<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello Devangana,<br>
Hard to tell, but I see that you haven't specified any context in
your sync_get. Are you sure it is not needed? I would also double
check the engine id and security configuration.<br>
Have you managed to connect to that agent from something other than
OTP (say snmpb, snmpget)?<br>
If so, you can compare in Wireshark, the snmp requests from erlang
and from that tool. You can even enter your snmp credentials in
Wireshark and it will decode encrypted messages.<br>
I hope any of this helps.<br>
<br>
Best<br>
Dominik<br>
<br>
<div class="moz-cite-prefix">On 11.09.2016 16:46, Devangana Tarafdar
wrote:<br>
</div>
<blockquote
cite="mid:CAHfHLPWaT9BFh=MU+5vksrGGgUQ=mtb7PjVn+b44mvU4Cc=JgQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hello Dominik,
<div><br>
</div>
<div>Thanks you for the reply.</div>
<div><br>
</div>
<div>I sent another sync_get after the first as you suggested.
The wireshark trace shows the manager has updated the <span
style="font-size:12.8px">'msgAuthoritativeEngineBoots' and
'msgAuthoritativeEngineTime' to the values sent by the Agent
as you pointed out. But now the agent does not respond at
all and the sync_get fails with a timeout. I tried adding a
second's sleep between the 2 gets as well. I don't have
access currently to the agent's logs or configuration but
have you seen this before ?</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Thanks !</span></div>
<div><span style="font-size:12.8px">Devangana</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Sep 10, 2016 at 6:09 PM,
Dominik Pawlak <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dominik_pawlak@yahoo.co.uk" target="_blank">dominik_pawlak@yahoo.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hello Devangana,<br>
Basically, you just have to perform the sync_get once
more. I observed similar behavior in OTP 17.1 (snmp
4.25.1). The first request will always fail because the
manager is not fully configured to communicate with the
agent (more on that below).<br>
<br>
A longer explanation:<br>
<br>
In snmp v3 there is a process called 'discovery', which
should be performed before secure communication with the
agent can be established. It is described here:<br>
<br>
<a moz-do-not-send="true"
href="https://tools.ietf.org/html/rfc3414#section-4"
rel="nofollow" target="_blank">https://tools.ietf.org/html/<wbr>rfc3414#section-4</a><br>
<br>
The snmp library in OTP does not implement that process
(at least not as described in the RFC). <br>
This process has two steps: 'snmpEngineID discovery' and
'time synchronization'.<br>
The first step is skipped altogether in OTP - you have to
provide engine id upfront.<br>
The second step is performed by the first request - it
will always fail with the 'usmStatsNotInTimeWindows' error
report message, but it will set the required
'msgAuthoritativeEngineBoots' and
'msgAuthoritativeEngineTime' in the manager.<br>
<br>
Best,<br>
Dominik
<div>
<div class="h5"><br>
<br>
<div>On 10.09.2016 06:48, Devangana Tarafdar wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hello,
<div><br>
</div>
<div>I am trying to connect to a third party SNMP
agent, using snmp manager (snmp v3) ( in the
erlang 19 release snmp 5.2.3) and I am running
into a problem where the agent is returning this
error on the manager calling sync_get:</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
TRACE ***</div>
<div> handle_snmp_report -> entry with</div>
<div> Domain: snmpUDPDomain</div>
<div> Addr: {{xx,xxx,xxx,xxx},161}</div>
<div> ReqId: 37078226</div>
<div> Rep: {invalid_sec_info,[{sec_level,<wbr>3,1},</div>
<div>
{request_id,37078226,<a
moz-do-not-send="true" href="tel:2147483647"
value="+12147483647" target="_blank">21474836<wbr>47</a>}]}</div>
<div> Pdu: {pdu,report,<a
moz-do-not-send="true" href="tel:2147483647"
value="+12147483647" target="_blank">2147483647</a>,<wbr>noError,0,</div>
<div>
[{varbind,[1,3,6,1,6,3,15,1,<wbr>1,2,0],'Counter32',33,1}]}</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
DEBUG ***</div>
<div> handle_snmp_report -> found
corresponding request:</div>
<div> reply to sync request</div>
<div> Ref: #Ref<0.0.4.210></div>
<div> ModRef: #Ref<0.0.4.211></div>
<div> From:
{<0.3.0>,#Ref<0.0.4.202>}</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
TRACE ***</div>
<div> handle_snmp_pdu(get-response) ->
Remaining: 4979</div>
<div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
TRACE ***</div>
<div> handle_snmp_report -> deliver reply</div>
<div><br>
</div>
<div>{error,{invalid_sec_info,[{<wbr>sec_level,3,1},{request_id,<wbr>37078226,<a
moz-do-not-send="true" href="tel:2147483647"
value="+12147483647" target="_blank">2147483647</a>}],{<wbr>noError,0,[{varbind,[1,3,6,1,<wbr>6,3,15,1,1,2,0],'Counter32',<wbr>33,1}]}}}</div>
<div><br>
</div>
<div>*** [2016:09:08 21:26:00 831] </div>
</div>
<div><br>
</div>
Where [1,3,6,1,6,3,15,1,1,2,0] maps to
"usmStatsNotInTimeWindows" (from <a
moz-do-not-send="true"
href="http://www.oid-info.com/" target="_blank">http://www.oid-info.com/</a><wbr>)
<div><br>
</div>
<div>I have attached a wireshark trace for the
snmp part of this exchange.</div>
<div><br>
</div>
<div>I am invoking the snmpm module functions
through a basic script as follows (using tips
from the tutorial at</div>
<div><a moz-do-not-send="true"
href="https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start"
target="_blank">https://erlangcentral.org/<wbr>wiki/index.php?title=SNMP_<wbr>Quick_Start</a>
)<br>
</div>
<div>.........</div>
<div>..........</div>
<div>
<pre style="color:rgb(0,0,0)"> ok = application:start(crypto),
ok = application:start(snmp),
Userid = "snmp3user",
Agent_target = "testagent",
Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,<wbr>176],
Agent_ip = {xx,xxx,xxx,xxx},
Agent_port = 161 ,
Secure_name= Userid,
Security_level = 'authPriv',
Security_model = 'usm',
Agent_version = 'v3',
Auth_protocol = 'usmHMACSHAAuthProtocol',
Priv_protocol = 'usmAesCfb128Protocol',
% this is 16 in length
Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
% this is 20 in length
Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
ok = snmpm:register_user(Userid,<wbr>snmpm_user_default,[]), </pre>
<pre style="color:rgb(0,0,0)"> ok = snmpm:register_usm_user(Agent_<wbr>engine_id, Userid, [
{auth, Auth_protocol},
{auth_key,Auth_key_local},
{priv, Priv_protocol},
{priv_key,Priv_key_local },
{sec_name, Secure_name}
]),
ok = snmpm:register_agent(Userid, Agent_target ,[
{engine_id,Agent_engine_id},
{address, Agent_ip},
{port, Agent_port},
{version,Agent_version},
{sec_model,Security_model},
{sec_name,Secure_name},
{sec_level, Security_level}</pre>
<pre style="color:rgb(0,0,0)"> ]),
Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,<wbr>3,7,2]]),
<span style="font-family:arial,sans-serif;color:rgb(34,34,34)"> ........................</span></pre>
<pre style="color:rgb(0,0,0)"><span style="font-family:arial,sans-serif;color:rgb(34,34,34)"> ........................</span></pre>
<pre>Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !<font color="#000000">
</font></pre>
</div>
<div>
</div>
<div>
</div>
<div>Thanks,
Devangana</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
</div>
<fieldset></fieldset>
</div></div><pre>______________________________<wbr>_________________
erlang-questions mailing list
<a moz-do-not-send="true" href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>
<a moz-do-not-send="true" href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a>
</pre>
</blockquote>
</div>
</blockquote></div>
</div>
</blockquote>
</body></html>