad hosein jafari <***@gmail.com> wrote:
> I restart it
> and I saw in first window:
>
> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
> SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
> SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10

Good - so that's shown that agent -> manual snmptrapd is working properly.
The next thing is to look at getting the trap receiver to run as a daemon.

Kill off the snmptrapd command that you started earlier (using Ctrl-C
should do)
and run the command

service snmptrapd start

(as root). Then immediately afterwards, run the command

ls -ltr /var/log | tail

You should find that one or more of the files listed there have only just been
changed. Have a look at each of these - particularly the end of each file.
"tail -20 /var/log/messages" or similar should do the trick.


Can you find mention of 'snmptrapd' in any of these files?
If so, which?

Dave
mohamad hosein jafari
2012-07-25 10:39:22 UTC
Permalink
Yes I did it and I found this line
when I type this command : ls -ltr /var/log | tail

-rw-r--r-- 1 root root 25 Jul 24 14:09 snmptraps.log



On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 11:04, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I restart it
> > and I saw in first window:
> >
> > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
> > SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
> > SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
>
> Good - so that's shown that agent -> manual snmptrapd is working
> properly.
> The next thing is to look at getting the trap receiver to run as a daemon.
>
> Kill off the snmptrapd command that you started earlier (using Ctrl-C
> should do)
> and run the command
>
> service snmptrapd start
>
> (as root). Then immediately afterwards, run the command
>
> ls -ltr /var/log | tail
>
> You should find that one or more of the files listed there have only just
> been
> changed. Have a look at each of these - particularly the end of each
> file.
> "tail -20 /var/log/messages" or similar should do the trick.
>
>
> Can you find mention of 'snmptrapd' in any of these files?
> If so, which?
>
> Dave
>
mohamad hosein jafari
2012-07-25 10:52:36 UTC
Permalink
and when I use this command :
tail -20 /var/log/messages

I found :
Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2

as the last line

On Wed, Jul 25, 2012 at 3:09 PM, mohamad hosein jafari <
***@gmail.com> wrote:

> Yes I did it and I found this line
> when I type this command : ls -ltr /var/log | tail
>
> -rw-r--r-- 1 root root 25 Jul 24 14:09 snmptraps.log
>
>
>
> On Wed, Jul 25, 2012 at 2:45 PM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 25 July 2012 11:04, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> > I restart it
>> > and I saw in first window:
>> >
>> > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (97) 0:00:00.97
>> > SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart
>> > SNMPv2-MIB::snmpTrapEnterprise.0 = OID:
>> NET-SNMP-MIB::netSnmpAgentOIDs.10
>>
>> Good - so that's shown that agent -> manual snmptrapd is working
>> properly.
>> The next thing is to look at getting the trap receiver to run as a daemon.
>>
>> Kill off the snmptrapd command that you started earlier (using Ctrl-C
>> should do)
>> and run the command
>>
>> service snmptrapd start
>>
>> (as root). Then immediately afterwards, run the command
>>
>> ls -ltr /var/log | tail
>>
>> You should find that one or more of the files listed there have only just
>> been
>> changed. Have a look at each of these - particularly the end of each
>> file.
>> "tail -20 /var/log/messages" or similar should do the trick.
>>
>>
>> Can you find mention of 'snmptrapd' in any of these files?
>> If so, which?
>>
>> Dave
>>
>
>
Dave Shield
2012-07-25 11:15:57 UTC
Permalink
On 25 July 2012 11:52, mohamad hosein jafari <***@gmail.com> wrote:
> and when I use this command :
> tail -20 /var/log/messages
>
> I found :
> Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2
>
> as the last line


Right - so that's where incoming traps are being logged.
Now try the following:

* In one window, run
tail -f /var/log/messages

This command will show the last ten lines, and then "hang".
This is perfectly normal - just leave it hanging

* In a second window, restart the SNMP agent again
("service snmpd restart"), just as you did before.

You should see a trap logged in the first window,
with the same message as you saw earlier.

Does this happen?

Dave
mohamad hosein jafari
2012-07-25 11:21:00 UTC
Permalink
yes it happened

On Wed, Jul 25, 2012 at 3:45 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 11:52, mohamad hosein jafari <***@gmail.com>
> wrote:
> > and when I use this command :
> > tail -20 /var/log/messages
> >
> > I found :
> > Jul 24 14:09:43 my-pc snmptrapd[5079]: NET-SNMP version 5.3.2.2
> >
> > as the last line
>
>
> Right - so that's where incoming traps are being logged.
> Now try the following:
>
> * In one window, run
> tail -f /var/log/messages
>
> This command will show the last ten lines, and then "hang".
> This is perfectly normal - just leave it hanging
>
> * In a second window, restart the SNMP agent again
> ("service snmpd restart"), just as you did before.
>
> You should see a trap logged in the first window,
> with the same message as you saw earlier.
>
> Does this happen?
>
> Dave
>
Dave Shield
2012-07-25 11:32:33 UTC
Permalink
On 25 July 2012 12:21, mohamad hosein jafari <***@gmail.com> wrote:
> yes it happened

Good - so you know that the trap receiver is working properly.

Now you can start looking at your Windows machine!

Fire up a command window, and type the same 'snmptrap'
command that you used before (giving the same IP address)
Do you see anything on the "tail -f" output?

Dave
Dave Shield
2012-07-25 12:52:08 UTC
Permalink
On 25 July 2012 13:45, mohamad hosein jafari <***@gmail.com> wrote:
> yes I tried command on CMD
> but cmd can't find instruction
> and I didn't get any result

OK.
Have you got the Net-SNMP package installed on your Windows box?

If so, I believe the command will probably be something like

C:\usr\bin\snmptrap ......

Does that help at all?

Dave
mohamad hosein jafari
2012-07-25 13:04:51 UTC
Permalink
I downloaded for linux and windows
But I didn't install it on windows . does it need for windows agent to got
net-snmp? Is configuration step like tis link step on windows service not
Enough ؟؟(without using cmd?)
http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper


and if it need how can I install it?
this download link
http://sourceforge.net/projects/net-snmp/files/net-snmp/5.7.1/net-snmp-5.7.1.zip/download




On Wed, Jul 25, 2012 at 5:22 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 13:45, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes I tried command on CMD
> > but cmd can't find instruction
> > and I didn't get any result
>
> OK.
> Have you got the Net-SNMP package installed on your Windows box?
>
> If so, I believe the command will probably be something like
>
> C:\usr\bin\snmptrap ......
>
> Does that help at all?
>
> Dave
>
Dave Shield
2012-07-25 13:13:48 UTC
Permalink
On 25 July 2012 14:04, mohamad hosein jafari <***@gmail.com> wrote:
> I downloaded for linux and windows
> But I didn't install it on windows.

So you are using the Microsoft-provided SNMP agent,
rather than the Net-SNMP agent - is that correct?

That is quite an important distinction - so it's useful that we've
established this now. You would have got *very* confused
trying to follow instructions for the Net-SNMP agent, if you're
actually using the MS version!


> Is configuration step like tis link step on windows service not
> Enough ؟؟(without using cmd?)
> http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper

Probably - yes.
This list is for support of the Net-SNMP software, so we can't really help with
anyone else's products. But at first sight, those instructions look reasonable
for configuring the Windows agent to send traps to the receiver you've now
got running.

Follow those through (using the same IP address as before), and the
restart the Windows SNMP agent. I would expect to see a similar
log message being received by the snmptrapd daemon
(and hence appearing in /var/log/messages)


You shouldn't need to install the Net-SNMP agent on your Windows box,
if you're happy to use the Microsoft one.

Dave
mohamad hosein jafari
2012-07-25 13:23:06 UTC
Permalink
Yes I used Microsoft provided by that step that was in that link that I
sent before

So what is your opinion about it? My cmd don't know any snmp and snmptrap
command But I do microsoft configuration for snmp

what can I do?



On Wed, Jul 25, 2012 at 5:43 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 14:04, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I downloaded for linux and windows
> > But I didn't install it on windows.
>
> So you are using the Microsoft-provided SNMP agent,
> rather than the Net-SNMP agent - is that correct?
>
> That is quite an important distinction - so it's useful that we've
> established this now. You would have got *very* confused
> trying to follow instructions for the Net-SNMP agent, if you're
> actually using the MS version!
>
>
> > Is configuration step like tis link step on windows service not
> > Enough ؟؟(without using cmd?)
> >
> http://www.helpsystems.com/support/help-facts/configuring-windows-xp-send-snmp-traps-robottrapper
>
> Probably - yes.
> This list is for support of the Net-SNMP software, so we can't really help
> with
> anyone else's products. But at first sight, those instructions look
> reasonable
> for configuring the Windows agent to send traps to the receiver you've now
> got running.
>
> Follow those through (using the same IP address as before), and the
> restart the Windows SNMP agent. I would expect to see a similar
> log message being received by the snmptrapd daemon
> (and hence appearing in /var/log/messages)
>
>
> You shouldn't need to install the Net-SNMP agent on your Windows box,
> if you're happy to use the Microsoft one.
>
> Dave
>
Dave Shield
2012-07-25 13:43:38 UTC
Permalink
On 25 July 2012 14:23, mohamad hosein jafari <***@gmail.com> wrote:
> Yes I used Microsoft provided by that step that was in that link that I sent
> before
>
> So what is your opinion about it? My cmd don't know any snmp and snmptrap
> command But I do microsoft configuration for snmp
>
> what can I do?

Try following the instructions in that link, to set up the SNMP
service and configure it to send traps to 192.168.150.227

Then restart the Windows SNMP agent.

Do you see anything in the /var/log/messages file?

Dave
mohamad hosein jafari
2012-07-25 18:29:33 UTC
Permalink
Yes I did this config snmp service to 192.168.150.227
and after restart agent
I couldn't find this path ( /var/log/messages)in my windows command line .
why?
and also I couldn't see any new thing in my linux command line

On Wed, Jul 25, 2012 at 6:13 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 14:23, mohamad hosein jafari <***@gmail.com>
> wrote:
> > Yes I used Microsoft provided by that step that was in that link that I
> sent
> > before
> >
> > So what is your opinion about it? My cmd don't know any snmp and snmptrap
> > command But I do microsoft configuration for snmp
> >
> > what can I do?
>
> Try following the instructions in that link, to set up the SNMP
> service and configure it to send traps to 192.168.150.227
>
> Then restart the Windows SNMP agent.
>
> Do you see anything in the /var/log/messages file?
>
> Dave
>
Dave Shield
2012-07-25 23:09:07 UTC
Permalink
On 25 July 2012 19:29, mohamad hosein jafari <***@gmail.com> wrote:
> Yes I did this config snmp service to 192.168.150.227
> and after restart agent
> I couldn't find this path ( /var/log/messages)in my windows command line .
> why?

Think about what's happening here.
You are sending traps *from* the windows box *to* the Linux system.
The traps will be received by the Linux system, and logged to the
file /var/log/messages

Why would you look for this file on the Windows system?


> and also I couldn't see any new thing in my linux command line

Now do you see why I wanted you to try running things on the Linux box first?
Because I forced you to do this, we know that the trap receiver aspects
are working OK. So if the trap from the Windows agent isn't getting through,
the problem must lie somewhere else.

There are two basic possibilities - either the trap isn't being sent properly,
or it's being sent but not received. My suspicion is actually the latter.

Please try running the following command on the (receiving) Linux box:

iptables -I INPUT -p tcp --dport 162 -j ACCEPT

then re-start the Windows SNMP agent.
Do you see anything in the Linux /var/log/messages file?

Dave
mohamad hosein jafari
2012-07-26 04:51:58 UTC
Permalink
Yes
but my agent and server in once .

I set my snmp service to send trap on my IP then I went to my linux
(VmWare)
and I do setting about IPtable but I didn't see anything in linux log file

So I have a question:
IS THERE any different between Linux MIB file and windows MIB file? OR
should I have change on linux server to get windows server Trap????
(THIS question is very important fot me)

Thanks


On Thu, Jul 26, 2012 at 3:39 AM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 25 July 2012 19:29, mohamad hosein jafari <***@gmail.com>
> wrote:
> > Yes I did this config snmp service to 192.168.150.227
> > and after restart agent
> > I couldn't find this path ( /var/log/messages)in my windows command line
> .
> > why?
>
> Think about what's happening here.
> You are sending traps *from* the windows box *to* the Linux system.
> The traps will be received by the Linux system, and logged to the
> file /var/log/messages
>
> Why would you look for this file on the Windows system?
>
>
> > and also I couldn't see any new thing in my linux command line
>
> Now do you see why I wanted you to try running things on the Linux box
> first?
> Because I forced you to do this, we know that the trap receiver aspects
> are working OK. So if the trap from the Windows agent isn't getting
> through,
> the problem must lie somewhere else.
>
> There are two basic possibilities - either the trap isn't being sent
> properly,
> or it's being sent but not received. My suspicion is actually the latter.
>
> Please try running the following command on the (receiving) Linux box:
>
> iptables -I INPUT -p tcp --dport 162 -j ACCEPT
>
> then re-start the Windows SNMP agent.
> Do you see anything in the Linux /var/log/messages file?
>
> Dave
>
Dave Shield
2012-07-26 07:34:46 UTC
Permalink
On 26 July 2012 05:51, mohamad hosein jafari <***@gmail.com> wrote:
> I set my snmp service to send trap on my IP then I went to my linux (VmWare)
> and I do setting about IPtable but I didn't see anything in linux log file

Did you restart the Windows SNMP agent *after* running the "iptables" command?


> So I have a question:
> IS THERE any different between Linux MIB file and windows MIB file?

I'm sorry - that question just doesn't make sense.

Dave
mohamad hosein jafari
2012-07-26 07:44:00 UTC
Permalink
yes I did
but I didn't see anything in log file again
what is problem?


excuse me why my question "doesn't make sense" ??
I want to know should I do any config in my linux serever for receiving
trap from windows agent?

thanks
On Thu, Jul 26, 2012 at 12:04 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 05:51, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I set my snmp service to send trap on my IP then I went to my linux
> (VmWare)
> > and I do setting about IPtable but I didn't see anything in linux log
> file
>
> Did you restart the Windows SNMP agent *after* running the "iptables"
> command?
>
>
> > So I have a question:
> > IS THERE any different between Linux MIB file and windows MIB file?
>
> I'm sorry - that question just doesn't make sense.
>
> Dave
>
Dave Shield
2012-07-26 07:52:24 UTC
Permalink
On 26 July 2012 08:44, mohamad hosein jafari <***@gmail.com> wrote:
> yes I did
> but I didn't see anything in log file again
> what is problem?

I don't know - that's what we need to work out.

I seem to remember you saying that you have two Linux systems available
(one running CentOS, and one running Debian). Is that correct?

If so, can you please try the following:

On the trap receiver system, run the following:
tail -f /var/log/messages

On the same system (in another window), run the command
snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
\netSnmpExampleInteger i 123456
(we know this ought to work - this is just to confirm that you're
seeing the traps)
What do you see reported by the "tail" command?

Now on the other (Debian?) system, run the same
snmptrap -v 1 -c public 192.168.150.227
NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
\netSnmpExampleInteger i 123456
command.
What do you see reported by the "tail" command?


Dave
mohamad hosein jafari
2012-07-26 08:03:45 UTC
Permalink
yes that is right . that was my friend system that I checked on . but now I
don't have that system .
Is our problem is running snmptrap and receiver on one system??

thnks but can't you help me in our question about linux config? dosn't have
any difference between these two system?

thnks

On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 08:44, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes I did
> > but I didn't see anything in log file again
> > what is problem?
>
> I don't know - that's what we need to work out.
>
> I seem to remember you saying that you have two Linux systems available
> (one running CentOS, and one running Debian). Is that correct?
>
> If so, can you please try the following:
>
> On the trap receiver system, run the following:
> tail -f /var/log/messages
>
> On the same system (in another window), run the command
> snmptrap -v 1 -c public 192.168.150.227
> NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
> \netSnmpExampleInteger i 123456
> (we know this ought to work - this is just to confirm that you're
> seeing the traps)
> What do you see reported by the "tail" command?
>
> Now on the other (Debian?) system, run the same
> snmptrap -v 1 -c public 192.168.150.227
> NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
> \netSnmpExampleInteger i 123456
> command.
> What do you see reported by the "tail" command?
>
>
> Dave
>
Dave Shield
2012-07-26 08:17:19 UTC
Permalink
On 26 July 2012 09:03, mohamad hosein jafari <***@gmail.com> wrote:
> yes that is right . that was my friend system that I checked on . but now I
> don't have that system .
> Is our problem is running snmptrap and receiver on one system??

No - there is no problem with running both trap sender and trap receiver
on the same system. You've already seen that this works.
The current issue is with running trap sender and trap receiver on
*different* systems. This ought to be fine as well, but there's clearly a
problem somewhere, becuase it's currently not working.

That's what I'm trying to help you sort out.


> thnks but can't you help me in our question about linux config? dosn't have
> any difference between these two system?

I will help you with that *AFTER* we've fixed whatever is wrong with the
trap communication. As you should have realised by now, this is
painstaking work - and I do not have the time (or patience) to lead you
through both of these at the same time.
We're making progress on this one, so let's concentrate on it and get
it finished before getting distracted elsewhere.




Are you sure that you don't have access to any other Linux or Unix based
system that can talk to your CentOS box? It doesn't need any special
level of privilege - an ordinary account would be fine.

Dave
mohamad hosein jafari
2012-07-26 08:32:01 UTC
Permalink
Yes

I test It AND I saw log in my log file :)

Thank you . I got result

Is there any work to do?

On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 09:03, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes that is right . that was my friend system that I checked on . but
> now I
> > don't have that system .
> > Is our problem is running snmptrap and receiver on one system??
>
> No - there is no problem with running both trap sender and trap receiver
> on the same system. You've already seen that this works.
> The current issue is with running trap sender and trap receiver on
> *different* systems. This ought to be fine as well, but there's clearly a
> problem somewhere, becuase it's currently not working.
>
> That's what I'm trying to help you sort out.
>
>
> > thnks but can't you help me in our question about linux config? dosn't
> have
> > any difference between these two system?
>
> I will help you with that *AFTER* we've fixed whatever is wrong with the
> trap communication. As you should have realised by now, this is
> painstaking work - and I do not have the time (or patience) to lead you
> through both of these at the same time.
> We're making progress on this one, so let's concentrate on it and get
> it finished before getting distracted elsewhere.
>
>
>
>
> Are you sure that you don't have access to any other Linux or Unix based
> system that can talk to your CentOS box? It doesn't need any special
> level of privilege - an ordinary account would be fine.
>
> Dave
>
mohamad hosein jafari
2012-07-26 08:37:21 UTC
Permalink
but what is problem in running it in one system?

On Thu, Jul 26, 2012 at 1:02 PM, mohamad hosein jafari <
***@gmail.com> wrote:

> Yes
>
> I test It AND I saw log in my log file :)
>
> Thank you . I got result
>
> Is there any work to do?
>
>
> On Thu, Jul 26, 2012 at 12:47 PM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 26 July 2012 09:03, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> > yes that is right . that was my friend system that I checked on . but
>> now I
>> > don't have that system .
>> > Is our problem is running snmptrap and receiver on one system??
>>
>> No - there is no problem with running both trap sender and trap receiver
>> on the same system. You've already seen that this works.
>> The current issue is with running trap sender and trap receiver on
>> *different* systems. This ought to be fine as well, but there's clearly
>> a
>> problem somewhere, becuase it's currently not working.
>>
>> That's what I'm trying to help you sort out.
>>
>>
>> > thnks but can't you help me in our question about linux config? dosn't
>> have
>> > any difference between these two system?
>>
>> I will help you with that *AFTER* we've fixed whatever is wrong with the
>> trap communication. As you should have realised by now, this is
>> painstaking work - and I do not have the time (or patience) to lead you
>> through both of these at the same time.
>> We're making progress on this one, so let's concentrate on it and get
>> it finished before getting distracted elsewhere.
>>
>>
>>
>>
>> Are you sure that you don't have access to any other Linux or Unix based
>> system that can talk to your CentOS box? It doesn't need any special
>> level of privilege - an ordinary account would be fine.
>>
>> Dave
>>
>
>
Dave Shield
2012-07-26 08:40:21 UTC
Permalink
On 26 July 2012 09:37, mohamad hosein jafari <***@gmail.com> wrote:
> but what is problem in running it in one system?

There isn't. What makes you think there might be?

We've already shown that this works.
Why do you think there's still a problem?

Dave
Dave Shield
2012-07-26 08:43:16 UTC
Permalink
On 26 July 2012 09:32, mohamad hosein jafari <***@gmail.com> wrote:
> I test It AND I saw log in my log file :)
> Thank you . I got result
>
> Is there any work to do?

You could start by telling me *what* you tested,
and what you saw?

Is this from another Linux system?
Sending traps from the Windows box?
or what?

I cannot read your mind - if you don't tell me the details
of what you're doing, it is very hard to help you.
And it's also much slower - you claim to be in a hurry,
and working to a deadline, but this sort of vague report
just makes things worse.

Dave
mohamad hosein jafari
2012-07-26 08:46:40 UTC
Permalink
excuse me

I send trap with other windows agent and saw log file in my linux log file

On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 09:32, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I test It AND I saw log in my log file :)
> > Thank you . I got result
> >
> > Is there any work to do?
>
> You could start by telling me *what* you tested,
> and what you saw?
>
> Is this from another Linux system?
> Sending traps from the Windows box?
> or what?
>
> I cannot read your mind - if you don't tell me the details
> of what you're doing, it is very hard to help you.
> And it's also much slower - you claim to be in a hurry,
> and working to a deadline, but this sort of vague report
> just makes things worse.
>
> Dave
>
mohamad hosein jafari
2012-07-26 08:48:07 UTC
Permalink
the output is :

2012-07-24 19:15:42 192.168.1.2(via UDP: [192.168.1.2]:58885) TRAP, SNMP
v1, community public
SNMPv2-SMI::enterprises.311.1.1.3.1.1 Link Up Trap (0) Uptime:
0:00:17.63
IF-MIB::ifIndex.37 = INTEGER: 37

in my log file

On Thu, Jul 26, 2012 at 1:16 PM, mohamad hosein jafari <
***@gmail.com> wrote:

> excuse me
>
> I send trap with other windows agent and saw log file in my linux log file
>
>
> On Thu, Jul 26, 2012 at 1:13 PM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 26 July 2012 09:32, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> > I test It AND I saw log in my log file :)
>> > Thank you . I got result
>> >
>> > Is there any work to do?
>>
>> You could start by telling me *what* you tested,
>> and what you saw?
>>
>> Is this from another Linux system?
>> Sending traps from the Windows box?
>> or what?
>>
>> I cannot read your mind - if you don't tell me the details
>> of what you're doing, it is very hard to help you.
>> And it's also much slower - you claim to be in a hurry,
>> and working to a deadline, but this sort of vague report
>> just makes things worse.
>>
>> Dave
>>
>
>
Dave Shield
2012-07-26 09:04:16 UTC
Permalink
On 26 July 2012 09:46, mohamad hosein jafari <***@gmail.com> wrote:
> I send trap with other windows agent and saw log file in my linux log file


So you are now in a state where you can send traps from your
Windows box to a trap receiver. Good

*NOW* you can start to think about what traps you want to generate
and when they should be sent. Given that you're using the Microsoft
SNMP agent, I'm not sure how much further help we can give you.
But I'm happy to help you clarify your ideas before going to someone
who understands the MS system better than we do.

So what are you trying to do here?

Dave
mohamad hosein jafari
2012-07-26 09:14:13 UTC
Permalink
Thank you so much for your helps

Now I set snmptrap config on my first windows system like this link
http://www.helpsystems.com/support/help-facts/configuring-windows-nt-send-snmp-traps-robottrapper


and I selected all service under the agent tab . I want agent that send
trap to my server every time continually . and I receive that log by my
server and save them on server system . So what configs should I do on my
linux server or windows agent in addition of this link ?

thnks

On Thu, Jul 26, 2012 at 1:34 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 09:46, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I send trap with other windows agent and saw log file in my linux log
> file
>
>
> So you are now in a state where you can send traps from your
> Windows box to a trap receiver. Good
>
> *NOW* you can start to think about what traps you want to generate
> and when they should be sent. Given that you're using the Microsoft
> SNMP agent, I'm not sure how much further help we can give you.
> But I'm happy to help you clarify your ideas before going to someone
> who understands the MS system better than we do.
>
> So what are you trying to do here?
>
> Dave
>
Dave Shield
2012-07-26 09:18:55 UTC
Permalink
On 26 July 2012 10:14, mohamad hosein jafari <***@gmail.com> wrote:
> I want agent that send trap to my server every time continually.

But *what* traps do you want the agent to send?
An SNMP trap is used to report some event or condition.
What events and conditions are you interested in?


> and I receive that log by my server
> and save them on server system . So what configs should I do on my linux
> server or windows agent in addition of this link ?

You've got the configuration in place on the Linux side to receive traps.
You've got the configuration in place on the Windows side about
*where* to send the traps.
All you are missing now is the information about *what* traps to send
(and hence when to send them)

Dave
mohamad hosein jafari
2012-07-26 09:39:08 UTC
Permalink
This work is in other step of our works
but I think we should get IDS logs from other agent and save them in our
log file(server log file)

so I should configure server completely for getting trap from linux and
windows agents continually

because of this I asked you "is any difference between linux MIB and
windows?" . I think now is time for this question and config our server
completely .


On Thu, Jul 26, 2012 at 1:48 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 10:14, mohamad hosein jafari <***@gmail.com>
> wrote:
> > I want agent that send trap to my server every time continually.
>
> But *what* traps do you want the agent to send?
> An SNMP trap is used to report some event or condition.
> What events and conditions are you interested in?
>
>
> > and I receive that log by my
> server
> > and save them on server system . So what configs should I do on my linux
> > server or windows agent in addition of this link ?
>
> You've got the configuration in place on the Linux side to receive traps.
> You've got the configuration in place on the Windows side about
> *where* to send the traps.
> All you are missing now is the information about *what* traps to send
> (and hence when to send them)
>
> Dave
>
Dave Shield
2012-07-26 09:50:48 UTC
Permalink
On 26 July 2012 10:39, mohamad hosein jafari <***@gmail.com> wrote:
> because of this I asked you "is any difference between linux MIB and windows?"

OK - let's address that question, then.

What do you mean by "Linux MIB" and "Windows MIB" ?

The reason that I said the question didn't make sense, is
that as far as I'm aware there is no such thing as a "Linux MIB".
There may be a "Windows MIB" (though frankly I'd be surprised)

There are a whole lot of MIBs that have been defined (both standard
and private), each concerned with a small, relatively focussed area of
infomation. Any given SNMP agent will implement a number of these
MIBs - depending on exactly how it has been coded/configured/etc.
(And it's also possible for this collection of supported MIBs to change
dynamically, as subagents are added/removed).


But there's no such thing (AFAIK) as "a Linux MIB" or "a Windows MIB".

Dave
mohamad hosein jafari
2012-07-26 10:01:06 UTC
Permalink
yes My means by saying "linux MIB" is MIB format for linux system

I asked when windows agent send snmp trap as MIB files Is any configure for
my linux server for getting it or no?
Or is linux MIB format is equal to windows MIB format or no?
and my config for getting trap from windows agent was finishe?


On Thu, Jul 26, 2012 at 2:20 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 10:39, mohamad hosein jafari <***@gmail.com>
> wrote:
> > because of this I asked you "is any difference between linux MIB and
> windows?"
>
> OK - let's address that question, then.
>
> What do you mean by "Linux MIB" and "Windows MIB" ?
>
> The reason that I said the question didn't make sense, is
> that as far as I'm aware there is no such thing as a "Linux MIB".
> There may be a "Windows MIB" (though frankly I'd be surprised)
>
> There are a whole lot of MIBs that have been defined (both standard
> and private), each concerned with a small, relatively focussed area of
> infomation. Any given SNMP agent will implement a number of these
> MIBs - depending on exactly how it has been coded/configured/etc.
> (And it's also possible for this collection of supported MIBs to change
> dynamically, as subagents are added/removed).
>
>
> But there's no such thing (AFAIK) as "a Linux MIB" or "a Windows MIB".
>
> Dave
>
Dave Shield
2012-07-26 10:13:13 UTC
Permalink
On 26 July 2012 11:01, mohamad hosein jafari <***@gmail.com> wrote:
> My means by saying "linux MIB" is MIB format for linux system

The format of MIB files is standard - it will be the same on
Linux, Windows, Mac OS, etc, etc.



> I asked when windows agent send snmp trap as MIB files

Again - that doesn't make send.
An agent doesn't send an SNMP trap as a MIB file.
The MIB file defines the name, contents and meaning of the trap.

But a trap is perfectly valid without the corresponding MIB file.
You can detect and log it, even if you don't have the MIB file.
The only difference is that things will be recorded using
numeric OIDs rather than MIB names. (And named values
will use the numeric value, rather than the corresponding name).

You get the same information regardless - you just lose some
of the readability.


> Is any configure for my linux server for getting it or no?

If you have the relevant MIB files, then you can install these
on the linux side in the usual manner. See the on-line
documentation for details.


> Or is linux MIB format is equal to windows MIB format or no?

Yes - the format is the same.


> and my config for getting trap from windows agent was finishe?

If you are now receiving traps from your Windows agent
(such as the coldStart trap when the agent first starts up)
then yes - I believe the configuration is finished.

Dave
mohamad hosein jafari
2012-07-26 15:32:35 UTC
Permalink
Thanks

>> If you have the relevant MIB files, then you can install these
>>on the linux side in the usual manner. See the on-line
>>documentation for details.

Can you help me about this more??

And I have another question : Is any script for windows to set all snmp
config that we can use it to set all config on windows?

Thanks

On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 11:01, mohamad hosein jafari <***@gmail.com>
> wrote:
> > My means by saying "linux MIB" is MIB format for linux system
>
> The format of MIB files is standard - it will be the same on
> Linux, Windows, Mac OS, etc, etc.
>
>
>
> > I asked when windows agent send snmp trap as MIB files
>
> Again - that doesn't make send.
> An agent doesn't send an SNMP trap as a MIB file.
> The MIB file defines the name, contents and meaning of the trap.
>
> But a trap is perfectly valid without the corresponding MIB file.
> You can detect and log it, even if you don't have the MIB file.
> The only difference is that things will be recorded using
> numeric OIDs rather than MIB names. (And named values
> will use the numeric value, rather than the corresponding name).
>
> You get the same information regardless - you just lose some
> of the readability.
>
>
> > Is any configure for my linux server for getting it or no?
>
> If you have the relevant MIB files, then you can install these
> on the linux side in the usual manner. See the on-line
> documentation for details.
>
>
> > Or is linux MIB format is equal to windows MIB format or no?
>
> Yes - the format is the same.
>
>
> > and my config for getting trap from windows agent was finishe?
>
> If you are now receiving traps from your Windows agent
> (such as the coldStart trap when the agent first starts up)
> then yes - I believe the configuration is finished.
>
> Dave
>
mohamad hosein jafari
2012-07-26 15:36:53 UTC
Permalink
thanks
>>But a trap is perfectly valid without the corresponding MIB file.
>>You can detect and log it, even if you don't have the MIB file.
>> The only difference is that things will be recorded using
>>numeric OIDs rather than MIB names. (And named values
>>will use the numeric value, rather than the corresponding name).

>>You get the same information regardless - you just lose some
>>of the readability.

>> If you have the relevant MIB files, then you can install these
> >>on the linux side in the usual manner. See the on-line
> >>documentation for details.
>
> Can you help me about this more??
>
> And I have another question : Is any script for windows to set all snmp
> config that we can use it to set all config on windows?
>
> Thanks
>
> On Thu, Jul 26, 2012 at 2:43 PM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 26 July 2012 11:01, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> > My means by saying "linux MIB" is MIB format for linux system
>>
>> The format of MIB files is standard - it will be the same on
>> Linux, Windows, Mac OS, etc, etc.
>>
>>
>>
>> > I asked when windows agent send snmp trap as MIB files
>>
>> Again - that doesn't make send.
>> An agent doesn't send an SNMP trap as a MIB file.
>> The MIB file defines the name, contents and meaning of the trap.
>>
>> But a trap is perfectly valid without the corresponding MIB file.
>> You can detect and log it, even if you don't have the MIB file.
>> The only difference is that things will be recorded using
>> numeric OIDs rather than MIB names. (And named values
>> will use the numeric value, rather than the corresponding name).
>>
>> You get the same information regardless - you just lose some
>> of the readability.
>>
>>
>> > Is any configure for my linux server for getting it or no?
>>
>> If you have the relevant MIB files, then you can install these
>> on the linux side in the usual manner. See the on-line
>> documentation for details.
>>
>>
>> > Or is linux MIB format is equal to windows MIB format or no?
>>
>> Yes - the format is the same.
>>
>>
>> > and my config for getting trap from windows agent was finishe?
>>
>> If you are now receiving traps from your Windows agent
>> (such as the coldStart trap when the agent first starts up)
>> then yes - I believe the configuration is finished.
>>
>> Dave
>>
>
>
Dave Shield
2012-07-26 19:48:55 UTC
Permalink
On 26 July 2012 16:32, mohamad hosein jafari <***@gmail.com> wrote:
>>> If you have the relevant MIB files, then you can install these
>>>on the linux side in the usual manner. See the on-line
>>>documentation for details.
>
> Can you help me about this more??

Basically, just copy the new MIB files into the directory
where the rest of them live.
Typically this will be something like /usr/share/snmp/mibs
for a vendor-supplied setup.


> And I have another question : Is any script for windows to set all snmp
> config that we can use it to set all config on windows?

Sorry - I've no idea.
I don't have much to do with Windows administration.

Dave
mohamad hosein jafari
2012-07-26 20:15:19 UTC
Permalink
Thank you so much again

>>Basically, just copy the new MIB files into the directory
>>where the rest of them live.
>> Typically this will be something like /usr/share/snmp/mibs
>>for a vendor-supplied setup

for example for my work that I said you before should I do anything about
MIB?
(receive some IDS log from windows or liux agent and save them on my linux
serever )


On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 16:32, mohamad hosein jafari <***@gmail.com>
> wrote:
> >>> If you have the relevant MIB files, then you can install these
> >>>on the linux side in the usual manner. See the on-line
> >>>documentation for details.
> >
> > Can you help me about this more??
>
> Basically, just copy the new MIB files into the directory
> where the rest of them live.
> Typically this will be something like /usr/share/snmp/mibs
> for a vendor-supplied setup.
>
>
> > And I have another question : Is any script for windows to set all snmp
> > config that we can use it to set all config on windows?
>
> Sorry - I've no idea.
> I don't have much to do with Windows administration.
>
> Dave
>
mohamad hosein jafari
2012-07-27 12:31:17 UTC
Permalink
Thank you so much again

>>Basically, just copy the new MIB files into the directory
>>where the rest of them live.
>> Typically this will be something like /usr/share/snmp/mibs
>>for a vendor-supplied setup

for example for my work that I said you before should I do anything about
MIB?
(receive some IDS log from windows or liux agent and save them on my linux
serever )

On Fri, Jul 27, 2012 at 12:45 AM, mohamad hosein jafari <
***@gmail.com> wrote:

> Thank you so much again
>
> >>Basically, just copy the new MIB files into the directory
> >>where the rest of them live.
> >> Typically this will be something like /usr/share/snmp/mibs
> >>for a vendor-supplied setup
>
> for example for my work that I said you before should I do anything about
> MIB?
> (receive some IDS log from windows or liux agent and save them on my linux
> serever )
>
>
> On Fri, Jul 27, 2012 at 12:18 AM, Dave Shield <***@liverpool.ac.uk>wrote:
>
>> On 26 July 2012 16:32, mohamad hosein jafari <***@gmail.com>
>> wrote:
>> >>> If you have the relevant MIB files, then you can install these
>> >>>on the linux side in the usual manner. See the on-line
>> >>>documentation for details.
>> >
>> > Can you help me about this more??
>>
>> Basically, just copy the new MIB files into the directory
>> where the rest of them live.
>> Typically this will be something like /usr/share/snmp/mibs
>> for a vendor-supplied setup.
>>
>>
>> > And I have another question : Is any script for windows to set all snmp
>> > config that we can use it to set all config on windows?
>>
>> Sorry - I've no idea.
>> I don't have much to do with Windows administration.
>>
>> Dave
>>
>
>
mohamad hosein jafari
2012-07-26 08:04:25 UTC
Permalink
yes that is right . that was my friend system that I checked on . but now I
don't have that system .
Is our problem is running snmptrap and receiver on one system??

thnks but can't you help me in our question about linux config? dosn't have
any difference between these two system?

thnks

On Thu, Jul 26, 2012 at 12:22 PM, Dave Shield <***@liverpool.ac.uk>wrote:

> On 26 July 2012 08:44, mohamad hosein jafari <***@gmail.com>
> wrote:
> > yes I did
> > but I didn't see anything in log file again
> > what is problem?
>
> I don't know - that's what we need to work out.
>
> I seem to remember you saying that you have two Linux systems available
> (one running CentOS, and one running Debian). Is that correct?
>
> If so, can you please try the following:
>
> On the trap receiver system, run the following:
> tail -f /var/log/messages
>
> On the same system (in another window), run the command
> snmptrap -v 1 -c public 192.168.150.227
> NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
> \netSnmpExampleInteger i 123456
> (we know this ought to work - this is just to confirm that you're
> seeing the traps)
> What do you see reported by the "tail" command?
>
> Now on the other (Debian?) system, run the same
> snmptrap -v 1 -c public 192.168.150.227
> NET-SNMP-EXAMPLES-MIB::netSnmpExampleNotification "" 6 17 ""
> \netSnmpExampleInteger i 123456
> command.
> What do you see reported by the "tail" command?
>
>
> Dave
>
Continue reading on narkive:
Loading...