Log Collection SNMP: Troubleshoot SNMP Collection

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic highlights possible problems that you may encounter with SNMP Collection and suggested solutions to these problems.

Troubleshoot SNMP Collection Issues

To retrieve events from SNMP, you must configure the parameters so that they verify and decrypt SNMPv3 Traps and Inform messages from the event sources.

  • For Inform messages, you must specify the user (security name, in SNMPv3 terminology) without an Engine ID.
  • For Trap messages, you must specify the user with the Engine ID of the event sender.

You must set the Debug parameter to Verbose to  receive invalid Trap and Inform log messages.

{SA}} returns the following types of error messages in the log files for the SNMP collection protocol.

          
Log Messages

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: snmpv3_parse: (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: msgMaxSize 65507 received

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm: (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing begun...

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm: (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: Unknown Engine ID.

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing has begun (offset 55) (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: getting user (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing completed.

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: snmpv3_parse: (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: msgMaxSize 65507 received (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing begun... (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: Unknown User(logcollector) (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing has begun (offset 55) (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: getting user logcollector (d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 13:43:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing completed.

Possible CauseMissing Username or Engine ID for SNMP trap.
SolutionsMake sure that the event source sends the Username and Engine ID that you configured for the event source in the SNMP v3 User Manager Configuration Parameters.

 

          
Log Messages

(d) 2013-May-02 16:47:26 [SnmpTrapCollection(TraceLog)] Net-SNMP: snmptrapd:

(d) 2013-May-02 16:47:26 [SnmpTrapCollection(TraceLog)] Net-SNMP: Running global handlers

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: snmpv3_parse:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: msgMaxSize 65507 received

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing begun...

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: match on user logcollector

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: Verification succeeded.

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: usm:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: USM processing completed.

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: snmp_parse:

(d) 2013-May-02 16:47:38 [SnmpTrapCollection(TraceLog)] Net-SNMP: Parsed SNMPv3 message (secName:logcollector, secLevel:authPriv): ASN.1 parse error in message

Possible CauseThe Authentication Type and or Passphrase used by the event source was different from the values you configured.
SolutionsMake sure that Authentication Type and the Authentication Passphrase sent by the event source matches parameters you configured for the event source in the SNMP v3 User Manager Configuration Parameters.
You are here: SNMP Collection Configuration Guide > Troubleshoot SNMP Collection

Attachments

    Outcomes