Cacti 0.8.6.d support snmp v3 yes or no ?

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
pat_ra2001
Posts: 11
Joined: Thu Aug 18, 2005 2:02 am

Cacti 0.8.6.d support snmp v3 yes or no ?

Post by pat_ra2001 »

I upgrade from snmpv2 to snmpv3 so cacti not respond snmp. I must config something please tell me adn help me .

thank you very much
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

authPriv or authNoPriv? cmd.php or cactid?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

If you upgrade to 0.8.6f, apply the patches and then apply the file below, you may be Ok. It only supports authNoPriv. Otherwise, you will have to provide additional customization.

I am considering changes to Cactid 0.8.6f to support authNoPriv, but as of yet have not made that decision.

TheWitness

EDIT: Modified for snmp walk functionality.
Attachments
snmp.zip
Revised SNMP.PHP for SNMPv3 authNoPriv support
(2.63 KiB) Downloaded 162 times
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

I also revised Cactid. SNMPv3 support (authNoPriv) will be available in the next maintenance release.

Larry
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Cactid support for AuthPriv

Post by tclark »

Can you provide me cactid (or the source files and I can re-compile) to support snmpv3 AuthPriv. I know that the lastest version of cactid supports AuthNoPriv, my snmpv3 environment also requires privacy passphrase. I currently use the php poller with a modified ./lib/snmp.php, problem is due to number of hosts we're approaching 296 sec limit and need to pursue a more efficient poller.

Any help here would be much appreciated.

Thanks

Tom
User avatar
fmangeant
Cacti Guru User
Posts: 2345
Joined: Fri Sep 19, 2003 8:36 am
Location: Sophia-Antipolis, France
Contact:

Post by fmangeant »

Hi

looking at cactid 0.8.6i beta source code, it seems the supported SNMP v3 parameters are :
  • authentication method : MD5
  • privacy protocol : none
  • security level : authenticate (but not encrypted)

Code: Select all

if ((snmp_version == 2) || (snmp_version == 1)) {
		session.community = snmp_community;
		session.community_len = strlen(snmp_community);
	}else {
	    /* set the SNMPv3 user name */
	    session.securityName = snmp_username;
	    session.securityNameLen = strlen(session.securityName);

		session.securityAuthKeyLen = USM_AUTH_KU_LEN;

	    /* set the authentication method to MD5 */
	    session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
	    session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);

		/* set the privacy protocol to none */
		session.securityPrivProto = usmNoPrivProtocol;
		session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
		session.securityPrivKeyLen = USM_PRIV_KU_LEN;

	    /* set the security level to authenticate, but not encrypted */
		session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;

	    /* set the authentication key to the hashed version. The password must me at least 8 char */
	    if (generate_Ku(session.securityAuthProto, 
						session.securityAuthProtoLen,
						(u_char *) snmp_password,
						strlen(snmp_password),
	                    session.securityAuthKey,
	                    &(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
	        CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
		}
	}
[size=84]
[color=green]HOWTOs[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15353]Install and configure the Net-SNMP agent for Unix[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=26151]Install and configure the Net-SNMP agent for Windows[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=28175]Graph multiple servers using an SNMP proxy[/url][/list]
[color=green]Templates[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15412]Multiple CPU usage for Linux[/url]
[*][url=http://forums.cacti.net/viewtopic.php?p=125152]Memory & swap usage for Unix[/url][/list][/size]
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Post by tclark »

Correct, and what i tried was to modify the source code to try and set the privacy protocal and recompiled cactid, but was unsucessful I still received values of "U" when running cactid against a snmpv3 node. The updates made are in red.

if ((snmp_version == 2) || (snmp_version == 1)) {
session.community = snmp_community;
session.community_len = strlen(snmp_community);
}else {
/* set the SNMPv3 user name */
session.securityName = snmp_username;
session.securityNameLen = strlen(session.securityName);

session.securityAuthKeyLen = USM_AUTH_KU_LEN;

/* set the authentication method to MD5 */
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);

/* set the privacy protocol to none */
/*
session.securityPrivProto = usmNoPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
*/
/* set the security level to authenticate, but not encrypted */
/*session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;*/

/* set the privacy protocol to PrivProtocal */
/* Tom/Clement modified 08-17-06 */
session.securityPrivProto = usmDESPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmDESPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
/* set the security level to authenticate, encrypted */
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;

/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityAuthKey,
&(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
}

/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityPrivProto,
session.securityPrivProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityPrivKey,
&(session.securityPrivKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from privacy pass phrase."));
}
}
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Look at that section in the 0.9 SVN. You can use it instead. Only those calls, don't use the whole thing.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Post by tclark »

Ive looked at that section in the 0.9 SVN code and made updates to the 8.6i cactid snmp.c code. I've attached the debug output when I query a snmpv3 authPriv node.

Anyone know why cactid is applying an 'U' value in the highlighted section in red?
Attachments
cactid_debug_output.txt
(8.42 KiB) Downloaded 234 times
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Post by tclark »

My apologizes for the previous file attachment format. This attachment is formatted correctly. The line where the value 'U' is applied is on MySQL Query ID '24'
Attachments
cactid_debug_output.txt
(7.74 KiB) Downloaded 396 times
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

The log is pretty much useless. How what is your goal here?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Post by tclark »

I'm trying to get cactid poller to support our snmpv3 authPriv environment.

From the cmdline using cactid or any other variations of cactid (modification to snmp.c code in an attempt to support authPriv), no snmp values are returned. On the initial snmp query for sysUpTime set assert_value='U' was returned.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Where were you planning on storing your passphrase and security type in the database?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Post by tclark »

Good question, but how is the storing of the passphrase and security type being accomplished to allow the cacti php poller to successfully poll, query and graph snmpv3 authpriv nodes after making an update to $auth_snmp in ./lib/snmp.php was done. The updated syntax for $auth_snmp is.

Code: Select all

$snmp_auth = "-u $username -l authPriv -a MD5 -A $password -x DES -X $password"; /* v3 - username/password *
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

We are not supporting the use of the Passphrase until Cacti 0.9. It was written a long time ago, but Cacti 0.9 has slipped quite a bit.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests