Technical Tip: SNMP_v2c Failed to match community
| Description | This article describes the issue with the event log: SNMP_v2c Failed to match community, and how to troubleshoot this. |
| Scope | FortiWeb. |
| Solution | If SNMP settings are configured on the FortiWeb, there is a chance of getting event logs with the following error:
type=event subtype="system" pri=warning trigger_policy="N/A" user=system ui=system action=snmp-query status=failure msg="SNMP_v2c Failed to match community.
These event logs will show up if the SNMP settings permit access only from designated hosts, which are configured under the SNMP settings:
Any attempt to query SNMP from an unauthorized host or an IP address that is not in the list will trigger this event log.
To identify the source of the SNMP queries, a packet capture can be performed on FortiWeb to observe UDP traffic on port 161. The source IP address shown in the packet capture indicates the device attempting the SNMP query with a mismatched community or from an unauthorized host. This device is typically a monitoring system, network management server, or security scanner. The packet capture should be taken on the interface that receives SNMP queries, which is typically the management or monitoring interface. For details on configuring packet capture on FortiWeb, see Packet capture via WebUI in the FortiWeb Administration Guide.
|
