SysMan Mall

Understanding Report PDUs/ SNMP Exceptions in SunMC agent.log

SNMPv2/v3 differentiate between error in retrieving information from the MIB (Management Information Base) tree and exceptional conditions that occur in handling an incoming request. The exceptions are more commonly known as SNMP Reports and on the wire are transmitted using special SNMP PDU known as Report PDU.

The report PDU primarily contains an object identifier which tells the requester as to what went wrong while processing his/her request. These report PDUs are logged in the agent.log of Sun Management Center agents (/var/opt/SUNWsymon/log directory) whenever the agent generates such a PDU.

A Report PDU will contain one of the below specified OID (Object Identifier) value depending upon the exception that resulted in generation of the Report.

One thing to note here is that SNMPv2usec is the supported security model when the incoming message was sent using SNMPv2 and SNMPv3usm is the security model that is used with SNMPv3 version of the protocol. Most of the times the terms are used interchangeably the reason this distinction is made here is simply because it is possible to specify another security model with a version of protocol (and some are in the pipe-line at IETF) if and when supported by the agent.

Report OIDs and their description

unsupportedSecurityLevel
SNMPv2usec :    1.3.6.1.6.3.6.1.2.1.0
SNMPv3usm :    1.3.6.1.6.3.15.1.1.1.0

The security level is specified as part of security header and it can be one of noAuthNoPriv, authNoPriv and authPriv (where auth is for authorization and priv is for privacy). If the receiving stack does not support a certain level it generates a report PDU and sends it back to the requester.

notInTimeWindow
SNMPv2usec :    1.3.6.1.6.3.6.1.2.2.0
SNMPv3usm :    1.3.6.1.6.3.15.1.1.2.0

To guard against replay protection SNMP supports the notion of loosely synchronizing clocks between the agent and the client. If the incoming request is not within a specified time window (150 sec) then the agent rejects the PDU with the above report OID.

unknownSecurityName
SNMPv2usec : 1.3.6.1.6.3.6.1.2.3.0
SNMPv3usm : 1.3.6.1.6.3.15.1.1.3.0
The agent maintains information about user/principal and their associated key in a table more commonly known as USM (User Security Model) table. The table contains entry for all configured user/principals who are allowed to communicate with the agent. The SNMP stack on receiving the PDU refers to the USM table and if it does not find the name of the user from whom the PDU was received then it generates  the above mentioned exception.

authenticationFailure
SNMPv2usec : 1.3.6.1.6.3.6.1.2.4.0
SNMPv3usm : 1.3.6.1.6.3.15.1.1.5.0
This is an obvious one, if the digest authentication check fails on the PDU then a report PDU with one of the OIDs mentioned above is generated based on the security model  of the PDU.

unknownEngineID
SNMPv2usec : 1.3.6.1.6.3.6.1.2.5.0
SNMPv3usm : 1.3.6.1.6.3.15.1.1.4.0
If the engineID contained in the request does not match the engineID of the receiving SNMP engine then the above Report OIDs are sent as part of the report PDU. This report PDU also is part of the SNMP discovery phase.

decryptionError
SNMPv3usm : 1.3.6.1.6.3.15.1.1.6.0
This is an SNMPv3 only report PDU and is generated whenever decryption of a PDU with securityLevel authPriv fails.

badParameters
SNMPv2usec : 1.3.6.1.6.3.6.1.2.6.0  
This applies to v2usec only. In SNMPv2usec the security header follows a fixed format. An exception is generated if the fields in the header break that rule.

unauthorizedOperation
SNMPv2usec :  1.3.6.1.6.3.6.1.2.7.0
The report PDU is generated in SNMPv2 when an operation for which user has no authorization is specified.

Knowing how to interpret the report OIDs can help troubleshoot/ analyze communication issues with an SNMP agent. In case of SunMC the Report PDUs are logged in /var/opt/SUNWsymon/log/agent.log file and therefore can be looked at a later point in time as well. In case of a generic SNMP agent you may have to resort to a packet sniffer/analyzer to capture SNMP packets and filter out Report PDUs for further debugging.

Posted at 10:55AM Oct 18, 2006 by adikhit in SNMP  |  Comments[3]