Debugging with the esxcli system snmp test command
search cancel

Debugging with the esxcli system snmp test command

book

Article ID: 339924

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

The esxcli system snmp test command prompts you to correct the ESXi SNMP agent configuration if certain settings are unconfigured or incorrectly configured. This article gives some examples of these configuration errors and the resulting output from the test command.

For more information on troubleshooting SNMP agent configuration, see KB 2033466: ESXi SNMP agent log entries for informs and KB 2033526: SNMP inform configuration errors.

Environment

VMware vSphere ESXi 5.5
VMware vSphere ESXi 5.1
VMware vSphere ESXi 6.0

Resolution

Example 1: No v1, v2c, or v3 targets are set

The esxcli system snmp get command produces the following output:
Authentication:
Communities:
Enable: false
Engineid:
Hwsrc: indications
Loglevel: info
Notraps:
Port: 161
Privacy:
Remoteusers:
Syscontact:
Syslocation:
Targets:
Users:
V3targets:
Running esxcli system snmp test produces the following error:
Must first configure at least one v1|v2c|v3 trap target

Solution

As the command above indicates, you must configure one or more targets:

Type esxcli system snmp set -i <str> or esxcli system snmp set -t <str>.

For example, to set targets for user2 and user3, type:
esxcli system snmp set -i 10.112.170.205@2263/user2/auth/inform, # -For authNoPriv
10.112.170.205@2264/user3/priv/inform # For authPriv

Example 2: Executing a test command when no protocols are defined

Running esxcli system snmp test produces the following error:

Authentication protocol not defined, security level for target 10.112.170.205@2264 requires it

Solution

Set the authentication and privacy protocols. For example, esxcli system snmp set -a SHA1 -x AES128 sets the authentication protocol to SHA1 and the privacy protocol to AES128.

Example 3: Remote users are not set

Running esxcli system snmp test produces the following error message:

Requires remote user to be defined for user3

Solution

Refer to KB 2033377: Configuring inform users for the ESXi SNMP Agent.

Further Troubleshooting:

The esxcli system snmp test command is equivalent to restarting the snmpd agent (both send a warmStart trap).

There are a number of diagnostics available to troubleshoot further:

1. /var/log/syslog.log will contain a record of the call to transfer the message to the vmkernel IP stack (example below):

2013-07-22T15:13:45Z snmpd: snmpd: SendToIpTransport: sendto(fd=4, length=44) rc = 44
2013-07-22T15:13:45Z snmpd: snmpd: Sr_send_trap_ctx: trap pdu sent to 'xxx.xxx.xxx.xxx:1162' size=44 bytes

2. tcpdump-uw can trace outgoing snmp traps:

tcpdump-uw -v -i vmk# -n -T snmp udp and port ### (typically port 162; if custom ports are configured use those)

3. Unless reverse poll is turned off (by turning off sfcb (esxcfg-advcfg -g /UserVars/CIMEnabled) or by suppressing the event with esxcli system snmp set -n option),every 5 minutes an enterprise trap is emitted from sfcbd.

4. Lastly turning up/down physical NICs can also cause traps (esxcli network nic up|down -n vmnic#). Make note of the configurations/states before changing to avoid causing network issues.

Additional Information

For translated versions of this article, see:
Powered by Wolken Software