<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hello Devangana,<br>
    Hard to tell, but I see that you haven't specified any context in
    your sync_get. Are you sure it is not needed? I would also double
    check the engine id and security configuration.<br>
    Have you managed to connect to that agent from something other than
    OTP (say snmpb, snmpget)?<br>
    If so, you can compare in Wireshark, the snmp requests from erlang
    and from that tool. You can even enter your snmp credentials in
    Wireshark and it will decode encrypted messages.<br>
    I hope any of this helps.<br>
    <br>
    Best<br>
    Dominik<br>
    <br>
    <div class="moz-cite-prefix">On 11.09.2016 16:46, Devangana Tarafdar
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAHfHLPWaT9BFh=MU+5vksrGGgUQ=mtb7PjVn+b44mvU4Cc=JgQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hello Dominik,
        <div><br>
        </div>
        <div>Thanks you for the reply.</div>
        <div><br>
        </div>
        <div>I  sent another sync_get after the first as you suggested.
          The wireshark trace shows the manager has updated the <span
            style="font-size:12.8px">'msgAuthoritativeEngineBoots' and
            'msgAuthoritativeEngineTime' to the values sent by the Agent
            as you pointed out. But now the agent does not respond at
            all and the sync_get fails with a timeout. I tried adding a
            second's sleep between the 2 gets as well. I don't have
            access currently to the agent's logs or configuration but
            have you seen this before ?</span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">Thanks !</span></div>
        <div><span style="font-size:12.8px">Devangana</span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Sat, Sep 10, 2016 at 6:09 PM,
          Dominik Pawlak <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:dominik_pawlak@yahoo.co.uk" target="_blank">dominik_pawlak@yahoo.co.uk</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"> Hello Devangana,<br>
              Basically, you just have to perform the sync_get once
              more. I observed similar behavior in OTP 17.1 (snmp
              4.25.1). The first request will always fail because the
              manager is not fully configured to communicate with the
              agent (more on that below).<br>
              <br>
              A longer explanation:<br>
              <br>
              In snmp v3 there is a process called 'discovery', which
              should be performed before secure communication with the
              agent can be established. It is described here:<br>
              <br>
              <a moz-do-not-send="true"
                href="https://tools.ietf.org/html/rfc3414#section-4"
                rel="nofollow" target="_blank">https://tools.ietf.org/html/<wbr>rfc3414#section-4</a><br>
              <br>
              The snmp library in OTP does not implement that process
              (at least not as described in the RFC). <br>
              This process has two steps: 'snmpEngineID discovery' and
              'time synchronization'.<br>
              The first step is skipped altogether in OTP - you have to
              provide engine id upfront.<br>
              The second step is performed by the first request - it
              will always fail with the 'usmStatsNotInTimeWindows' error
              report message, but it will set the required
              'msgAuthoritativeEngineBoots' and
              'msgAuthoritativeEngineTime' in the manager.<br>
              <br>
              Best,<br>
              Dominik
              <div>
                <div class="h5"><br>
                  <br>
                  <div>On 10.09.2016 06:48, Devangana Tarafdar wrote:<br>
                  </div>
                </div>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">Hello,
                      <div><br>
                      </div>
                      <div>I am trying to connect to a third party SNMP
                        agent, using snmp manager (snmp v3) ( in the
                        erlang 19 release snmp 5.2.3) and I am running
                        into a problem where the agent is returning this
                        error on the manager calling sync_get:</div>
                      <div><br>
                      </div>
                      <div><br>
                      </div>
                      <div>
                        <div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
                          TRACE ***</div>
                        <div>   handle_snmp_report -> entry with</div>
                        <div>   Domain:  snmpUDPDomain</div>
                        <div>   Addr:    {{xx,xxx,xxx,xxx},161}</div>
                        <div>   ReqId:   37078226</div>
                        <div>   Rep:     {invalid_sec_info,[{sec_level,<wbr>3,1},</div>
                        <div>                             
                           {request_id,37078226,<a
                            moz-do-not-send="true" href="tel:2147483647"
                            value="+12147483647" target="_blank">21474836<wbr>47</a>}]}</div>
                        <div>   Pdu:     {pdu,report,<a
                            moz-do-not-send="true" href="tel:2147483647"
                            value="+12147483647" target="_blank">2147483647</a>,<wbr>noError,0,</div>
                        <div>               
                           [{varbind,[1,3,6,1,6,3,15,1,<wbr>1,2,0],'Counter32',33,1}]}</div>
                        <div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
                          DEBUG ***</div>
                        <div>   handle_snmp_report -> found
                          corresponding request:</div>
                        <div>   reply to sync request</div>
                        <div>   Ref:    #Ref<0.0.4.210></div>
                        <div>   ModRef: #Ref<0.0.4.211></div>
                        <div>   From:  
                          {<0.3.0>,#Ref<0.0.4.202>}</div>
                        <div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
                          TRACE ***</div>
                        <div>   handle_snmp_pdu(get-response) ->
                          Remaining: 4979</div>
                        <div>*** [2016:09:08 21:26:00 830] SNMP M-SERVER
                          TRACE ***</div>
                        <div>   handle_snmp_report -> deliver reply</div>
                        <div><br>
                        </div>
                        <div>{error,{invalid_sec_info,[{<wbr>sec_level,3,1},{request_id,<wbr>37078226,<a
                            moz-do-not-send="true" href="tel:2147483647"
                            value="+12147483647" target="_blank">2147483647</a>}],{<wbr>noError,0,[{varbind,[1,3,6,1,<wbr>6,3,15,1,1,2,0],'Counter32',<wbr>33,1}]}}}</div>
                        <div><br>
                        </div>
                        <div>*** [2016:09:08 21:26:00 831] </div>
                      </div>
                      <div><br>
                      </div>
                      Where [1,3,6,1,6,3,15,1,1,2,0]  maps to
                      "usmStatsNotInTimeWindows" (from <a
                        moz-do-not-send="true"
                        href="http://www.oid-info.com/" target="_blank">http://www.oid-info.com/</a><wbr>)
                      <div><br>
                      </div>
                      <div>I have attached a  wireshark trace for the
                        snmp part of this exchange.</div>
                      <div><br>
                      </div>
                      <div>I am invoking the snmpm module functions
                        through a basic script as follows (using tips
                        from the tutorial at</div>
                      <div><a moz-do-not-send="true"
                          href="https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start"
                          target="_blank">https://erlangcentral.org/<wbr>wiki/index.php?title=SNMP_<wbr>Quick_Start</a>
                        )<br>
                      </div>
                      <div>.........</div>
                      <div>..........</div>
                      <div>
                        <pre style="color:rgb(0,0,0)">  ok = application:start(crypto),
  ok = application:start(snmp),

  Userid = "snmp3user",
  Agent_target = "testagent",
  Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,<wbr>176],
  Agent_ip = {xx,xxx,xxx,xxx},  
  Agent_port = 161 ,
  Secure_name= Userid,

  Security_level = 'authPriv',
  Security_model = 'usm',
  Agent_version = 'v3',
  Auth_protocol = 'usmHMACSHAAuthProtocol',
  Priv_protocol = 'usmAesCfb128Protocol',

  % this is 16 in length 
  Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),

  % this is 20 in length
  Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),

  ok = snmpm:register_user(Userid,<wbr>snmpm_user_default,[]),  </pre>
          <pre style="color:rgb(0,0,0)">  ok = snmpm:register_usm_user(Agent_<wbr>engine_id, Userid, [
                              {auth, Auth_protocol},
                              {auth_key,Auth_key_local},
                              {priv, Priv_protocol}, 
                              {priv_key,Priv_key_local },
                              {sec_name, Secure_name} 
                        ]),
  ok = snmpm:register_agent(Userid, Agent_target ,[
                                                   {engine_id,Agent_engine_id}, 
                                                   {address, Agent_ip}, 
                                                   {port, Agent_port}, 
                                                   {version,Agent_version}, 
                                                   {sec_model,Security_model}, 
                                                   {sec_name,Secure_name},
                                                   {sec_level, Security_level}</pre>
          <pre style="color:rgb(0,0,0)">                               ]),
  Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,<wbr>3,7,2]]),
<span style="font-family:arial,sans-serif;color:rgb(34,34,34)">   ........................</span></pre>
          <pre style="color:rgb(0,0,0)"><span style="font-family:arial,sans-serif;color:rgb(34,34,34)">  ........................</span></pre>
          <pre>Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !<font color="#000000">
</font></pre>
        </div>
        <div>

        </div>
        <div>

        </div>
        <div>Thanks,

          Devangana</div>
        <div>

        </div>
        <div>

        </div>
        <div>

        </div>
        <div>

        </div>
        <div>

        </div>
        <div>

        </div>
      </div>
      

      <fieldset></fieldset>
      

      </div></div><pre>______________________________<wbr>_________________
erlang-questions mailing list
<a moz-do-not-send="true" href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>
<a moz-do-not-send="true" href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a>
</pre>
    </blockquote>
    

  </div>

</blockquote></div>
</div>



</blockquote>
</body></html>