Possible to obtain more specific error cause than "SNMP Request timed out"?

Sebastian · May 9, 2022, 11:37am

Dear forum,

I have implemented a functioning SNMPv3 manager using SNMP4J.

One thing that I was not able to achieve though is extracting the exact error cause from the SNMP4J mechanisms/objects. When providing a wrong security name / password / protocol (auth or priv), I always retrieve “java.util.concurrent.TimeoutException: SNMP Request timed out”. Error codes of the SnmpCompletableFuture, ResponseEvent or PDU objects are either 0 or null.

Using e.g. NET-SNMP, I receive detailed error responses, e.g. “Unsupported security level (Sub-id not found)”, “authorizationError (access denied to that object)” or “Authentication failure (incorrect password, community or key)”.

Is it possible to obtain more details on the specific error cause, either directly or at least by some workaround/further digging?

Hope this post is relevant for others as well. Thank you in advance!
Sebastian

AGENTPP · May 9, 2022, 5:51pm

Hi Sebastian,

Are you talking about a NET-SNMP agent or client?

For many authentication errors, you can listen for by registering a AuthenticationFailureListener with the MessageDispatcher you are using addAuthenticationFailureListener.
You might now be asking: “Why not returning the status to the application calling the Snmp.send method?”.

The answer is as always if something is not that simple as expected: security.

Because a reply is “unauthentic” then it could be easily an attack. Returning this “wrong” information to the application could triggered “wrong” actions. Therefore, there is an option SNMP4JSettings.setReportSecurityLevelStrategy to ignore all insecure reports or ignore those that could be harmful.

The PDU authorizationError is a standard SNMP error status and will be reported by the fluent API too.

Best regards,
Frank

Sebastian · May 11, 2022, 8:30pm

I was talking about NET-SNMP client, i.e. simple polling requests against some random agent (I received similar responses for a locally running NET-SNMP agent as well as an entirely different SNMP agent on a remote system).

Unfortunately I was somehow not able to properly activate an AuthenticationFailureListener. I solved my issue by setting the SNMP4JSettings.setReportSecurityLevelStrategy to noAuthNoPrivIfNeeded though. This allowed me to extract more detailed information from the variable bindings or status of the response PDU.

Thanks for your fast response, Frank!