<div dir="ltr">Hello Dominik,<div><br></div><div>Thanks you for the reply.</div><div><br></div><div>I sent another sync_get after the first as you suggested. The wireshark trace shows the manager has updated the <span style="font-size:12.8px">'msgAuthoritativeEngineBoots' and 'msgAuthoritativeEngineTime' to the values sent by the Agent as you pointed out. But now the agent does not respond at all and the sync_get fails with a timeout. I tried adding a second's sleep between the 2 gets as well. I don't have access currently to the agent's logs or configuration but have you seen this before ?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks !</span></div><div><span style="font-size:12.8px">Devangana</span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Sep 10, 2016 at 6:09 PM, Dominik Pawlak <span dir="ltr"><<a href="mailto:dominik_pawlak@yahoo.co.uk" target="_blank">dominik_pawlak@yahoo.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hello Devangana,<br>
Basically, you just have to perform the sync_get once more. I
observed similar behavior in OTP 17.1 (snmp 4.25.1). The first
request will always fail because the manager is not fully configured
to communicate with the agent (more on that below).<br>
<br>
A longer explanation:<br>
<br>
In snmp v3 there is a process called 'discovery', which should be
performed before secure communication with the agent can be
established. It is described here:<br>
<br>
<a href="https://tools.ietf.org/html/rfc3414#section-4" rel="nofollow" target="_blank">https://tools.ietf.org/html/<wbr>rfc3414#section-4</a><br>
<br>
The snmp library in OTP does not implement that process (at least
not as described in the RFC). <br>
This process has two steps: 'snmpEngineID discovery' and 'time
synchronization'.<br>
The first step is skipped altogether in OTP - you have to provide
engine id upfront.<br>
The second step is performed by the first request - it will always
fail with the 'usmStatsNotInTimeWindows' error report message, but
it will set the required 'msgAuthoritativeEngineBoots' and
'msgAuthoritativeEngineTime' in the manager.<br>
<br>
Best,<br>
Dominik<div><div class="h5"><br>
<br>
<div>On 10.09.2016 06:48, Devangana Tarafdar
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hello,
<div><br>
</div>
<div>I am trying to connect to a third party SNMP agent, using
snmp manager (snmp v3) ( in the erlang 19 release snmp
5.2.3) and I am running into a problem where the agent is
returning this error on the manager calling sync_get:</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***</div>
<div> handle_snmp_report -> entry with</div>
<div> Domain: snmpUDPDomain</div>
<div> Addr: {{xx,xxx,xxx,xxx},161}</div>
<div> ReqId: 37078226</div>
<div> Rep: {invalid_sec_info,[{sec_level,<wbr>3,1},</div>
<div>
{request_id,37078226,<a href="tel:2147483647" value="+12147483647" target="_blank">21474836<wbr>47</a>}]}</div>
<div> Pdu: {pdu,report,<a href="tel:2147483647" value="+12147483647" target="_blank">2147483647</a>,<wbr>noError,0,</div>
<div>
[{varbind,[1,3,6,1,6,3,15,1,<wbr>1,2,0],'Counter32',33,1}]}</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***</div>
<div> handle_snmp_report -> found corresponding request:</div>
<div> reply to sync request</div>
<div> Ref: #Ref<0.0.4.210></div>
<div> ModRef: #Ref<0.0.4.211></div>
<div> From: {<0.3.0>,#Ref<0.0.4.202>}</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***</div>
<div> handle_snmp_pdu(get-response) -> Remaining: 4979</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***</div>
<div> handle_snmp_report -> deliver reply</div>
<div><br>
</div>
<div>{error,{invalid_sec_info,[{<wbr>sec_level,3,1},{request_id,<wbr>37078226,<a href="tel:2147483647" value="+12147483647" target="_blank">2147483647</a>}],{<wbr>noError,0,[{varbind,[1,3,6,1,<wbr>6,3,15,1,1,2,0],'Counter32',<wbr>33,1}]}}}</div>
<div><br>
</div>
<div>*** [2016:09:08 21:26:00 831] </div>
</div>
<div><br>
</div>
Where [1,3,6,1,6,3,15,1,1,2,0] maps to
"usmStatsNotInTimeWindows" (from <a href="http://www.oid-info.com/" target="_blank">http://www.oid-info.com/</a><wbr>)
<div><br>
</div>
<div>I have attached a wireshark trace for the snmp part of
this exchange.</div>
<div><br>
</div>
<div>I am invoking the snmpm module functions through a basic
script as follows (using tips from the tutorial at</div>
<div><a href="https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start" target="_blank">https://erlangcentral.org/<wbr>wiki/index.php?title=SNMP_<wbr>Quick_Start</a>
)<br>
</div>
<div>.........</div>
<div>..........</div>
<div>
<pre style="color:rgb(0,0,0)"> ok = application:start(crypto),
ok = application:start(snmp),
Userid = "snmp3user",
Agent_target = "testagent",
Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,<wbr>176],
Agent_ip = {xx,xxx,xxx,xxx},
Agent_port = 161 ,
Secure_name= Userid,
Security_level = 'authPriv',
Security_model = 'usm',
Agent_version = 'v3',
Auth_protocol = 'usmHMACSHAAuthProtocol',
Priv_protocol = 'usmAesCfb128Protocol',
% this is 16 in length
Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
% this is 20 in length
Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
ok = snmpm:register_user(Userid,<wbr>snmpm_user_default,[]), </pre>
<pre style="color:rgb(0,0,0)"> ok = snmpm:register_usm_user(Agent_<wbr>engine_id, Userid, [
{auth, Auth_protocol},
{auth_key,Auth_key_local},
{priv, Priv_protocol},
{priv_key,Priv_key_local },
{sec_name, Secure_name}
]),
ok = snmpm:register_agent(Userid, Agent_target ,[
{engine_id,Agent_engine_id},
{address, Agent_ip},
{port, Agent_port},
{version,Agent_version},
{sec_model,Security_model},
{sec_name,Secure_name},
{sec_level, Security_level}</pre>
<pre style="color:rgb(0,0,0)"> ]),
Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,<wbr>3,7,2]]),
<span style="font-family:arial,sans-serif;color:rgb(34,34,34)"> ........................</span></pre>
<pre style="color:rgb(0,0,0)"><span style="font-family:arial,sans-serif;color:rgb(34,34,34)"> ........................</span></pre>
<pre>Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !<font color="#000000">
</font></pre>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,<br>
Devangana</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
erlang-questions mailing list
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>