Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion Champion
Champion

SNMPd crashes multiple times a day

I'm experiencing a serious SNMP issue on an 1400 appliance after enabling it for SNMPv3 checks on the latest firmware release (R77.20.75). After a couple of hours I need to disable and re-enable it via the 1400 Appliance's WebUI in order to have the monitoring to work again. Check Point Support couldn't fix it yet. Is anyone else experiencing the same?

0 Kudos
5 Replies
Vladimir
Champion
Champion

Danny,

I do not see these issues but, although I have it enabled and user defined, I do not have traps enabled or receivers defined, nor am I actively polling my device.

login as: randomadminname
Vladimir@192.168.7.1's password:
drawbridge> show software-version
This is Check Point's 1430 Appliance R77.20.75 - Build 239
drawbridge> expert
Enter expert password:

You are in expert mode now.

[Expert@drawbridge]# ps aux | grep snmp
root 3387 0.0 0.1 4336 1596 ? S Apr15 42:06 snmpd -Lsd -Lf /dev/null -I -smux -p /var/run/snmpd.pid -c /etc/snmpd.conf 0.0.0.0
root 9015 0.0 0.0 3724 1012 pts/0 S+ 16:53 0:00 grep snmp
[Expert@drawbridge]#

0 Kudos
HristoGrigorov

I have 2x 1470 appliances with SNMP enabled and PRTG server that is constantly scanning them. No issues. And no traps enabled. 

0 Kudos
Pedro_Espindola
Advisor

Hello Danny, I had this issue sometime ago, but SNMP would stop responding about once a day and SNMP agent had to be restarted.

I would see this error in /var/log/messages: 2017 Aug 25 16:50:05 NGSX-FW daemon.err snmpd[20961]: could not create socket

Searching the internet I saw a similar issue on many linux distros related to an out-dated NET-SNMP version.

I had an SR open for months and they sent me a modified snmpd binary, which reduced the crashes to only once a week.

The issue stopped around December 2017, I still don't know why it happened or stopped hapenning.

Do you see this error or other errors in /var/log/messages?

0 Kudos
Danny
Champion Champion
Champion

Hi Pedro Espindola,

when running

grep snmp /var/log/messages‍

I'm also seeing many of these log entries reporting an error:

2018 Jun  7 20:29:34 Gateway-ID daemon.err snmpd[26564]: couldn't create socket‍

As Check Point support couldn't solve the issue yet, I've created a one-liner as workaround that helps until a working fix is developed. To use it, just put this line:

while `sleep 60`; do grep snmp /var/log/messages | tail -n 1 | grep daemon.err; [ $? == 0 ] && { clish -c 'set snmp agent "off" agent-version "v3-only" community "public"'; clish -c 'set snmp agent "on" agent-version "v3-only" community "public"'; } done‍‍

inside of

/pfrm2.0/etc/userScript‍

and reboot your 1400 appliance. You might need to adjust the snmp parameters to your specific snmp configuration. This workaround checks every 60 secs if the last snmp entry within /var/log/messages is daemon.err. If that's the case the snmp agent gets restarted.

0 Kudos
Pedro_Espindola
Advisor

Thank you, Danny. That is very useful!

I haven't had this issue since December. I have gateways using builds 990172239 and 990172286.

In which builds are you experiencing this?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events