Debugging with the esxcli system snmp test command
search cancel

Debugging with the esxcli system snmp test command

book

Article ID: 339924

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere ESXi 5.5 VMware vSphere ESXi 6.0

Issue/Introduction

The 'esxcli system snmp test' command prompts user to correct the ESXi SNMP agent configuration if certain settings are unconfigured or incorrectly configured. This article gives some examples of these configuration errors and the resulting output from the test command.

For more information on troubleshooting SNMP agent configuration, refer to SNMP inform configuration errors in syslog.

Resolution

Example 1: No v1, v2c, or v3 targets are set

  • The esxcli system snmp get command produces the following output:

    Authentication:
    Communities:
    Enable: false
    Engineid:
    Hwsrc: indications
    Loglevel: info
    Notraps:
    Port: 161
    Privacy:
    Remoteusers:
    Syscontact:
    Syslocation:
    Targets:
    Users:
    V3targets:

  • Running esxcli system snmp test produces the following error:

    Must first configure at least one v1|v2c|v3 trap target

Example 1 Solution

As the command above indicates, the user must configure one or more targets:

  • Type either of the following:

    esxcli system snmp set -i <str>
    esxcli system snmp set -t <str>

  • For example, to set targets for user2 and user3, type:

    esxcli system snmp set -i 10.112.170.205@2263/user2/auth/inform, # -For authNoPriv

    10.112.170.205@2264/user3/priv/inform # For authPriv

Example 2: Executing a test command when no protocols are defined

  • Running esxcli system snmp test produces the following error:

    Authentication protocol not defined, security level for target 10.112.170.205@2264 requires it

Example 2 Solution

  • Set the authentication and privacy protocols.
  • For example, esxcli system snmp set -a SHA1 -x AES128 sets the authentication protocol to SHA1 and the privacy protocol to AES128.

Example 3: Remote users are not set

  • Running esxcli system snmp test produces the following error message:

    Requires remote user to be defined for user3

Example 3 Solution

Additional Information

Further Troubleshooting

The esxcli system snmp test command is equivalent to restarting the snmpd agent (both send a warmStart trap).

There are a number of diagnostics available to troubleshoot further.

  1. ESXi - /var/log/syslog.log will contain a record of the call to transfer the message to the vmkernel IP stack.

    Example

    snmpd: snmpd: SendToIpTransport: sendto(fd=4, length=44) rc = 44
    snmpd: snmpd: Sr_send_trap_ctx: trap pdu sent to '#.#.#.#:1162' size=44 bytes

  2. tcpdump-uw can trace outgoing snmp traps

    tcpdump-uw -v -i vmk# -n -T snmp udp and port ### (typically port 162; if custom ports are configured use those)

  3. Unless reverse poll is turned off (by turning off sfcb (esxcfg-advcfg -g /UserVars/CIMEnabled) or by suppressing the event with esxcli system snmp set -n option), every 5 minutes an enterprise trap is emitted from sfcbd.

  4. Lastly turning up/down physical NICs can also cause traps (esxcli network nic up|down -n vmnic#). Make note of the configurations/states before changing to avoid causing network issues.
Powered by Wolken Software