[mrtg] Fwd: Fwd: MRTG& SNMPv3

Tom Smyth tom.smyth at wirelessconnect.eu
Thu Apr 25 12:37:25 CEST 2013 

Hi Daniel,  All
I really appreciate your Help

I carried out your suggestion and used TCP DUMP and Wire Shark

I found the Context engine ID which appears to be 80003a8c04

But there appears a difference between snmpwalk and cfgmaker + SNMPv3,

after the initial discovery,  when cfg maker is run the authoritiveengine
boots and authoritiveenginetime appears to be zeroed out (when Cfg maker
sends data after the initial response form the router )  (while the correct
values are sent by snmp walk )

( I have attached2 screenshots of the wireshark  of the SNMPv3 Conversatons
compared with MRTG Cfgmaker and Snmpwalk



I have  run the command below

cfgmaker --enablesnmpv3 --contextengineid=0x80003a8c04
--username=Read_Only_Secure --authpassword=testtest --authprotocol=sha
--privpassword=testtest --privprotocol=des --community=Read_Only_Secure
--snmp-options=:::::3 Read_Only_Secure at 10.17.1.250

and I get this error  from cfgmaker

SNMPWALK Problem for 1.3.6.1.2.1.1 on
Read_Only_Secure at 10.17.1.250:::::3:v4only:
Expected OCTET STRING, but found OBJECT IDENTIFIER at
/usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 1805
        Net_SNMP_util::snmpwalk_flg('Read_Only_Secure at 10.17.1.250:::::3:v4only',
undef, 'HASH(0x89d8ca8)', 1.3.6.1.2.1.1) called at
/usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 766
        Net_SNMP_util::snmpwalk('Read_Only_Secure at 10.17.1.250:::::3:v4only',
'HASH(0x89d8ca8)', 1.3.6.1.2.1.1) called at /usr/bin/cfgmaker line 950
        main::DeviceInfo('Read_Only_Secure at 10.17.1.250:::::3',
'HASH(0x89d8d08)', 'HASH(0x89d8ca8)') called at /usr/bin/cfgmaker line 137
        main::main() called at /usr/bin/cfgmaker line 155
WARNING: Skipping Read_Only_Secure at 10.17.1.250:::::3 as no info could be
retrieved


I run the the exact same command beow  command below


cfgmaker --enablesnmpv3 --contextengineid=0x80003a8c04
--username=Read_Only_Secure --authpassword=testtest --authprotocol=sha
--privpassword=testtest --privprotocol=des --community=Read_Only_Secure
--snmp-options=:::::3 Read_Only_Secure at 10.17.1.250

and I get this  *different* error  from cfgmaker


SNMPWALK Problem for 1.3.6.1.2.1.1 on
Read_Only_Secure at 10.17.1.250:::::3:v4only:
The ASN.1 type 0x84 is unknown at /usr/bin/../lib/mrtg2/Net_SNMP_util.pm
line 1805
        Net_SNMP_util::snmpwalk_flg('Read_Only_Secure at 10.17.1.250:::::3:v4only',
undef, 'HASH(0xa422ca8)', 1.3.6.1.2.1.1) called at
/usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 766
        Net_SNMP_util::snmpwalk('Read_Only_Secure at 10.17.1.250:::::3:v4only',
'HASH(0xa422ca8)', 1.3.6.1.2.1.1) called at /usr/bin/cfgmaker line 950
        main::DeviceInfo('Read_Only_Secure at 10.17.1.250:::::3',
'HASH(0xa422d08)', 'HASH(0xa422ca8)') called at /usr/bin/cfgmaker line 137
        main::main() called at /usr/bin/cfgmaker line 155
WARNING: Skipping Read_Only_Secure at 10.17.1.250:::::3 as no info could be
retrieved



Below is the Debug output from our router ... which complains about Time
windows and Engine Boots (even though I never configured them

02:18:59 snmp,debug v3 err: 3 unknown engine id
02:18:59 snmp packet from: 10.64.34.77 version: 3
02:18:59 snmp user: Read_Only_Secure
02:18:59 snmp,debug v3 err: 1 not in time window or incorrect engine boots
02:18:59 snmp packet from: 10.64.34.77 version: 3
02:18:59 snmp user: Read_Only_Secure
02:18:59 snmp,debug getnextgetbulk .1.3.6.1.2.1.1 reps:c nonreps:0
02:19:15 snmp packet from: 10.64.34.77 version: 3
02:19:15 snmp user:
02:19:15 snmp,debug v3 err: 3 unknown engine id
02:19:15 snmp packet from: 10.64.34.77 version: 3
02:19:15 snmp user: Read_Only_Secure
02:19:15 snmp,debug v3 err: 1 not in time window or incorrect engine boots
02:19:15 snmp packet from: 10.64.34.77 version: 3
02:19:15 snmp user: Read_Only_Secure
02:19:15 snmp,debug getnextgetbulk .1.3.6.1.2.1.1 reps:c nonreps:0
02:20:11 snmp packet from: 10.64.34.77 version: 3
02:20:11 snmp user:
02:20:11 snmp,debug v3 err: 3 unknown engine id
02:20:11 snmp packet from: 10.64.34.77 version: 3
02:20:11 snmp user: Read_Only_Secure
02:20:11 snmp,debug v3 err: 1 not in time window or incorrect engine boots
02:20:11 snmp packet from: 10.64.34.77 version: 3
02:20:11 snmp user: Read_Only_Secure
02:20:11 snmp,debug getnextgetbulk .1.3.6.1.2.1.1 reps:c nonreps:0
02:20:31 snmp packet from: 10.64.34.77 version: 3
02:20:31 snmp user:
02:20:31 snmp,debug v3 err: 3 unknown engine id
02:20:31 snmp packet from: 10.64.34.77 version: 3
02:20:31 snmp user: Read_Only_Secure
02:20:31 snmp,debug v3 err: 1 not in time window or incorrect engine boots
02:20:31 snmp packet from: 10.64.34.77 version: 3
02:20:31 snmp user: Read_Only_Secure
02:20:31 snmp,debug getnextgetbulk .1.3.6.1.2.1.1 reps:c nonreps:0



On Wed, Apr 24, 2013 at 3:22 PM, Daniel McDonald <
dan.mcdonald at austinenergy.com> wrote:

>
> On 4/23/13 7:47 PM, "Tom Smyth" <tom.smyth at wirelessconnect.eu> wrote:
>
> >
> > Hi Lads,
> >
> > I was wondering if someone could help me, I have a query about how to get
> > Cfgmaker and MRTG to talk SNMPv3
> >
> > with Privacy and Authentication enabled, to a Router.
> >
> > I can snmp walk the router  fine...  I just cant get mrtg + snmpv3
> working...
> >
> > I know it may not be straight forward but Im looking for a fully worked
> snmp
> > example... I am willing to pay someone for this so you can contact me on
> my
> > email regarding this...  or if you dont want to be paid more money I will
> > Dontate more money to the project...
>
> I normally sniff an interactive poll to determine the engineid.  The
> net-snmp-utils library doesn¹t detect it properly, but snmpwalk does.   You
> don't even need correct credentials:
>
> $ tcpdump -vvv -x host somehost &
> tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> $ snmpwalk -v3 -u foofoo -l authpriv -A 12345678 -X 12345678 somehost
>
> 09:13:05.621967 IP (tos 0x0, ttl 64, id 9037, offset 0, flags [none], proto
> UDP (17), length 92, bad cksum 0 (->85d0)!)
>     10.10.207.244.57070 > elroy-probe.austin-energy.net.snmp: [bad udp
> cksum
> 6c33!]  { SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E=  C= {
> GetRequest(14) R=1116332740  } } }
>     0x0000:  4500 005c 234d 0000 4011 0000 0a0a cff4
>     0x0010:  0a02 ed73 deee 00a1 0048 d1cd 303e 0201
>     0x0020:  0330 1102 0455 d8d3 a002 0300 ffe3 0401
>     0x0030:  0402 0103 0410 300e 0400 0201 0002 0100
>     0x0040:  0400 0400 0400 3014 0400 0400 a00e 0204
>     0x0050:  4289 e2c4 0201 0002 0100 3000
> 09:13:05.683814 IP (tos 0x0, ttl 247, id 0, offset 0, flags [DF], proto UDP
> (17), length 120)
>     elroy-probe.austin-energy.net.snmp > 10.10.207.244.57070: [udp sum ok]
> { SNMPv3 { F= } { USM B=7 T=2922798 U= } { ScopedPDU E=  C= { Report(29)
> R=0
> S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=11458 } } }
>     0x0000:  4500 0078 0000 4000 f711 b200 0a02 ed73
>     0x0010:  0a0a cff4 00a1 deee 0064 10f6 305a 0201
>     0x0020:  0330 1102 0455 d8d3 a002 0300 ffe3 0401
>     0x0030:  0002 0103 041d 301b 040b 8000 43dd 0300
>     0x0040:  1985 e03e ce02 0107 0203 2c99 2e04 0004
>     0x0050:  0004 0030 2304 0004 00a8 1d02 0100 0201
>     0x0060:  0002 0100 3012 3010 060a 2b06 0106 030f
>     0x0070:  0101 0400 4102 2cc2
> 09:13:05.684078 IP (tos 0x0, ttl 64, id 3357
>
> The engineID is in offset 0x003A and the length is specified in 0x0039.
> Wireshark will break that out for you... TCPdump not-so-much...  In this
> case:
> 800043dd03001985e03ece
>
> Now I can add --engineid=800043dd03001985e03ece to cfgmaker and discover it
> fine.
>
>
> >
> > I currently have the following packages installed  on a Centos 6.4 i386
> box
> > mrtg-2.16.2-7.el6.i686
> > mrtg-libs-2.16.2-7.el6.i686
> >
> > net-snmp-utils-5.5-44.el6.i686
> > net-snmp-perl-5.5-44.el6.i686
> > net-snmp-5.5-44.el6.i686
> > net-snmp-libs-5.5-44.el6.i686
> > net-snmp-devel-5.5-44.el6.i686
> >
> > rrdtool-devel-1.3.8-6.el6.i686
> > rrdtool-1.3.8-6.el6.i686
> > rrdtool-perl-1.3.8-6.el6.i686
> >
> >
> >
> > My router SNMP v3 config
> > /snmp community
> > set [ find default=yes ] addresses=10.0.0.0/8 <http://10.0.0.0/8>
> > authentication-password=testtest  authentication-protocol=SHA1
> > encryption-password=testtest name=Read_Only security=private
> > /snmp
> > set contact=support at wirelessconnect.eu enabled=yes trap-community=
> >     Read_Only trap-target=0.0.0.0 trap-version=3
> >
> >
> > What Im looking for is a working example of
> > MRTG Cfgmaker commnand that would successfully connect to a router with
> the
> > configuration above with Auth and Priv enabled for a given context ID
> ...  on
> > SNMPv3
> >
> > If you have to do something funky with context ID ...? for example
> >
> >
> > I get weird unrecognised ASN.1 errors  from the Cfgmaker script with
> > hexidecimal references that change every time I modify the cfgmaker
> command.
> >
> > I have tried many things and I just want some one . give me assistance
> to get
> > the Cfgmaker command working...
> >
> > I can snmp walk the router  fine...  I just cant get mrtg + snmpv3
> working...
> >
> >
> > Below ... is some mails with more information
> >
> > On Mon, Apr 22, 2013 at 7:29 AM, Tom Smyth <tom.smyth at wirelessconnect.eu
> >
> > wrote:
> >> Hi lads,
> >>
> >> Does any one have tips here for me I just dont get how to get around the
> >> Context ID,
> >>
> >> I can snmpwalk no problem without the context ID.. (which is not set on
> the
> >> router as it is optional)
> >>
> >> But everytime I set it on the router and I set it on the command
> >>
> >> on Mrtg Server I set the following command
> >>  cfgmaker --enablesnmpv3 --contextengineid "" --username=Read_Only
> >> --authpassword=testtest --authprotocol=sha --privpassword=testtest
> >> --privprotocol=des --ifref=ip --community=Read_Only 10.17.1.250:::::3
> >>
> >>
> >> I get this error on the router
> >>
> >> 07:21:39 snmp,debug v3 err: 3 unknown engine id
> >> 07:21:39 snmp packet from: 10.64.34.77 version: 3
> >> 07:21:39 snmp user: Read_Only_Secure
> >> 07:21:39 snmp,debug v3 err: 1 not in time window or incorrect engine
> boots
> >> 07:21:39 snmp packet from: 10.64.34.77 version: 3
> >> 07:21:39 snmp user: Read_Only_Secure
> >> 07:21:39 snmp,debug getnextgetbulk .1.3.6.1.2.1.1 reps:c nonreps:0
> >>
> >>
> >> Any Help or advice would be appreciated
> >>
> >>
> >> On Thu, Jan 24, 2013 at 11:00 PM, Tom Smyth <
> tom.smyth at wirelessconnect.eu>
> >> wrote:
> >>> Hi lads,
> >>>
> >>> Does anyone have any tips for running MRTG and SNMPv3  (with Auth and
> Priv)
> >>> SHA & DES
> >>>
> >>> I have been having issues with Cfgmaker not accepting my command
> without
> >>> mandatory   Context ID  (even tho context ID is Optional)
> >>> I have tried commenting out the Die if Context is not set lines in
> cfgmaker
> >>>
> >>> I have been able to SNMP walk with SNmp tools and I have been able to
> >>> communicate with routers with Cacti...
> >>>
> >>> but no matter what I try I cant get MRTG cfgmaker to work....with
> SNMPv3
> >>>
> >>>
> >>> I have tried with v2.17.4 and with the standard mrtg package on Centos
> 6.2
> >>>
> >>>
> >>> if anyone can help me with this...
> >>>
> >>> anything at all ... even a sample manual mrtg.cfg file for snmpv3
> would be
> >>> cool
> >>>
> >>> Thanks for your time
> >>>
> >>>
>
> _______________________________________________
> mrtg mailing list
> mrtg at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
>



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
---------------------------------
PLEASE CONSIDER THE ENVIRONMENT BEFORE YOU PRINT THIS E-MAIL
This email contains information which may be confidential or privileged.
The information is intended solely for the use of the individual or entity
named above.  If you are not the intended recipient, be aware that
any disclosure, copying, distribution or use of the contents of this
information is prohibited. If you have received this electronic
transmission in error, please notify me by telephone or by electronic mail
immediately. Any opinions expressed are those of the author, not the
company's  .This email does not constitute either offer or acceptance of
any contractually binding agreement. Such offer or acceptance must be
communicated in
writing. You are requested to carry out your own virus check before opening
any attachment. Thomas Smyth accepts no liability for any loss or damage
which may be caused by malicious software or attachments.



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
---------------------------------
PLEASE CONSIDER THE ENVIRONMENT BEFORE YOU PRINT THIS E-MAIL
This email contains information which may be confidential or privileged.
The information is intended solely for the use of the individual or entity
named above.  If you are not the intended recipient, be aware that
any disclosure, copying, distribution or use of the contents of this
information is prohibited. If you have received this electronic
transmission in error, please notify me by telephone or by electronic mail
immediately. Any opinions expressed are those of the author, not the
company's  .This email does not constitute either offer or acceptance of
any contractually binding agreement. Such offer or acceptance must be
communicated in
writing. You are requested to carry out your own virus check before opening
any attachment. Thomas Smyth accepts no liability for any loss or damage
which may be caused by malicious software or attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snmp_contextid.PNG
Type: image/png
Size: 112043 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0003.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test1
Type: application/octet-stream
Size: 250944 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0002.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test
Type: application/octet-stream
Size: 2550 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0003.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snmpwalk_good_enginetime_boots.png
Type: image/png
Size: 59356 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0004.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cfgmaker_bad_enginetime_boots.png
Type: image/png
Size: 55658 bytes
Desc: not available
Url : http://lists.oetiker.ch/pipermail/mrtg/attachments/20130425/7d4a9aa2/attachment-0005.png

More information about the mrtg mailing list