[SNMP4J] Please Help, Notification Filtering (code included)
Frank Fock
fock at agentpp.com
Thu Mar 7 00:49:44 CET 2013
The mapping between targetParam and notifyEntry is wrong.
Both need to have the same index. You are using "v2c"
for the Params row and "default" for the NotifyProfile row.
Regarding VACM, the RFC 3415 explains the details. Basically
you need to define a view for notifications that includes the coldStart
OID.
Best regards,
Frank
Am 07.03.2013 00:34, schrieb m k:
> "Notification filters are associated with targets. Did you setup that
> relationship properly?"
>
> I believe so. Here is the relevant code:
>
> targetMIB.addTargetAddress(new OctetString("notificationV2c"),
> TransportDomains.transportDomainUdpIpv4,
> new OctetString(new UdpAddress("127.0.0.1/162").getValue()),
> 200, 1,
> new OctetString("notify"),
> new OctetString("v2c"),
> StorageType.permanent);
>
> targetMIB.addTargetParams(new OctetString("v2c"),
> MessageProcessingModel.MPv2c,
> SecurityModel.SECURITY_MODEL_SNMPv2c,
> new OctetString("cpublic"),
> SecurityLevel.NOAUTH_NOPRIV,
> StorageType.permanent);
>
> notificationMIB.addNotifyEntry(new OctetString("default"),
> new OctetString("notify"),
> SnmpNotificationMIB.SnmpNotifyTypeEnum.trap,
> StorageType.permanent);
>
>
> Without trap filtering, I can receive the coldstart fine this way. The notificationFilterProfile is connected to the target address only by the "v2c" targetParamsName (implied), and I *think* I got that right.
>
> "Second, there is no VACM access to the coldStart OID. This will block
> the notification too."
>
> Right, I agree. But I don't know what change I need to make in order to add the VACM access to the coldStart OID. If possible, I'm wondering if you could tell me how to change the
> code I've given to allow that access. I'd like to give free access to any notification that starts with "1.3.6" (which I'm failing at, as you can see). After that, I'd like to add exclusion filters to
> specify a few individual traps I don't want.
>
> To be clear, I'm only looking for the specific change to the filter to allow all traps (1.3.6...), for now. If I messed up the appending or implied portions somewhere, the mask, etc, it would
> be great if you might kindly point that out as well.
>
> Thanks again for the help
>
>
>
>> Date: Wed, 6 Mar 2013 23:57:20 +0100
>> From: fock at agentpp.com
>> To: snmp4j at agentpp.org
>> Subject: Re: [SNMP4J] Please Help, Notification Filtering (code included)
>>
>> Hi,
>>
>> Notification filters are associated with targets. Did you setup that
>> relationship properly?
>> Second, there is no VACM access to the coldStart OID. This will block
>> the notification too.
>>
>> Best regards,
>> Frank
>>
>> Am 06.03.2013 16:20, schrieb m k:
>>> Hello,
>>>
>>> I'm trying to figure out notification filtering, and only having a bit of success. I managed to set up a notification profile that is checked, but it turns out that no matter what I do,
>>> ALL notifications are blocked. In this example, I'm trying to ALLOW the coldstart notification to notify--and its not working. I'd really appreciate some help.
>>>
>>>
>>> Thanks
>>>
>>> .....
>>>
>>> The following is the code, but this might look mangled on the mailing list, so I'm including a pastebin, too.
>>>
>>> http://pastebin.com/ti0efAMv
>>>
>>>
>>> Code:
>>>
>>> /* Works. Creates filter profile */
>>>
>>> notificationMIB.getNotifyFilterProfileTable().addRow(
>>> notificationMIB.getNotifyFilterProfileTable().createRow(
>>> new OctetString("v2c").toSubIndex(true), // true - implied length
>>> new Variable[]{
>>> new OctetString("onlyDefault"),
>>> new Integer32(StorageType.permanent),
>>> new Integer32(RowStatus.active)}));
>>>
>>>
>>>
>>> /* Fails. Matches nothing, blocks everything */
>>> notificationMIB.getNotifyFilterTable().addRow(
>>> notificationMIB.getNotifyFilterTable().createRow(
>>> // false - Not implied length true - Implied length
>>> new OctetString("onlyDefault").toSubIndex(false).append(new OID(new int[]{1,3,6}).toSubIndex(true)),
>>> new Variable[]{
>>> new OID(new int[]{1,3,6}),
>>> new OctetString(),
>>> new Integer32(1), // Included
>>> new Integer32(StorageType.permanent),
>>> new Integer32(RowStatus.active)}));
>>>
>>> 109 [LexBeanRunInterruptable(LexLocalHostBean):Thread-15] INFO org.snmp4j.agent.mo.snmp.NotificationOriginatorImpl - Notification 1.3.6.1.6.3.1.1.5.1 reported with [] for context
>>> 109 [LexBeanRunInterruptable(LexLocalHostBean):Thread-15] INFO org.snmp4j.agent.mo.snmp.NotificationOriginatorImpl - Notification 1.3.6.1.6.3.1.1.5.1 did not pass filter 118.50.99
>>> 109 [LexBeanRunInterruptable(LexLocalHostBean):Thread-15] WARN org.snmp4j.agent.mo.snmp.NotificationOriginatorImpl - Access denied by VACM for 1.3.6.1.6.3.1.1.5.1
>>>
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J at agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>> --
>> ---
>> AGENT++
>> Maximilian-Kolbe-Str. 10
>> 73257 Koengen, Germany
>> https://agentpp.com
>> Phone: +49 7024 8688230
>> Fax: +49 7024 8688231
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
More information about the SNMP4J
mailing list