This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNMP - Netsight - EXOS - Configuration

SNMP - Netsight - EXOS - Configuration

Anonymous
Not applicable

‎04-15-2015 10:37 AM

Hi,

Have a bunch of questions surrounding configuring SNMP in EXOS in Netsight, and is an extention of the following thread:

https://community.extremenetworks.com/extreme/topics/mixed-legacy-enterasys-s-k-n-c-and-extreme-sysl...

1st Question:

Should I set the severity to Debug-Data as the answer in the above thread implies. This leads to the question:

The three severity levels for extended debugging—Debug-Summary, Debug-Verbose, and Debug-Data—require that log debug mode be enabled (which may cause a performance degradation).

So just checking its safe to use the debug-data severity with debug mode enabled on all switchs?

My assumption is that for general syslogging you would just use a severity of 'info' and just use this as a temporary measure?

2nd Question:

What should the format be in the target command as per example configuration below, in order for Netsight to format the information correctly when using the default Netsight Syslog pattern:

configure syslog add 10.58.195.5:514 vr VR-Mgmt local0
enable log target syslog 10.58.196.5:514 vr VR-Mgmt local0
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 filter DefaultFilter severity Debug-Data
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 match Any
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 format timestamp seconds date Mmm-dd event-name none priority tag-name

3rd Question:

Currently have the configuration set as above but with the severity set to notify, but in Netsight the logging entries are being serialised into a single entry separated by , where xxx is a number. The serialisation can be a string of different messages at different times and of varying lengths.

This is proving an issue because you are unable to identify the different log entries when there grouped together instead of one per line.

Many thanks in advance.
0 Kudos
7 REPLIES 7

Anonymous
Not applicable

‎04-16-2015 06:19 AM

The tile mentions SNMP - should have said syslog, not sure if that can be changed?

Anyhow, thought I would share some brief notes I've created on configuring SNMP in case anyone else comes to this ticket looking for an answer.

Below are the commands to disable / enable the various default groups / users / and communities.

[Enable / disable] snmp access snmpv3
[Enable / disable] snmp access snmp-v1v2c
[Enable / disable] snmp community public / private
[Enable / disable] snmpv3 default-group
[Enable / disable] snmpv3 default-user

This is what you need to configure a custom read-only SNMPv2 – you can customise the read and notify views (as per further on) the ‘defaultUserView’ is in the switch config by default to get you going.

configure snmpv3 add access V2_User sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add group V2_Group user V2_ReadOnly sec-model snmpv2c
configure snmpv3 add community "private_name" name "private_name" user "V2_User"
configure snmpv3 add target-params "Filter-Name1" user "V2_User" mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included

This Is what you need to configure SNMPv3 - you can customise the read, write and notify views (as per further on) the ‘defaultUserView’ is in the switch config by default to get you going.

configure snmpv3 add user V3_User authentication md5 xxxxxxx privacy xxxxxxx
configure snmpv3 add group V3_Group user V3_User sec-model usm
configure snmpv3 add mib-view "AllMib" subtree 1.0/80 type included
configure snmpv3 add access V3_Group sec-model usm sec-level priv read-view "AllMib" write-view "AllMib" notify-view "AllMib"

This is where you configure the SNMP targets and if they are to be in the form of Traps or Informs. This can be customised of which some detail is given further on.

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx
configure snmpv3 add target-addr "Name2" param "Filter-Name2" ipaddress xxx.xxx.xxx.xxx
configure snmpv3 add target-params "Filter-Name1" user "V3_user" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add target-params "Filter-Name2" user "V2_User" mp-model snmpv2c sec-model snmpv2c sec-level noauth

This is how you can customise the 'defaultUserView', of which the below omits the ability for the 'private_name' to query SNMP users and accounts.

configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0 type included

When you us the command:

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx

If you then do a ‘show config snmp’ you will see the command now looks like this:

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx transport-port 162 tag-list "defaultNotify"

The part transport-port 162 tag-list "defaultNotify" is appended to the end by default, which is the default port and notify as shown below:

Notify Name : defaultNotify
Tag : defaultNotify
Type : Trap
Storage Type : NonVolatile
Row Status : Active

Total num. of entries in snmpNotifyTable : 2

You can create a new one with the command

configure snmpv3 add notify AllMib tag AllMib type inform

Of which the output is now:

Slot-1 # show snmpv3 notify


Notify Name : AllMib
Tag : AllMib
Type : Inform
Storage Type : NonVolatile
Row Status : Active

Notify Name : defaultNotify
Tag : defaultNotify
Type : Trap
Storage Type : NonVolatile
Row Status : Active

Total num. of entries in snmpNotifyTable : 2

Anonymous
Not applicable

‎04-16-2015 06:04 AM

Hi Bill, thanks for getting back to me.....

Little more info if it helps. As an example of the serialisation that you see in Netsight syslogs:

10.10.89.249 21 22:50:25 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63450 %% Fan 2 has failed. <162>Apr 16 07:19:14 10.10.89.249 10.10.89.249 21 22:50:29 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63451 %% Fan 2 has failed. <162>Apr 16 07:19:40 10.10.89.249 10.10.89.249 21 22:50:55 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63452 %% Fan 2 has failed. <165>Apr 16 06:19:52 10.10.39.253 10.10.39.253 VIOLATION: port fe.4.7 DOWN - 1 in 60 seconds

This is happening across platforms and firmware versions, and could possibly be due to upgrading to Netsight 6.2.0.199.

Some of the Hardware and Firmware that this is happening on is:

A2H123-14 - 03.03.02.002

C3k172-24 - 06.61.08.0013

EXOS Stack - 15.6.2.12

0 Kudos

Bill_Stritzinge
Extreme Employee

‎04-15-2015 04:36 PM

Hi Martin...

As to the following...

1. You are correct that using debug mode enabled might have a performance impact depending on the hardware platform you are using so I guess the answer it depends. As to normal practice, unless you are looking for specific things it is suggested not to have debug mode turned on.

2. You are the third person this week to ask that question to me and on this forum, answer is I dont know but it is on my list to find out. I plan on preparing a document that you can reference for the syslog as well as suggestions for adding SNMP on XOS for Netsight (you mentioned SNMP above so I thought I would mention that too..)

I will let you know when I have that completed.

Bill
0 Kudos
GTM-P2G8KFN