[erlang-questions] SNMP v3 usmStatsNotInTimeWindows error

Dominik Pawlak <>
Sun Sep 11 01:09:09 CEST 2016


Hello Devangana,
Basically, you just have to perform the sync_get once more. I observed 
similar behavior in OTP 17.1 (snmp 4.25.1). The first request will 
always fail because the manager is not fully configured to communicate 
with the agent (more on that below).

A longer explanation:

In snmp v3 there is a process called 'discovery', which should be 
performed before secure communication with the agent can be established. 
It is described here:

https://tools.ietf.org/html/rfc3414#section-4

The snmp library in OTP does not implement that process (at least not as 
described in the RFC).
This process has two steps: 'snmpEngineID discovery' and 'time 
synchronization'.
The first step is skipped altogether in OTP - you have to provide engine 
id upfront.
The second step is performed by the first request - it will always fail 
with the 'usmStatsNotInTimeWindows' error report message, but it will 
set the required 'msgAuthoritativeEngineBoots' and 
'msgAuthoritativeEngineTime' in the manager.

Best,
Dominik

On 10.09.2016 06:48, Devangana Tarafdar wrote:
> Hello,
>
> I am trying to connect to a third party SNMP agent, using snmp manager 
> (snmp v3) ( in the erlang 19 release snmp 5.2.3) and I am running into 
> a problem where the agent is returning this error on the manager 
> calling sync_get:
>
>
> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>    handle_snmp_report -> entry with
>    Domain:  snmpUDPDomain
>    Addr:    {{xx,xxx,xxx,xxx},161}
>    ReqId:   37078226
>    Rep:     {invalid_sec_info,[{sec_level,3,1},
>  {request_id,37078226,2147483647}]}
>    Pdu:     {pdu,report,2147483647,noError,0,
>  [{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}
> *** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***
>    handle_snmp_report -> found corresponding request:
>    reply to sync request
>    Ref:    #Ref<0.0.4.210>
>    ModRef: #Ref<0.0.4.211>
>    From:   {<0.3.0>,#Ref<0.0.4.202>}
> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>    handle_snmp_pdu(get-response) -> Remaining: 4979
> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>    handle_snmp_report -> deliver reply
>
> {error,{invalid_sec_info,[{sec_level,3,1},{request_id,37078226,2147483647}],{noError,0,[{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}}}
>
> *** [2016:09:08 21:26:00 831]
>
> Where [1,3,6,1,6,3,15,1,1,2,0]  maps to "usmStatsNotInTimeWindows" 
> (from http://www.oid-info.com/)
>
> I have attached a  wireshark trace for the snmp part of this exchange.
>
> I am invoking the snmpm module functions through a basic script as 
> follows (using tips from the tutorial at
> https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start )
> .........
> ..........
>    ok = application:start(crypto),
>    ok = application:start(snmp),
>
>    Userid = "snmp3user",
>    Agent_target = "testagent",
>    Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,176],
>    Agent_ip = {xx,xxx,xxx,xxx},
>    Agent_port = 161 ,
>    Secure_name= Userid,
>
>    Security_level = 'authPriv',
>    Security_model = 'usm',
>    Agent_version = 'v3',
>    Auth_protocol = 'usmHMACSHAAuthProtocol',
>    Priv_protocol = 'usmAesCfb128Protocol',
>
>    % this is 16 in length
>    Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
>
>    % this is 20 in length
>    Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
>
>    ok = snmpm:register_user(Userid,snmpm_user_default,[]),
>    ok = snmpm:register_usm_user(Agent_engine_id, Userid, [
>                                {auth, Auth_protocol},
>                                {auth_key,Auth_key_local},
>                                {priv, Priv_protocol},
>                                {priv_key,Priv_key_local },
>                                {sec_name, Secure_name}
>                          ]),
>    ok = snmpm:register_agent(Userid, Agent_target ,[
>                                                     {engine_id,Agent_engine_id},
>                                                     {address, Agent_ip},
>                                                     {port, Agent_port},
>                                                     {version,Agent_version},
>                                                     {sec_model,Security_model},
>                                                     {sec_name,Secure_name},
>                                                     {sec_level, Security_level}
>                                 ]),
>    Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,3,7,2]]),
> ........................
> ........................
> Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !
>
>
> Thanks,
> Devangana
>
>
>
>
>
>
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160911/f4c9439f/attachment.html>


More information about the erlang-questions mailing list