Discussion:
snmp trap authentication failures, what am I missing?
cgill
2011-12-05 22:19:12 UTC
Permalink
cgill [http://community.zenoss.org/people/cgill] created the discussion

"snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63045#63045

--------------------------------------------------------------
I'm still getting failures when adding devices, what am I missing?

This one happens to be my desktop, windows 7 64 that I just set for snmp while I'm trying to figure out this issue.

| | Device: | 02112-HP (http://zenoss.tcl.edu:8080/zport/dmd/Devices/devices/02112-HP/devicedetail)  |
| Component: | |
| Event Class: | /Security/Auth (http://zenoss.tcl.edu:8080/zport/dmd/Events/Security/Auth)  |
| Status: | 1 |
| Start Time: | 2011/12/05 17:04:57.000 |
| Stop Time: | 2011/12/05 17:08:02.000 |
| Count: | 18 |
| Message: | snmp trap snmp_authenticationFailure |
| Systems: | |
| Groups: | |
| Location: | |
| Device Class: | / (http://zenoss.tcl.edu:8080/zport/dmd/itinfrastructure#devices:.zport.dmd.Devices.) |
| Production State: | Production |
| Device Priority: | Normal |
|


I'm assuming count is how many times it tried, correct?

I have a trap set for public, to send to zenoss core server (3.2.1 on ubuntu 64 11.10) by its IP. Firewalls on both servers are open for snmp and snmp trap. The devices are adding, but always coming up with trap errors regarding authentication. While figuring this out, should I continue to remove and add the device, or should this report back fine over time (assuming I fix it)?

Thanks for the help!
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63045#63045]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
jmp242
2011-12-06 13:45:21 UTC
Permalink
jmp242 [http://community.zenoss.org/people/jmp242] created the discussion

"Re: snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63076#63076

--------------------------------------------------------------
Is the trap referring to the Zenoss server? If so, check the SNMP community. I've seen these from other devices doing SNMP probing - such as printer drivers (grrr)...

--
James Pulver
ZCA Member
LEPP Computer Group
Cornell University
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63076#63076]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
cgill
2011-12-06 15:09:40 UTC
Permalink
cgill [http://community.zenoss.org/people/cgill] created the discussion

"Re: snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63087#63087

--------------------------------------------------------------
Well the failure events disappeared, so I configured two more servers and added them and got the error again. I'll see if it resolves over time.

Here are more details, which doesn't exactly help diagnose the issue:

| | agent | zentrap |
| clearid | |
| component | |
| count | 5 |
| dedupid | ProdApp||/Security/Auth||3|snmp trap  snmp_authenticationFailure |
| device | ProdApp |
| DeviceClass | /Server/Windows |
| DeviceGroups | | |
| DevicePriority | 3 |
| eventClass | /Security/Auth |
| eventClassKey | snmp_authenticationFailure |
| eventClassMapping | /Security/Auth/snmp_authenticationFailure |
| eventGroup | trap |
| eventKey | |
| eventState | 0 |
| evid | 3ee28348-4945-43d1-88ed-046702888eb5 |
| facility | unknown |
| firstTime | 2011/12/06 09:57:52.000 |
| ipAddress | 10.10.1.39 |
| lastTime | 2011/12/06 09:57:56.000 |
| Location | |
| manager | ubuntu-server-64 |
| message | snmp trap snmp_authenticationFailure |
| monitor | localhost |
| ntevid | 0 |
| ownerid | |
| priority | -1 |
| prodState | 1000 |
| severity | 3 |
| stateChange | 2011/12/06 09:58:35.000 |
| summary | snmp trap snmp_authenticationFailure |
| suppid | |
| Systems | | |
|
|
Event  Details |
|
| community | public |
| oid | 1.3.6.1.4.1.311.1.1.3.1.2.0 |
|


if i go to events, then event classes, then security, then auth I see that an internal ip is failing to authenticate, an ip I have no idea about, so it looks like some device (possible a printer) is performing snmp traps too. thanks for the nudge jmp242.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63087#63087]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
mwcotton
2011-12-06 21:58:54 UTC
Permalink
mwcotton [http://community.zenoss.org/people/mwcotton] created the discussion

"Re: snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63091#63091

--------------------------------------------------------------
I suggest in the snmp setup on the windows devices, uncheck the box that says send authentication traps.
if not ,anything that tries to query your windows devices and doesnt use the proper auth, it will send a irritating trap to your zenoss box.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63091#63091]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
jmp242
2011-12-07 13:15:33 UTC
Permalink
jmp242 [http://community.zenoss.org/people/jmp242] created the discussion

"Re: snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63114#63114

--------------------------------------------------------------
I was implying what mwcotton says, though I wasn't clear enough. The question is - do you want to know when something is trying to snmp query your Windows server? I think the practical answer is probably not, and mwcotton's suggestion is appropriate.

--
James Pulver
ZCA Member
LEPP Computer Group
Cornell University
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63114#63114]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
cgill
2011-12-07 14:25:01 UTC
Permalink
cgill [http://community.zenoss.org/people/cgill] created the discussion

"Re: snmp trap authentication failures, what am I missing?"

To view the discussion, visit: http://community.zenoss.org/message/63118#63118

--------------------------------------------------------------
since the community string is public for read, I want to be nosy and see what's probing for snmp info. I still haven't been able to track down that ip, and it only occurs when I first add a new device, which I find strange. thanks for the insight! now to figure out how to turn certain events from error to warning  :) ..more reading now.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/63118#63118]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...