[erlang-questions] SNMP v3 usmStatsNotInTimeWindows error
Devangana Tarafdar
devangana@REDACTED
Sat Sep 10 06:48:20 CEST 2016
Hello,
I am trying to connect to a third party SNMP agent, using snmp manager
(snmp v3) ( in the erlang 19 release snmp 5.2.3) and I am running into a
problem where the agent is returning this error on the manager calling
sync_get:
*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
handle_snmp_report -> entry with
Domain: snmpUDPDomain
Addr: {{xx,xxx,xxx,xxx},161}
ReqId: 37078226
Rep: {invalid_sec_info,[{sec_level,3,1},
{request_id,37078226,2147483647}]}
Pdu: {pdu,report,2147483647,noError,0,
[{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}
*** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***
handle_snmp_report -> found corresponding request:
reply to sync request
Ref: #Ref<0.0.4.210>
ModRef: #Ref<0.0.4.211>
From: {<0.3.0>,#Ref<0.0.4.202>}
*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
handle_snmp_pdu(get-response) -> Remaining: 4979
*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
handle_snmp_report -> deliver reply
{error,{invalid_sec_info,[{sec_level,3,1},{request_id,37078226,2147483647}],{noError,0,[{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}}}
*** [2016:09:08 21:26:00 831]
Where [1,3,6,1,6,3,15,1,1,2,0] maps to "usmStatsNotInTimeWindows" (from
http://www.oid-info.com/)
I have attached a wireshark trace for the snmp part of this exchange.
I am invoking the snmpm module functions through a basic script as follows
(using tips from the tutorial at
https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start )
.........
..........
ok = application:start(crypto),
ok = application:start(snmp),
Userid = "snmp3user",
Agent_target = "testagent",
Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,176],
Agent_ip = {xx,xxx,xxx,xxx},
Agent_port = 161 ,
Secure_name= Userid,
Security_level = 'authPriv',
Security_model = 'usm',
Agent_version = 'v3',
Auth_protocol = 'usmHMACSHAAuthProtocol',
Priv_protocol = 'usmAesCfb128Protocol',
% this is 16 in length
Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
% this is 20 in length
Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
ok = snmpm:register_user(Userid,snmpm_user_default,[]),
ok = snmpm:register_usm_user(Agent_engine_id, Userid, [
{auth, Auth_protocol},
{auth_key,Auth_key_local},
{priv, Priv_protocol},
{priv_key,Priv_key_local },
{sec_name, Secure_name}
]),
ok = snmpm:register_agent(Userid, Agent_target ,[
{engine_id,Agent_engine_id},
{address, Agent_ip},
{port, Agent_port},
{version,Agent_version},
{sec_model,Security_model},
{sec_name,Secure_name},
{sec_level, Security_level}
]),
Res0 = snmpm:sync_get(Userid, Agent_target,
[[1,3,6,1,4,1,9,10,19,1,1,9,1,3,7,2]]), ........................
........................
Can anyone please tell me what I am doing wrong here ? Any tips would
be appreciated !
Thanks,
Devangana
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160909/6e5ceaf1/attachment.htm>
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 2016-09-08 16:26:00.813592 xxxxxxxxxxxx xxxxxxxxxxxxx SNMP 182 encryptedPDU: privKey Unknown
Frame 1: 182 bytes on wire (1456 bits), 182 bytes captured (1456 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxxxxxx)
Internet Protocol Version 4, Src: xxxxxxxxxxxx (xxxxxxxxxxxx), Dst: xxxxxxxxxxxxx (xxxxxxxxxxxxx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 876803614
msgMaxSize: 484
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800000080200001c42396cb0
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: ciscoSystems (9)
Engine ID Format: MAC address (3)
Engine ID Data: Cisco type: Agent (0x00)
Engine ID Data: MAC address: Cisco_28:6c:b0 (00:1b:53:28:6c:b0)
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 0
msgUserName: snmp3user
msgAuthenticationParameters: 55735044a3ef1173dfbd47d1
msgPrivacyParameters: 0000000000000001
msgData: encryptedPDU (1)
encryptedPDU: 8044fe23c8fdcb813c4ec7b4c969d72a594e836044d5f872...
~
=======================
No. Time Source Destination Protocol Length Info
2 2016-09-08 16:26:00.825555 xxxxxxxxxxx xxxxxxxxxxx SNMP 170 report 1.3.6.1.6.3.15.1.1.2.0
Frame 2: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxxxx), Dst: Dell_5abb:91 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xxxxxxxxxxx (xxxxxxxxxxx), Dst: xxxxxxxxxxx (xxxxxxxxxxx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: commplex-main (5000)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 876803614
msgMaxSize: 1500
msgFlags: 01
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800000080200001c42396cb0
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: ciscoSystems (9)
Engine ID Format: MAC address (3)
Engine ID Data: Cisco type: Agent (0x00)
Engine ID Data: MAC address: Cisco_28:6c:b0 (xxxxxxxxxxxxxx)
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 57632386
msgUserName: snmp3user
msgAuthenticationParameters: 6606b8b6f7fc4e85c9c9dbb6
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: 800000080200001c42396cb0
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: ciscoSystems (9)
Engine ID Format: MAC address (3)
Engine ID Data: Cisco type: Agent (0x00)
Engine ID Data: MAC address: Cisco_28:6c:b0 (xxxxxxxxxxxxxxx)
contextName:
data: report (8)
report
request-id: 2147483647
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
1.3.6.1.6.3.15.1.1.2.0: 33
Object Name: 1.3.6.1.6.3.15.1.1.2.0 (iso.3.6.1.6.3.15.1.1.2.0)
Value (Counter32): 33
More information about the erlang-questions
mailing list