Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SNMPv3 traps and snmptrapd

0 views
Skip to first unread message

Jiro Iida

unread,
Jun 1, 2005, 2:40:13 PM6/1/05
to
Dear Sirs,

I am involved in the SNMPv3 agent's development now、and trying send SNMPv3 Traps.

It becomes an Authentication Error because of TimeWindowError though it tries to put out
SNMPv3 Trap from this agent, and to receive it with snmptrapd of Net-SNMP.

[Content of error of trace(snmptrapd)]
usm: Verification succeeded.
trace: usm_check_and_update_timeliness(): snmpusm.c, 2123:
usm: boot_uint 297 myBoots 297 time_diff 885 => not in time window
trace: snmpv3_parse(): snmp_api.c, 3745:
dumph_recv: ScopedPDU
trace: _snmp_parse(): snmp_api.c, 4091:
snmp_parse: Parsed SNMPv3 message (secName:myuser, secLevel:authPriv): USM not in time window

The following description is put in snmptrapd.conf.

createUser myuser MD5 password DES password

and Set same agent's EngineID.

Is this a correct result?

In RFC3414, incase of Traps(Unconfirmed-Class PDU),
though it is thought that non-authoritative side (in this case, snmptrapd)
should synchronize at time because the sending end to Trap become the authoritative sides.
In that case, though it doesn't think the TimeWindow error to be generated
as a result of the Time Synchronization.

The version I used is 5.2.1 with cygwin.

My best regards.

Jiro Iida


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Wes Hardaker

unread,
Jun 2, 2005, 1:29:09 PM6/2/05
to
>>>>> On Wed, 1 Jun 2005 17:21:06 +0900, "Jiro Iida" <jiro...@ps.hitachis=
oft.jp> said:

Jiro> I am involved in the SNMPv3 agent's development now=1B$B!"=1B(Band
Jiro> trying send SNMPv3 Traps.

BTW, have you read our description about how to set up SNMPv3 trap
sending/receiving:

http://www.net-snmp.org/tutorial/tutorial-5/commands/snmptrap-v3.html

Jiro> In RFC3414, incase of Traps(Unconfirmed-Class PDU), though it is
Jiro> thought that non-authoritative side (in this case, snmptrapd)
Jiro> should synchronize at time because the sending end to Trap
Jiro> become the authoritative sides. In that case, though it doesn't
Jiro> think the TimeWindow error to be generated as a result of the
Jiro> Time Synchronization.

Well, when receiving traps it shouldn't actually do anything to
synchronize. It should increase the clock locally when a
authenticated packet has been received and it should drop future traps
received where the time window was below the memorized value.

Are you saying that the trapd is actually dropping the first trap
received from a long-running agent or something? It shouldn't, certainly.

--=20
Wes Hardaker
Sparta, Inc.

Jiro Iida

unread,
Jun 3, 2005, 7:49:09 AM6/3/05
to
Thank you for a quick answer.

Taught tutorial is read.
It is actually confirmed to be able to receive SNMPv3 traps normally by
combining snmptrap and snmptrapd.

However, it is thought that it doesn't become a situation that I am
describing because engineBoots and engineTime that snmptrap sets in
this case are 1 and a few seconds respectively.

It is an agent of developed actual snmp that I tests and the Trap issue of
SNMPv3 is making in originality.
In that case, engineBoots and engineTime set an actual value and transmit
Trap, because it is an authoritative side.
How though thought by me processing that this is correct?
Moreover, should I transmit Trap as engineBoots=1 and engineTime=a few second
like snmptrap?
It would be greatly appreciated when it can teach about there.

Again My best regards.
Jiro Iida

-----Original Message-----
From: Wes Hardaker [mailto:hard...@users.sourceforge.net]
Sent: Friday, June 03, 2005 2:27 AM
To: Jiro Iida
Cc: net-snm...@lists.sourceforge.net
Subject: Re: SNMPv3 traps and snmptrapd


>>>>> On Wed, 1 Jun 2005 17:21:06 +0900, "Jiro Iida" <jiro...@ps.hitachisoft.jp> said:

Jiro> I am involved in the SNMPv3 agent's development now、and


Jiro> trying send SNMPv3 Traps.

BTW, have you read our description about how to set up SNMPv3 trap
sending/receiving:

http://www.net-snmp.org/tutorial/tutorial-5/commands/snmptrap-v3.html

Jiro> In RFC3414, incase of Traps(Unconfirmed-Class PDU), though it is
Jiro> thought that non-authoritative side (in this case, snmptrapd)
Jiro> should synchronize at time because the sending end to Trap
Jiro> become the authoritative sides. In that case, though it doesn't
Jiro> think the TimeWindow error to be generated as a result of the
Jiro> Time Synchronization.

Well, when receiving traps it shouldn't actually do anything to
synchronize. It should increase the clock locally when a
authenticated packet has been received and it should drop future traps
received where the time window was below the memorized value.

Are you saying that the trapd is actually dropping the first trap
received from a long-running agent or something? It shouldn't, certainly.

--

0 new messages