For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

r23_78178's avatar
r23_78178
Icon for Nimbostratus rankNimbostratus
Jul 23, 2012

SNMP trap problem

Hi,

 

 

I have a problem with SNMP traps.

 

I generate them according to sol11127 and try tcpdump according to sol411 but to no avail.

 

All that increases is the "packets received by filter".

 

From what i read this field is OS specific so it doesn't help me.

 

 

 

I am using these traps :

 

 

 

logger -p local0.notice "01070728:5: Node x.x.x.x monitor status up."

 

logger -p local0.notice "01070640:5: Node x.x.x.x monitor status down."

 

logger -p local0.notice "01180003:2: License load success

 

 

 

My tcpdump command looks like this :

 

 

 

tcpdump -vvi eth0 udp port 162

 

 

 

Our SNMP is set without a source so I assume the default mgmt interface is used , but just in case I did one tcpdump with no interface mentioned just the port , same result.

 

 

 

The last trap was confirmed working on a different BIG-IP system by one of my colleagues.

 

 

 

Am I doing something wrong ?

 

Did I choose some bad trap codes ? Or am I not using proper tcpdump options ?

 

 

 

Please let me know.

 

 

 

management
monitoring

6 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 24, 2012
    have you tried interface 0.0?

     

     

    tcpdump -nni 0.0 port 162
  • r23_78178's avatar
    r23_78178
    Icon for Nimbostratus rankNimbostratus
    Jul 24, 2012
    Hey nitass,

     

     

    tried it , this time i get a zero across the board :

     

     

    0 packets captured

     

    0 packets received by filter

     

    0 packets dropped by kernel

     

     

    Still , the system no longer prompted me that there is no ip address as it did when i mentioned -eth0 (although the official F5 guide says that you can't use eth0:mgmt and eth0 is the mgmt interface in the tcpdump option)

     

     

    Should I try some other trap ?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 24, 2012
    the first two logger commands work fine in my lab unit i.e. i do see the trap.

     

     

    restarting snmpd, i.e. bigstart restart snmpd, also generate trap. would you like to try?
  • r23_78178's avatar
    r23_78178
    Icon for Nimbostratus rankNimbostratus
    Jul 26, 2012
    I could try restarting snmpd , there's no impact right ?

     

     

    And have tcpdump ready to see a trap when snmpd restarts ? Or try the before logger commands after snmod restart ?
  • r23_78178's avatar
    r23_78178
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2012
    Posted By nitass on 07/24/2012 01:54 PM

     

    the first two logger commands work fine in my lab unit i.e. i do see the trap.

     

     

    restarting snmpd, i.e. bigstart restart snmpd, also generate trap. would you like to try?

     

    Hey nitass,

     

     

    Tried that , did indeed generate a trap.

     

    However nothing else did - even after restarting snmpd process.

     

     

    I even tried an emergency level trap :

     

     

    logger -p local0.emerg "01100048:0: Log disk usage still higher than 80% after logrotate and 24 times log deletion."

     

     

    Should I assume a problem with my device and contact F5 support or is my configuration off somehow ?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 03, 2012
    did you customize snmp setting e.g. /config/user_alert.conf, /etc/alertd/alert.conf?

     

     

    if so, can you revert it to default and test again?

     

     

    if no, yes i think you can open a support case.