--> minddog has joined #net-snmp
--> MezoWork has joined #net-snmp
[2002/10/15 01:22:02] #net-snmp <MezoWork> hi
--> jaypee has joined #net-snmp
[2002/10/15 02:45:36] #net-snmp <jaypee> just coding an iterator table generated by mib2c.iterate.conf.
[2002/10/15 02:46:11] #net-snmp <jaypee> in get next data point what do you return for end of table??
[2002/10/15 02:46:19] #net-snmp <jaypee> thanks
[2002/10/15 02:49:54] #net-snmp <MezoWork> NULL
[2002/10/15 02:56:39] #net-snmp <jaypee> it is just the sample code always returns put_index_data.
[2002/10/15 02:57:07] #net-snmp <jaypee> But if there is end of table just return NULL instead?
[2002/10/15 03:03:22] #net-snmp <MezoWork> here is a sample :
[2002/10/15 03:03:25] #net-snmp <MezoWork> netsnmp_variable_list *
[2002/10/15 03:03:25] #net-snmp <MezoWork> ntqATable_get_next_data_point(void **my_loop_context, void **my_data_context,
[2002/10/15 03:03:25] #net-snmp <MezoWork> netsnmp_variable_list *put_index_data,
[2002/10/15 03:03:25] #net-snmp <MezoWork> netsnmp_iterator_info *mydata)
[2002/10/15 03:03:25] #net-snmp <MezoWork> {
[2002/10/15 03:03:36] #net-snmp <MezoWork> netsnmp_variable_list *vptr;
[2002/10/15 03:03:36] #net-snmp <MezoWork> alarm_node_t * AlarmList = (alarm_node_t *) * my_loop_context;
[2002/10/15 03:03:36] #net-snmp <MezoWork> DEBUG0("ntqATable_get_next_data_point START");
[2002/10/15 03:03:36] #net-snmp <MezoWork>
[2002/10/15 03:03:36] #net-snmp <MezoWork> if(AlarmList->next==NULL)
[2002/10/15 03:03:37] #net-snmp <MezoWork> return NULL;
[2002/10/15 03:03:46] #net-snmp <MezoWork> if .. not next (end of table ... return NULLĂ“
[2002/10/15 03:03:52] #net-snmp <MezoWork> otherwise . .continue
[2002/10/15 03:03:55] #net-snmp <MezoWork> ACTION is away: I'm busy
[2002/10/15 03:04:12] #net-snmp <jaypee> Ta
--> jaypee has joined #net-snmp
[2002/10/15 04:05:36] #net-snmp <MezoWork> ACTION is back (gone 01:01:41)
--> ilya has joined #net-snmp
[2002/10/15 05:31:13] #net-snmp <ilya> Hi all. I'm new to SNMP. And i'm interesting, which "free" client programs can I use with net-snmp. I need X window programs too. Thanks.
--> wes has joined #net-snmp
[2002/10/15 06:28:24] #net-snmp <ilya> I'm new to SNMP. And i'm interesting, which "free" client programs can I use with net-snmp. I need X window programs too. Thanks.
[2002/10/15 06:31:16] #net-snmp <wes> Well, you should probably start by looking at our tutorial at http://www.net-snmp.org/tutorial-5/
[2002/10/15 06:31:40] #net-snmp <wes> If you're looking for other SNMP clients besides just ours, go to www.snmplinks.com
[2002/10/15 06:36:15] #net-snmp <ilya> wes: I want programs, that works, but I've saw www.snmplinks.com week ago. I've not found programs I need. They are not free or they doesn't work.
[2002/10/15 06:36:37] #net-snmp <wes> Ours work, but they're fairly simple.
[2002/10/15 06:37:38] #net-snmp <wes> Generally, if you want really good tools, of course, you need to pay for them. However, there are a fair amount of decent ones out there too that are free. Nothing compared to something like OpenView or other managers (though many people don't like OpenView or the others because they're "too big")
[2002/10/15 06:38:56] #net-snmp <ilya> wes: Programs from net-snmp package? Yes they work good. But I need somethink with user interface. OpenView isn't a good variant for my organization.
[2002/10/15 06:40:12] #net-snmp <wes> well, gxsnmp has a graphical interface. Our "tkmib" is graphical. you might try searching at www.freshmeat.net as well.
[2002/10/15 06:47:36] #net-snmp <ilya> ok! I'll try them.
[2002/10/15 06:48:04] #net-snmp <wes> snapshot of our app here: http://www.net-snmp.org/tkmib.jpg
[2002/10/15 06:52:11] #net-snmp <ilya> wes: I'm instlling it. But I see it requires ucd-snmp. I have net-snmp yet
[2002/10/15 06:52:31] #net-snmp <wes> no, it should be fine with net-snmp (it needs the perl module though)
[2002/10/15 06:53:17] #net-snmp <ilya> I understood.
--> nostaw has joined #net-snmp
--> delanne has joined #net-snmp
[2002/10/15 07:33:33] #net-snmp <Mezo> hi all
[2002/10/15 07:33:38] #net-snmp <Mezo> wes: R U here ?
[2002/10/15 07:33:46] #net-snmp <wes> maybe?
[2002/10/15 07:33:53] #net-snmp <Mezo> ;)
[2002/10/15 07:34:10] #net-snmp <Mezo> kestion about table generate with mib2c.iterate.conf
[2002/10/15 07:34:25] #net-snmp <Mezo> I'm sure that I have not mem leak in my code ...
[2002/10/15 07:34:32] #net-snmp <Mezo> Why does me memory grow up ?
[2002/10/15 07:34:56] #net-snmp <Mezo> I try nsTransactionTable
[2002/10/15 07:35:01] #net-snmp <Mezo> the memory grow up too ...
[2002/10/15 07:35:23] #net-snmp <wes> Well, there are apparentyl some leaks in the table iterator code.
[2002/10/15 07:35:34] #net-snmp <wes> 5.0.6 should be better, but there is one patch that was sent to the -coders list which I haven't applied.
[2002/10/15 07:35:41] #net-snmp <Mezo> I have 5.0.6
[2002/10/15 07:35:41] #net-snmp <wes> you can search the archives to get it.
[2002/10/15 07:35:56] #net-snmp <Mezo> big memleak ...
[2002/10/15 07:36:02] #net-snmp <Mezo> 4k ...
[2002/10/15 07:36:11] #net-snmp <Mezo> ok ... I search
[2002/10/15 07:37:51] #net-snmp <Mezo> is it an official patch ?
[2002/10/15 07:38:33] #net-snmp <wes> official, no not yet.
[2002/10/15 07:50:32] #net-snmp <Mezo> grrr .. don't find it ;(
--> Mezo has joined #net-snmp
--> TrogL has joined #net-snmp
[2002/10/15 09:28:59] #net-snmp <TrogL> just a thought, if ORACLE is expecting snmpd to behave as an agent, do I have to do anything special on ./configure?
[2002/10/15 09:39:42] #net-snmp <wes> I think oracle is a SMUX subagent, right? If so, you'd have to have configured with --with-mib-modules="smux"
--> benr has joined #net-snmp
[2002/10/15 09:56:39] #net-snmp <TrogL> OK, so wh ere do I confirm that ORACLE is SMUX subagent? there's nothing in ORACLE's documentation
[2002/10/15 09:58:25] #net-snmp <wes> uh, don't know.
[2002/10/15 09:58:33] #net-snmp <wes> a packet sniffer :-)
[2002/10/15 09:58:49] #net-snmp <wes> (look for traffic to port 199)
[2002/10/15 09:59:23] #net-snmp <TrogL> when would this traffic be generated?
--> ilya has joined #net-snmp
[2002/10/15 10:19:30] #net-snmp <ilya> People! I want to know about security in net-snmp, when it's work with snmp version 1 or 2c. I've heard there are different security holes in this versions of SNMP protocol. How can I secure my system?
[2002/10/15 10:19:49] #net-snmp <TrogL> which version?
[2002/10/15 10:20:20] #net-snmp <TrogL> step one, don't use the "public" domain
[2002/10/15 10:20:25] #net-snmp <ilya> net-snmp 5.0.3
[2002/10/15 10:21:03] #net-snmp <TrogL> that's stale - I think there were some fixes in 5.04 and 5.0.6 is current
[2002/10/15 10:22:05] #net-snmp <ilya> TrogL: I must restrict access by IP addresses ?
[2002/10/15 10:23:00] #net-snmp <TrogL> that's not what I said
[2002/10/15 10:23:25] #net-snmp <TrogL> many people set up their snmpd to be -c public
[2002/10/15 10:23:28] #net-snmp <TrogL> this is a security hole
[2002/10/15 10:23:48] #net-snmp <ilya> Why?
[2002/10/15 10:24:38] #net-snmp <TrogL> because everybody can look at your system and find out things you don't necessarily want them to know
[2002/10/15 10:26:25] #net-snmp <ilya> TrogL: must I use "private" community only with access from my mashines only & set up snmpd to run on TCP port?
[2002/10/15 10:26:52] #net-snmp <TrogL> no, on all your configurations, find anywhere is says "public" and change it to something else
[2002/10/15 10:28:49] #net-snmp <ilya> TrogL: oh I understood. And this community name must be as a password? ;) he he. Nobody outside the organization woun't know about it. So?
[2002/10/15 10:29:25] #net-snmp <TrogL> something like that
[2002/10/15 10:31:04] #net-snmp <ilya> Ok! It works. And what about read-write community?
[2002/10/15 10:32:32] #net-snmp <TrogL> same idea, presumably - I don't use that much
[2002/10/15 10:36:04] #net-snmp <ilya> TrogL: Does exist way to get unknown community name from snmpd mashine? If somebody will be able to do it?
[2002/10/15 10:36:57] #net-snmp <uathome> brute force attack.
[2002/10/15 10:37:04] #net-snmp <ilya> TrogL: where can I read about security with snmp v1 and snmp v2?
[2002/10/15 10:37:25] #net-snmp <uathome> Since it's one single word in v2c, it's easy to brute-force.
[2002/10/15 10:37:56] #net-snmp <ilya> uathome: how?
[2002/10/15 10:38:34] #net-snmp <uathome> We crank down SNMP traffic in our routers, only permitting about a half dozen to send SNMP.
[2002/10/15 10:39:27] #net-snmp <uathome> If our rev of Cisco IOS supported v3, we wouldn't be quite so anal about it.
[2002/10/15 10:39:56] #net-snmp <uathome> I should add that we primarily use SNMp to collect Cisco statistics. We'd use it to set data on the Ciscos if it weren't such a scary security risk.
[2002/10/15 10:40:40] #net-snmp <uathome> bbl. shower.
[2002/10/15 10:40:43] #net-snmp <wes> use v3 (upgrade your CISCO to a version that supports it)
[2002/10/15 10:40:45] #net-snmp <wes> gotta run.
[2002/10/15 10:40:45] #net-snmp <wes> bye
[2002/10/15 10:42:29] #net-snmp <ilya> but v3 does not supported by monitoring programs, and I'm going use net-snmp not for CISCO routers, it'll be used for PC's
[2002/10/15 10:46:14] #net-snmp <TrogL> if you're not planning on using SNMP to modify stuff on the pc's I wouldn't be as worried about v3
[2002/10/15 10:46:27] #net-snmp <TrogL> I WOULD be sure i'd change that community string
[2002/10/15 10:48:57] #net-snmp <ilya> TrogL: this PC's are in the internet. That's why security is so important. Where can I read about SNMP security holes?
--> ua has joined #net-snmp
--> ua has joined #net-snmp
--> Ilya has joined #net-snmp
[2002/10/15 12:38:56] #net-snmp <Ilya> Hi! Where can I read about vulnerabilities of SNMPv1,SNMPv2 protocols, and about their security. Thanks
--> miike has joined #net-snmp
[2002/10/15 12:54:10] #net-snmp <TrogL> ilya: http://www.cert.org/advisories/CA-2002-03.html
[2002/10/15 12:56:37] #net-snmp <TrogL> http://www.wwdsi.com/demo/saint_tutorials/Guessable_Read_Community.html
[2002/10/15 13:02:52] #net-snmp <Ilya> TrogL: I know possible solution. I'll install ipfw on main SNMP mashine in my subnet, where master net-snmp will be.
[2002/10/15 13:04:32] #net-snmp <TrogL> earlier you mentioned "PC's on the Internet"
[2002/10/15 13:04:35] #net-snmp <TrogL> don't you haev a router?
[2002/10/15 13:05:34] #net-snmp <Ilya> we have Cisco router. But my chief wants monitoring of PC's but not CISCO
[2002/10/15 13:06:42] #net-snmp <TrogL> OK, was worried you had PC's directly exposed to Internet - if you're behind a router you're in better shape
[2002/10/15 13:07:20] #net-snmp <TrogL> what, exactly, are you monitoring on the PC's? using what?
[2002/10/15 13:09:35] #net-snmp <Ilya> We want monitor their load, state of some processes, e.g. squid, mail daemon, our services
[2002/10/15 13:10:05] #net-snmp <Ilya> I'm going use net-snmp there
[2002/10/15 13:10:48] #net-snmp <TrogL> are these Dells or Compaqs? (I know they're probably not)
[2002/10/15 13:10:59] #net-snmp <Ilya> And I'm going write simple web-interface for it or use ready, e.g Big Sister
[2002/10/15 13:11:24] #net-snmp <Ilya> there are no Dells or Compaqs
[2002/10/15 13:22:38] #net-snmp <TrogL> just wondered 'cause Compaqs have Insight Manager (an SNMP daemon) and Dells haev something similar
--> Tourinho has joined #net-snmp
[2002/10/15 13:23:34] #net-snmp <Tourinho> hello
[2002/10/15 13:24:34] #net-snmp <Tourinho> how can add mib on snmpd?
[2002/10/15 13:24:51] #net-snmp <Tourinho> export mibs=all?
[2002/10/15 13:29:46] #net-snmp <rstory> Tourinho: add 'mibs all' to your snmpd.conf
[2002/10/15 13:29:51] #net-snmp <TrogL> on snmpwalk, use -m ALL
[2002/10/15 13:30:28] #net-snmp <rstory> for apps (like snmpwalk), add 'mibs all' to your ~/.snmp/snmp.conf
[2002/10/15 13:32:13] #net-snmp <Ilya> rstory: I thought that snmpd does it by default.
[2002/10/15 13:32:15] #net-snmp <Tourinho> rstory: it still not working..
[2002/10/15 13:32:29] #net-snmp <Tourinho> rstory: i want walk throught host for example
[2002/10/15 13:32:30] #net-snmp <TrogL> as in /usr/local/share/snmp/snmpd.conf ?
[2002/10/15 13:32:44] #net-snmp <Tourinho> but when i use snmpwalk i doesnt show
[2002/10/15 13:32:51] #net-snmp <rstory> TrogL: for the agent, yes
[2002/10/15 13:33:15] #net-snmp <rstory> Tourinho: did you configure to include the host modules? they aren't added by default.
[2002/10/15 13:34:01] #net-snmp <Tourinho> rstory: like it..
[2002/10/15 13:34:02] #net-snmp <Tourinho> view systemview included host
[2002/10/15 13:34:04] #net-snmp <Tourinho> ?
[2002/10/15 13:34:46] #net-snmp <rstory> Tourinho: no, I mean when you installed the agent. Did you install a binary, or compile from source?
[2002/10/15 13:35:34] #net-snmp <Tourinho> compile
[2002/10/15 13:35:50] #net-snmp <Tourinho> 5.0.3
[2002/10/15 13:36:20] #net-snmp <TrogL> what MIB isn't it reading and what's your evidence?
[2002/10/15 13:36:37] #net-snmp <Tourinho> hosts
[2002/10/15 13:37:02] #net-snmp <rstory> run 'head config.status' to see how you configured the agent..
[2002/10/15 13:37:50] #net-snmp <rstory> if you don't see something like "--with-mib-modules=host" then you need to rerun configure and then rebuild the agent
[2002/10/15 13:37:52] #net-snmp <Tourinho> ok.. just a second
[2002/10/15 13:38:06] #net-snmp <TrogL> what platform?
[2002/10/15 13:38:48] #net-snmp <Tourinho> rstory: so.. i need to recompile?
[2002/10/15 13:39:00] #net-snmp <Tourinho> can I use --with-mib-modules=all?
[2002/10/15 13:39:05] #net-snmp <Tourinho> TrogL: linux
[2002/10/15 13:39:59] #net-snmp <TrogL> no you have to explicitly state the modules
[2002/10/15 13:40:03] #net-snmp <rstory> Tourinho: I don't think so..
[2002/10/15 13:40:24] #net-snmp <rstory> "configure --help' will list available modules
[2002/10/15 13:41:06] #net-snmp <TrogL> I use ./configure --with-mib-modules="host disman/event-mib ucd-snmp/diskio" --enable-shared --enable-embedded-perl
[2002/10/15 13:41:13] #net-snmp <TrogL> but that's on Solaris so your mileage may vary
[2002/10/15 13:41:27] #net-snmp <TrogL> use PERL only if you're going to actually use it 'cause there's issues
[2002/10/15 13:42:14] #net-snmp <Tourinho> ok
[2002/10/15 13:42:19] #net-snmp <Tourinho> thank you all
[2002/10/15 13:55:28] #net-snmp <TrogL> ACTION bursts into tears and starts wailing
[2002/10/15 13:55:40] #net-snmp <TrogL> wha'ts with this netsnmp_get_boolean??
[2002/10/15 13:56:08] #net-snmp <TrogL> and where's ../snmplibs/.libs ?
[2002/10/15 13:57:30] #net-snmp <TrogL> sorry ../snmplib/.libs/
[2002/10/15 13:58:50] #net-snmp <rstory> TrogL: ??
[2002/10/15 13:59:18] #net-snmp <TrogL> undefined symbol netsnmp_get_boolean
[2002/10/15 13:59:23] #net-snmp <TrogL> first referenced in file
[2002/10/15 13:59:34] #net-snmp <TrogL> ../snmplib/.libs/libnetsnmp.so
[2002/10/15 14:00:35] #net-snmp <TrogL> find /usr -name snmplib -print returns empty
[2002/10/15 14:03:58] #net-snmp <TrogL> the calling line is...
[2002/10/15 14:04:54] #net-snmp <rstory> ok, .libs is usually just in the build directory...
[2002/10/15 14:06:22] #net-snmp <TrogL> there is a .libs in the agent directory
[2002/10/15 14:06:45] #net-snmp <rstory> ok, looks like it's mibs.c... replace 2 occurances of netsnmp_get_boolean with netsnmp_ds_get_boolean
[2002/10/15 14:08:55] #net-snmp <TrogL> can't find mibs.c
[2002/10/15 14:09:04] #net-snmp <rstory> snmplib/mib.c
[2002/10/15 14:09:38] #net-snmp <TrogL> ah!
[2002/10/15 14:13:09] #net-snmp <TrogL> ACTION makes
[2002/10/15 14:34:04] #net-snmp <TrogL> yep, that got it
[2002/10/15 14:34:52] #net-snmp <TrogL> could you fix the CVS version?
[2002/10/15 14:35:53] #net-snmp <rstory> already did
[2002/10/15 14:40:38] #net-snmp <TrogL> if I use smux do I need agent as well?
[2002/10/15 14:40:42] #net-snmp <TrogL> or does it assume
[2002/10/15 14:41:08] #net-snmp <TrogL> sorry agentx
[2002/10/15 14:41:57] #net-snmp <rstory> no, they are independent
[2002/10/15 14:46:56] #net-snmp <TrogL> ACTION makes with smux
[2002/10/15 14:49:14] #net-snmp <TrogL> ACTION (on 2nd reading) thinks that looks obscene
--> slam has joined #net-snmp
[2002/10/15 15:01:55] #net-snmp <TrogL> would having my community string as "public" fail test 1?
[2002/10/15 15:03:02] #net-snmp <TrogL> and/or fail agentx GET, Set and illegal Set support?
[2002/10/15 15:08:45] #net-snmp <TrogL> hmmm. changed the community and still failed
[2002/10/15 15:09:23] #net-snmp <TrogL> but 2c passed (as it did before)
[2002/10/15 15:26:10] #net-snmp <TrogL> incidentally, snmpd.log reports
[2002/10/15 15:26:49] #net-snmp <TrogL> unknown token mibs
[2002/10/15 15:43:03] #net-snmp <rstory> try '[snmp] mibs all'
[2002/10/15 15:43:46] #net-snmp <rstory> and didn't you say you configured without agentx? if so, then i'd expect those test to fail.
[2002/10/15 15:44:11] #net-snmp <rstory> of course, configure should probably disable the test, but I leave the configure stuff to wes
--> jbpn has joined #net-snmp

Powered by: SourceForge Logo