Correct, but I have already installed these, so I am a little confused why I cannot make SNMP request to the servers.

>esxcli -s BL460CG7 -u root -p PASSWORD software vib list

char-hpcru            5.0.2.21-1OEM.500.0.0.434156       Hewlett-Packard  PartnerSupported  2012-10-23
char-hpilo            500.9.0.0.9-1OEM.500.0.0.434156    Hewlett-Packard  PartnerSupported  2012-10-23
hp-ams                500.9.2.0-11.434156                Hewlett-Packard  PartnerSupported  2012-10-23
hp-smx-provider       500.03.01.00.5-434156              Hewlett-Packard  VMwareAccepted    2012-10-24
hpacucli              9.20-9.0                           Hewlett-Packard  PartnerSupported  2012-10-23
hpbootcfg             01-01.02                           Hewlett-Packard  PartnerSupported  2012-10-23
hponcfg               04-00.10                           Hewlett-Packard  PartnerSupported  2012-10-23
scsi-hpsa             5.0.0-28OEM.500.0.0.472560         Hewlett-Packard  VMwareCertified   2012-10-24

Hi Lace666

Already enabled.

Name                Enabled
------------------  -------
HPProvider             true
sshServer              true
sshClient             false
nfsClient             false
dhcp                   true
dns                    true
snmp                   true
ntpClient              true
CIMHttpServer         false
CIMHttpsServer         true
CIMSLP                 true
iSCSI                  true
vpxHeartbeats          true
updateManager         false
faultTolerance         true
webAccess              true
vMotion                true
vSphereClient          true
activeDirectoryAll    false
NFC                    true
HBR                    true
ftpClient             false
httpClient            false
gdbserver             false
DVFilter              false
DHCPv6                false
DVSSync               false
syslog                false
IKED                  false
WOL                    true
vSPC                  false
remoteSerialPort      false
netDump                true
fdm                   false
dynamicruleset         true

Hmm, here is  a weird part...

I have another python-script on my Nagios-server, that make queries throught https and this works.?!?

Did you try snmpwalk (on your nagios host) to check out the connection?

snmpwalk -v2c -c public VMWARESERVERIP

You should see the snmp tree information

No success.

Got this message.

[root@srv-nag-nsb1 libexec]# snmpwalk -c public srv-esx-nsb07
No log handling enabled - turning on stderr logging
snmpwalk: Timeout

(I just reinstalled the BL460cG7 server to ESXi 5.1 (HP Custom image) to see if that helped anything. but same result.

Don't think this is the problem for querying via SNMP, but SNMP trap notifications go to the destination port 162 and not 161 (listening port for queries).

Configure it like this:

vicfg-snmp --enable --communities public --targets 192.168.1.1@162/public

I also know someone had problems with using DNS names instead of IPs.

Now make sure the change is reflected in the actual configuration on the host in /etc/vmware/snmp.xml, it should look like this for the example above:

# cat /etc/vmware/snmp.xml
<config>
  <snmpSettings>
    <communities>public</communities>
    <enable>true</enable>
    <targets>192.168.1.1@162 public</targets>
  </snmpSettings>
</config>

If that's correct, make sure your ESXi host actually listens for connections on UDP port 161:

# esxcli network ip connection list | grep 161
udp         0       0  0.0.0.0:161          0.0.0.0:0                            2810  hostd-worker

The timeout message indicates something could be dropped along the way. Also try the IP for snmpwalk. Any network firewalls in between? Check the ESXi host firewall again to be sure too:

# esxcli network firewall ruleset rule list | grep -i snmp
snmp                           Inbound    UDP       Dst               161       161

# esxcli network firewall ruleset list | grep snmp
snmp                              true

If all that fails, use tcpdump-uw to see if the host actually receives the SNMP queries (adjust the "-i vmkX" interface parameter accordingly):

# tcpdump-uw -i vmk0 -nnvvve udp port 161

or filter by IP of the querying system:

# tcpdump-uw -i vmk0 -nnvvve host 192.168.1.2

Hi MKgu

Checked the snmp.xml :

<?xml version="1.0" encoding="ISO-8859-1"?>
<config>
<snmpSettings>
     <enable>true</enable>
     <port>161</port>
     <syscontact/><syslocation/>
     <EnvEventSource>indications</EnvEventSource>
     <communities>public</communities>
     <targets>NAGIOS-SERVERNAME@162 public</targets>
     <loglevel>info</loglevel>
     <authProtocol/><privProtocol/>
     <engineid>00000063000000a10a0a0ae3</engineid>
</snmpSettings>
</config>

here is the result.

~ # esxcli network ip connection list | grep 161
udp         0       0  0.0.0.0:161       0.0.0.0:0                           9604  snmpd

~ # esxcli network firewall ruleset rule list | grep -i snmp
snmp                Inbound    UDP       Dst               161       161
~ # esxcli network firewall ruleset list | grep snmp
snmp                   true

Not sure what to make of this

A tcpdump shows below after I make a snmpwalk against the server

~ # tcpdump-uw -i vmk0 -nnvvve udp port 161
tcpdump-uw: listening on vmk0, link-type EN10MB (Ethernet), capture size 96 bytes
12:47:29.786001 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52611, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }
12:47:30.787131 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52614, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }
12:47:31.788251 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52616, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }
12:47:32.789462 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52618, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }
12:47:33.790580 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52647, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }
12:47:34.791689 00:50:56:60:ec:d1 > 00:50:56:8d:3e:9c, ethertype IPv4 (0x0800), length 96: truncated-ip - 50 bytes missing! (tos 0x0, ttl 64, id 52649, offset 0, flags [none], proto UDP (17), length 132)
    10.10.10.237.161 > 10.10.10.157.44011:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU [|snmp]} }

So what we see is that the server receives queries fine but does not answer even though it listens on a socket.

Your snmp.xml looks fishy, I have no idea where some of the tags like "<authProtocol/><privProtocol/>" (SNMPv2/v3 stuff?) come from if you executed the vicfg-snmp(.pl) command like in the example. Try overwriting it's content with what I provided (adjust trap target IP(!)/community obviously)

It might just be a tcpdump protocol display default, but to my knowledge snmpv3 is not supported. Execute snmpwalk with the parameter "-v1".

Edit: Or wait, forget everything I wrote, the config is probably specific to 5.1 which at officially supports SNMPv3. I haven't tested any SNMP functionality with 5.1 yet though.