CMK version: Checkmk Raw Edition 2.1.0p2
OS version: Ubuntu 20.04.4 LTS
Cannot fetch system description OID .18.104.22.168.22.214.171.124.0. Please check your SNMP configuration. Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc.**CRIT**
I am having a bit of a problem with one of the systems I am trying to add to checkmk. It is a NAS device EVO from SNS. The system uses SNMP v2 and public community setting. With these settings, I get a successful ping but “empty SNMP response”. If I change SNMP settings I get “SNMP Error on IP: Timeout: No Response from IP (Exit-Code: 1)”.
Is there a way to troubleshoot this further?
Hi and welcome,
do you have some firewall between your Cmk server and NAS device, because this looks like something is blocking SNMP access to device?
Hi. Thanks for the response.
I configured the firewall on the device to allow UDP on 161. I believe that should be sufficient, right?
yes, UDP 161. But as it is UDP it is stateless, and therefore it can be every other reason as well.
Hence, our error message gives some of the possible reasons: “Wrong credentials, wrong SNMP version, Firewall rules, etc.”
And is there any way I can diagnose this further to eliminate individual possibilities for the error?
no, you can not do it remotely due to protocol limitations of UDP/SNMP.
E.g. you can not determine from the client (the Checkmk server) if your request packet is either dropped by the firewall or simply not answered by the SNMP agent on the NAS, switch, whatever.
So you have to check
- Is the firewall open
- is the SNMP agent enabled and running
- is the used protocol (v1/v2c/v3) correct
- and also that the community (v1/v2c) or SNMP credentials (v3) are correct
There is no firewall on either device. SNMP is enabled and I triple-checked that all the settings are set right. Also if I change SNMP protocol or community the connection check error changes from “empty SNMP response” to “SNMP Error on IP: Timeout: No Response from IP (Exit-Code: 1)”.
I don’t know what else to check here.
We had also some issues with SNMP, in our case v3 seems to work not proberly.
Downgrading on v2c did the job for the moment - see https://forum.checkmk.com/t/upgrade-to-v2-1-printer-dont-show-any-snmp-informetion/31936/13
Unfortunately, I had no luck switching between SNMP versions.
The company has now provided me with a modified OID file, which is in .oidlib format, but I see that is only applicable to PRTG.
Is there any way the MIB file might help me with the issue I am having?
the MIB won’t change anything as it only translates (i.e. sometimes makes the output more readable) when you get a response including the SNMP OIDs, but since you’re not getting any response, the MIB won’t help. Also, checkmk doesn’t need the mib file. (if you ever want to look at an oidlib file unrelated to this issue, the PRTG mib browser is freeware Paessler hilft: MIB-Dateien importieren und OIDs auswerten)
regarding your problem:
this is why snmp is always complicated, as pointed out before, it’s very difficult to troubleshoot this.
if the device you want to query has a local firewall, can you also locally run linux commands like tcpdump on it to see if any traffic is reaching your device on 161/udp?
Otherwise, maybe you can share (anonymized) screenshots of the config if someone here sees a mistake? (Or raise the issue with the Evo NAS Support guys if you are 100% sure firewalls in your network are not the issue.)