RE: [nv-l] [SNMP] agent on AIX - A little off subject

["Davis, Donald" <donald.davis@firstcitizens.com>]

This post is about a defect with AIX v5 SNMP agent not logging the address of the station that is causing authentication failures on the NetView server with logging set to LEVEL=3. Attached below is the response from AIX support.

In plain English. In AIX v5, they have dropped the ability to display the source address of the station causing the authentication failure and do not intend to put it back. We must now use iptrace and ipreport as suggested below by AIX support. I think this is unacceptable, however, that's the way it is. 

I am only the second customer to call and complain. Maybe if they get enough complaints they will fix it then.
Note that it is just referred to as a change and not a defect!
Don Davis

===== FROM AIX SUPPORT ===================================================
The change that you've noticed was in base AIX 5.1.  That means that there
are no binaries that were compiled for AIX 5 before the change.  I've
included the commands below to run a trace to pull out the request packets
destined for snmpd.  You can run the commands manually or put them in a
script.  The output file will have all the request packets.  There is an
ASCII representation of the packet on the right hand side of the output.
The community name can be read there.  You can easily filter the file with
the `grep` command.  For example, if your accepted community names are
"bob", "ted", and "bill" you can issue `grep -Evp "bob|ted|bill"
/tmp/output`.  This will show all the request packets that didn't have
those community names.  Included in the packets are the IP addresses that
are sending the packets.  I hope this information helps.  Thanks!!

Eddie Perez
AIX Support Line
NetCom

To start the trace process -

#mknod /tmp/tracepipe p
#ipreport -rnsN /tmp/tracepipe | grep -Ep "30280201|30200201" > /tmp/output
&
#startsrc -s iptrace -a "-a -p 161 /tmp/tracepipe"

To stop the trace process -

#stopsrc -s iptrace
#ps -ef | grep ipreport      --> get the PID of ipreport
#kill <PID of ipreport process>
#rm /tmp/tracepipe

To extract request packets that don't use the correct community name -

#grep -Evp "name1|name2|name3" /tmp/output

-----Original Message-----
From: Leslie Clark [mailto:lclark@us.ibm.com]
Sent: Wednesday, November 20, 2002 11:37 PM
To: Davis, Donald
Subject: Re: [nv-l] [SNMP] agent on AIX - A little off subject

Time to call 1-800-CALL-AIX? Be sure to tell us what the trick
is. I haven't seen V5 yet.

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit

                                                                                                                                        

                      "Davis, Donald"                                                                                                   

                      <donald.davis@firstci        To:       "IBM NetView Discussion (E-mail)" <nv-l@lists.tivoli.com>                  

                      tizens.com>                  cc:                                                                                  

                                                   Subject:  [nv-l] [SNMP] agent on AIX - A little off subject                          

                      11/20/2002 09:15 AM                                                                                               

                                                                                                                                        

                                                                                                                                        

Good morning list:
I have 2 questions for you this morning.

NetView Server:
AIX: 5.2
NV: 7.1.3

I am receiving many authentication failures in NetView that I am trying to
track down.
I have configured snmpd with logging LEVEL=3 to capture everything to a log
file.
The source address of the bad SNMP request is not logged as it was on AIX
4.3.3.

1. Is something misconfigured or has this feature been removed from the AIX
v5 SNMP agent?

2. Does anyone know of a utility to capture this data in the windows
environment?

Regards,
=======================
Donald Davis
First Citizens Bank
Systems Engineer Consultant
Enterprise Management
100 East Tryon Road
Mail Code: DAC 22
Raleigh, NC.  27603-3526

------------------------------------------------------------------------------

This electronic mail and any files transmitted with it are confidential and
are intended solely for the use of individual or entity to whom they are
addressed. If you are not the intended recipient or the person responsible
for delivering the electronic mail to the intended recipient, be advised
that you have received this electronic mail in error and that any use,
dissemination, forwarding, printing, or copying of this electronic mail is
strictly prohibited. If you have received this electronic mail in error,
please immediately notify the sender by return mail.

==============================================================================