[Check_mk (english)] Scans of services on hosts not being performed in SNMP v3 but in v2c

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 um 14:44 Uhr:

Hi all,

Ran into something today, and it’s quite annoying: When configuring a host to use SNMPv3 to check a device, it tries to use SNMP v2c instead.

This means we have to open up v2c; perform a scan; add the checks we need; close v2c back up and let the checking be done via v3.

Are there any workarounds available?

OMD[site]:~/etc/check_mk/conf.d/wato$ omd version

OMD - Open Monitoring Distribution Version 1.2.4p5.mmk

(also affected: 1.2.6p9.cee)

OMD[site]:~/etc/check_mk/conf.d/wato$ cmk --debug -vI host.to.check

Inventorizing host.to.check.

Scanning host host.to.check(172.31.255.5) for SNMP checks…Running ‘snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0’

ERROR: SNMP error

Timeout: No Response from 172.31.255.5.

Traceback (most recent call last):

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 5916, in

do_snmp_scan(hostnames)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 2680, in do_snmp_scan

checknames = snmp_scan(hostname, ipaddress)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 879, in snmp_scan

raise MKSNMPError(“Cannot fetch system description OID %s” % sys_descr_oid)

main.MKSNMPError: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0

Timeout: No Response from 172.0.0.5.

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v3 -a SHA -x DES -u SNMPUser -A PASSWORD -X PASSWORD -l AuthPriv 172.0.0.5 .1.3.6.1.2.1.1.1.0

SNMPv2-MIB::sysDescr.0 = STRING: HP Comware Platform Software, Software Version 7.1.045, Release 2416

HP 5900AF-48G-4XG-2QSFP+ Switch

Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.

---

checkmk-en mailing list

checkmk-en@lists.mathias-kettner.de

http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

We’ll meet in Munich for the 2nd Check_MK Conference!

Book your place now and be part of it.

October 18th-20th, 2015

http://mathias-kettner.com/conference

Dries Symaeys
Senior Added Value Consultant
Monitoring Engineer

+32476535652

Hestia NV ■ Veldkant 35D ■ 2550 Kontich ■ +32 3 450 67 89

From: Marcel Schulte [mailto:schulte.marcel@gmail.com]
Sent: woensdag 2 september 2015 14:50
To: Symaeys Dries; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Scans of services on hosts not being performed in SNMP v3 but in v2c

Hi,

when you do a " cmk -D AFFECTHOSTNAME | grep ‘Type of agent’ "… What is reported?

Regards,

Marcel

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 um 14:44 Uhr:

Hi all,

Ran into something today, and it’s quite annoying: When configuring a host to use SNMPv3 to check a device, it tries to use SNMP v2c instead.

This means we have to open up v2c; perform a scan; add the checks we need; close v2c back up and let the checking be done via v3.

Are there any workarounds available?

OMD[site]:~/etc/check_mk/conf.d/wato$ omd version

OMD - Open Monitoring Distribution Version 1.2.4p5.mmk

(also affected: 1.2.6p9.cee)

OMD[site]:~/etc/check_mk/conf.d/wato$ cmk --debug -vI host.to.check

Inventorizing host.to.check.

Scanning host host.to.check(172.31.255.5) for SNMP checks…Running ‘snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0’

ERROR: SNMP error

Timeout: No Response from 172.31.255.5.

Traceback (most recent call last):

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 5916, in

do_snmp_scan(hostnames)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 2680, in do_snmp_scan

checknames = snmp_scan(hostname, ipaddress)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 879, in snmp_scan

raise MKSNMPError(“Cannot fetch system description OID %s” % sys_descr_oid)

main.MKSNMPError: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0

Timeout: No Response from 172.0.0.5.

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v3 -a SHA -x DES -u SNMPUser -A PASSWORD -X PASSWORD -l AuthPriv 172.0.0.5 .1.3.6.1.2.1.1.1.0

SNMPv2-MIB::sysDescr.0 = STRING: HP Comware Platform Software, Software Version 7.1.045, Release 2416

HP 5900AF-48G-4XG-2QSFP+ Switch

Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

We’ll meet in Munich for the 2nd Check_MK Conference!
Book your place now and be part of it.
October 18th-20th, 2015
http://mathias-kettner.com/conference

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 15:27:

Hi Marcel,

The output:

Type of agent: SNMP (community: ‘public’, bulk walk: yes, port: default, inline: no)

I did create a host-specific rule to use SNMPv3 under “SNMP communities of monitored hosts”:

Met vriendelijke groet,

Cordialement,

Kind regards,

Dries Symaeys
Senior Added Value Consultant
Monitoring Engineer

+32476535652

Hestia NV ■ Veldkant 35D ■ 2550 Kontich ■ +32 3 450 67 89

From: Marcel Schulte [mailto:schulte.marcel@gmail.com]
Sent: woensdag 2 september 2015 14:50
To: Symaeys Dries; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Scans of services on hosts not being performed in SNMP v3 but in v2c

Hi,

when you do a " cmk -D AFFECTHOSTNAME | grep ‘Type of agent’ "… What is reported?

Regards,

Marcel

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 um 14:44 Uhr: > > Hi all, > > Ran into something today, and it’s quite annoying: When configuring a host to use SNMPv3 to check a device, it tries to use SNMP v2c instead.

This means we have to open up v2c; perform a scan; add the checks we need; close v2c back up and let the checking be done via v3.

Are there any workarounds available?

OMD[site]:~/etc/check_mk/conf.d/wato$ omd version

OMD - Open Monitoring Distribution Version 1.2.4p5.mmk

(also affected: 1.2.6p9.cee)

OMD[site]:~/etc/check_mk/conf.d/wato$ cmk --debug -vI host.to.check

Inventorizing host.to.check.

Scanning host host.to.check(172.31.255.5) for SNMP checks…Running ‘snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0’

ERROR: SNMP error

Timeout: No Response from 172.31.255.5.

Traceback (most recent call last):

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 5916, in

do_snmp_scan(hostnames)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 2680, in do_snmp_scan

checknames = snmp_scan(hostname, ipaddress)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 879, in snmp_scan

raise MKSNMPError(“Cannot fetch system description OID %s” % sys_descr_oid)

main.MKSNMPError: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0

Timeout: No Response from 172.0.0.5.

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v3 -a SHA -x DES -u SNMPUser -A PASSWORD -X PASSWORD -l AuthPriv 172.0.0.5 .1.3.6.1.2.1.1.1.0

SNMPv2-MIB::sysDescr.0 = STRING: HP Comware Platform Software, Software Version 7.1.045, Release 2416

HP 5900AF-48G-4XG-2QSFP+ Switch

Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

We’ll meet in Munich for the 2nd Check_MK Conference!
Book your place now and be part of it.
October 18th-20th, 2015
http://mathias-kettner.com/conference

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 15:27:

Hi Marcel,

The output:

Type of agent: SNMP (community: ‘public’, bulk walk: yes, port: default, inline: no)

I did create a host-specific rule to use SNMPv3 under “SNMP communities of monitored hosts”:

Met vriendelijke groet,

Cordialement,

Kind regards,

Dries Symaeys
Senior Added Value Consultant
Monitoring Engineer

+32476535652

Hestia NV ■ Veldkant 35D ■ 2550 Kontich ■ +32 3 450 67 89

From:
Marcel Schulte [mailto:schulte.marcel@gmail.com]
Sent: woensdag 2 september 2015 14:50
To: Symaeys Dries;
checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Scans of services on hosts not being performed in SNMP v3 but in v2c

Hi,

when you do a " cmk -D AFFECTHOSTNAME | grep ‘Type of agent’ "… What is reported?

Regards,

Marcel

Symaeys Dries Dries.Symaeys@hestia-it.be schrieb am Mi., 2. Sep. 2015 um 14:44 Uhr:

Hi all,

Ran into something today, and it’s quite annoying: When configuring a host to use SNMPv3 to check a device, it tries to use SNMP v2c instead.

This means we have to open up v2c; perform a scan; add the checks we need; close v2c back up and let the checking be done via v3.

Are there any workarounds available?

OMD[site]:~/etc/check_mk/conf.d/wato$ omd version

OMD - Open Monitoring Distribution Version 1.2.4p5.mmk

(also affected: 1.2.6p9.cee)

OMD[site]:~/etc/check_mk/conf.d/wato$ cmk --debug -vI host.to.check

Inventorizing host.to.check.

Scanning host host.to.check(172.31.255.5) for SNMP checks…Running ‘snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0’

ERROR: SNMP error

Timeout: No Response from 172.31.255.5.

Traceback (most recent call last):

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 5916, in

do_snmp_scan(hostnames)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 2680, in do_snmp_scan

checknames = snmp_scan(hostname, ipaddress)

File “/omd/sites/site/share/check_mk/modules/check_mk.py”, line 879, in snmp_scan

raise MKSNMPError(“Cannot fetch system description OID %s” % sys_descr_oid)

main.MKSNMPError: Cannot fetch system description OID .1.3.6.1.2.1.1.1.0

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v2c -c ‘public’ -m ‘’ -M ‘’ -On -OQ -Oe -Ot 172.0.0.5 .1.3.6.1.2.1.1.1.0

Timeout: No Response from 172.0.0.5.

OMD[site]:~/etc/check_mk/conf.d/wato$ snmpget -v3 -a SHA -x DES -u SNMPUser -A PASSWORD -X PASSWORD -l AuthPriv 172.0.0.5 .1.3.6.1.2.1.1.1.0

SNMPv2-MIB::sysDescr.0 = STRING: HP Comware Platform Software, Software Version 7.1.045, Release 2416

HP 5900AF-48G-4XG-2QSFP+ Switch

Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

We’ll meet in Munich for the 2nd Check_MK Conference!
Book your place now and be part of it.
October 18th-20th, 2015
http://mathias-kettner.com/conference

On 9/11/2015 9:14 AM, Symaeys Dries
wrote:

          Hi

all,

�

�

        Jut

to let you know that I found the issue.

        For

some reason, the rules that were set to use snmpv3 with a
specific user/password/etc., were skipped.

        After

some troubleshooting and some grep-ing, I found the
following:

�

•          OMD[site]:~/etc/check_mk/conf.d/wato$
  

grep -r explicit_snmp_ ./*

—SNIP—

•          ./network/snmpv3/hosts.mk:explicit_snmp_communities.update({'DEVICE_1':
  

u’public’,*

•          �
  

‘DEVICE_2’: u’public’,*

•        �**'DEVICE_3': u'public',*
  

� ‘DEVICE_4’: u’public’,

—/SNIP—

�

        It

seems that somewhere in the past some explicit SNMP values
have been set and only after removing these values:

        tested

by removing one entry �=> SNMPv3 settings are shown when
using �cmk �D $HOST�; checks work

        moved

the folder out from under the Network folder that has the
community set => OK, no more hosts with explicit value
set

        moved

folder back under the Network folder (still with community
set on partent) => Still OK

�

        Hope

this helps someone in the future!

_______________________________________________
checkmk-en mailing list
We�ll meet in Munich for the 2nd Check_MK Conference!
Book your place now and be part of it.
October 18th-20th, 2015

checkmk-en@lists.mathias-kettner.dehttp://lists.mathias-kettner.de/mailman/listinfo/checkmk-enhttp://mathias-kettner.com/conference

Met vriendelijke groeten - Kind regards

Tim Despiegelaere – System Engineer

From: checkmk-en-bounces@lists.mathias-kettner.de
[mailto:checkmk-en-bounces@lists.mathias-kettner.de] On Behalf Of Jam Mulch
Sent: Friday 11 September 2015 16:12
To: checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Scans of services on hosts not being performed in SNMP v3 but in v2c

One really nice feature I’ve noticed in 1.2.6p10 (may have been there before, but I didn’t notice it)
is the ‘Parameters of ’ page.

From ‘Services of ’, click on WATO, then click on ‘Parameters’.

That shows which rules are active for the host without having to wander around folders looking
at settings. For example, under ‘Access to Agents’, you can see what community value is being
used for SNMP and whether it’s the default value or if not, which rule is used.

On 9/11/2015 9:14 AM, Symaeys Dries wrote:

Hi all,

Jut to let you know that I found the issue.

For some reason, the rules that were set to use snmpv3 with a specific user/password/etc., were skipped.

After some troubleshooting and some grep-ing, I found the following:

OMD[site]:~/etc/check_mk/conf.d/wato$ grep -r explicit_snmp_ ./

—SNIP—

./network/snmpv3/hosts.mk:explicit_snmp_communities.update({‘DEVICE_1’: u’public’,

• ‘DEVICE_2’: u’public’,*

• *‘DEVICE_3’: u’public’,

• ‘DEVICE_4’: u’public’,*

—/SNIP—

It seems that somewhere in the past some explicit SNMP values have been set and only after removing these values:

tested by removing one entry => SNMPv3 settings are shown when using “cmk –D $HOST”; checks work

moved the folder out from under the Network folder that has the community set => OK, no more hosts with
explicit value set

moved folder back under the Network folder (still with community set on partent) => Still OK

Hope this helps someone in the future!

_______________________________________________

checkmk-en mailing list

checkmk-en@lists.mathias-kettner.de

[http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en](http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en)

We’ll meet in Munich for the 2nd Check_MK Conference!

Book your place now and be part of it.

October 18th-20th, 2015

[http://mathias-kettner.com/conference](http://mathias-kettner.com/conference)