przemocf 0 Posted June 20, 2017 Share Posted June 20, 2017 Hi all, I have a WS server running ESET File Security and ERA, I collect some statistics via SNMP, whenever I try to scan OID tree (run "walk") of server the SNMP client always get stuck (print error and ends scan) at node: 1.3.6.1.4.1.29171.2.2.0 . Here is result of snmpwalk from debian linux - for windows snmp clients they thrown error at this node too. user@DEB:~$ snmpwalk -v2c -On -c securePublic 10.0.3.3 .1.3.6.1.4.1.29171 .1.3.6.1.4.1.29171.2.1.0 = STRING: "ESET, spol. s.r.o." .1.3.6.1.4.1.29171.2.2.0 = STRING: "6.0.993.0" Error in packet. Reason: (genError) A general failure occured Failed object: .1.3.6.1.4.1.29171.2.2.0 I think, the problem is with the snmp module from ERA that is being registered in windows in SNMP service... Here is my version-info: ******** ERA ver.: ESET Remote Administrator (Server), Version 6.3.136.0 ESET Remote Administrator (Web Console), Version 6.3.114.0 Microsoft Windows Server 2008 R2 Standard (64-bit), Version 6.1.7601 Service Pack 1 ******** Installed on server: ESET Remote Administrator Agent 6.3.136.0 ESET File Security 6.3.12006.0 ESET Rogue Detection Sensor 1.0.1049.0 ESET Remote Administrator Server 6.3.136.0 I can provide packet capture from Wireshark too for ESET tech. Ps. It took me a bit of time to find the ESET MIB - so for others that are looking for it , it's here: C:\Program Files\ESET\RemoteAdministrator\Server\ESET_RAS.mib Link to comment Share on other sites More sharing options...
ESET Staff MartinK 352 Posted June 20, 2017 ESET Staff Share Posted June 20, 2017 Is it possible to configure snmpwalk so that it will be more verbose/more specific of where problem is? This format of SNMP notification has been used by ESET for many years and I don't remember any similar issue reported. Is there any obvious problem visible in wireshark capture in comparisson with other SNMP traps? I would recommend to open support ticket, as this issie seems to require someone skilled with SNMP. Please attach also mentioned wireshark capture so that it can be analysed. Link to comment Share on other sites More sharing options...
przemocf 0 Posted June 23, 2017 Author Share Posted June 23, 2017 Hello, There is not much more to "debug" in snmpwalk (on linux ,and snmpb on windows) . In I 'll try to update the FS and ERA console to latest available. Here is a screenshot of this "error packet" from wireshark: Link to comment Share on other sites More sharing options...
Recommended Posts