#2862 AIX: can't turn off host/hr_print via snmpd.conf
On AIX running net-snmp 5.7.3, an snmpwalk of .1.3.6.1.2.1.25.3.2 forces the 'lpstat' (printer) command to be run. Not clear why .25.3.5 is being run since I only expect to have .25.3.2 (not .25.3.5) returned.
I even set my snmpd.conf file to look like:
rouser myuser priv -V systemview
view systemview included .1.3.6.1
view systemview excluded .1.3.6.1.2.1.25.3.5
to explicitly exclude anything to do with printers (on our AIX servers, the 'lpstat' command is taking 6+ minutes to run causing all snmp queries to timeout) and still the 'lpstat' command runs.
On AIX I run:
/opt/freeware/sbin/snmpd -c /opt/freeware/etc/snmp/snmpd.conf -Lo -p /var/tmp/net-snmpd -f -D run:exec,snmp_agent > /tmp/snmpd.out.txt
see attached snmpd.out.txt for output
on another server I run:
snmpwalk -v 3 -n "" -u myuser -a SHA -A "--password--" -x AES -X "--password--" -l authPriv SVRFQDN .1.3.6.1.2.1.25.3.2
The output produced by snmpwalk is:
HOST-RESOURCES-MIB::hrDeviceIndex.196608 = INTEGER: 196608
HOST-RESOURCES-MIB::hrDeviceIndex.196609 = INTEGER: 196609
HOST-RESOURCES-MIB::hrDeviceIndex.196610 = INTEGER: 196610
HOST-RESOURCES-MIB::hrDeviceIndex.196611 = INTEGER: 196611
HOST-RESOURCES-MIB::hrDeviceIndex.196612 = INTEGER: 196612
HOST-RESOURCES-MIB::hrDeviceIndex.196613 = INTEGER: 196613
HOST-RESOURCES-MIB::hrDeviceIndex.196614 = INTEGER: 196614
HOST-RESOURCES-MIB::hrDeviceIndex.196615 = INTEGER: 196615
HOST-RESOURCES-MIB::hrDeviceIndex.196616 = INTEGER: 196616
HOST-RESOURCES-MIB::hrDeviceIndex.196617 = INTEGER: 196617
HOST-RESOURCES-MIB::hrDeviceIndex.196618 = INTEGER: 196618
HOST-RESOURCES-MIB::hrDeviceIndex.196619 = INTEGER: 196619
HOST-RESOURCES-MIB::hrDeviceIndex.196620 = INTEGER: 196620
HOST-RESOURCES-MIB::hrDeviceIndex.196621 = INTEGER: 196621
HOST-RESOURCES-MIB::hrDeviceIndex.196622 = INTEGER: 196622
HOST-RESOURCES-MIB::hrDeviceIndex.196623 = INTEGER: 196623
Timeout: No Response from SVRFQDN
If you're able to compile a patched net-snmp, can you try applying the patches from
https://github.com/fenner/net-snmp/commit/76a9bd3f18b23e97e7a51b89b1e20888155036da
and
https://github.com/fenner/net-snmp/commit/422c0c66285d1f9449260b0bc9a728b2d3dfc419
These fix a problem that I had with view application. Maybe they will help you too. The first one at least adds some debugging that might help understand what's happening, run snmpd with
-f -Le -Dsnmp_agentSince the 2nd url appears to contain everything from the first url, I applied the changes from the 2nd url to the 2 files. Unfortunately running snmpwalk on .1.3.6.1.2.1.25.3.2 is still traversing into .1.3.6.1.2.1.25.3.5. I'm attaching the output from running like:
snmpd -c /opt/freeware/etc/snmp/snmpd.conf -Lo -f -D run:exec,snmp_agent > snmpd2.out.txt
OK. I looked at the source and I see why I'm experiencing the problem I mention above. In agent/mibgroup/host/hr_device.c it appears that it will ALWAYS iterate over ALL devices regardless of whether there is configuration line like:
view systemview excluded .1.3.6.1.2.1.25.3.5
or not. So all device/oids defined in agent/mibgroup/host_res.h (including #define HRDEV_PRINTER 5) will get scanned.
Maybe this is an expectation problem rather than a coding problem. I'd expect that by having the above "excluded" line that I can control which devices do not get scanned. Thanks to Niels comment I can accomplish the same thing by using "-I-hr_print", but shouldn't the "excluded" have done the same thing?
Maybe appropriate that somewhere in hr_device.c there should be a check to see if a device oid is in an "excluded" list or not and if so then that device/oid gets skipped. Or maybe in agent/mibgroup/host/hr_print.c (and other device C files) the 'init' function should look to see if the oid associated with that device has been excluded or not and if so the per-device init file refuses to initialize that device.
You should be able to disable anything to do with the printer part of the host mib by disabling that module using the option -I-hr_print when starting snmpd.
I tested and confirmed that this worked. Thanks! I wasn't looking forward to reinstalling SNMP on 72 AIX servers. The -I option didn't even click to me that I could disable via the cmdline.
Last edit: Tait 2018-04-25
Hello, HELP ME PLS, using net snmp (5.6.1.1 Windows) snmpwalk return HOST-RESOURCES-MIB::host = No Such Object available on this agent at this OID. Add mibs +ALL in snmpconf don't worked...