Cacti 0.8.6.d support snmp v3 yes or no ?
Moderators: Developers, Moderators
-
- Posts: 11
- Joined: Thu Aug 18, 2005 2:02 am
Cacti 0.8.6.d support snmp v3 yes or no ?
I upgrade from snmpv2 to snmpv3 so cacti not respond snmp. I must config something please tell me adn help me .
thank you very much
thank you very much
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
authPriv or authNoPriv? cmd.php or cactid?
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
If you upgrade to 0.8.6f, apply the patches and then apply the file below, you may be Ok. It only supports authNoPriv. Otherwise, you will have to provide additional customization.
I am considering changes to Cactid 0.8.6f to support authNoPriv, but as of yet have not made that decision.
TheWitness
EDIT: Modified for snmp walk functionality.
I am considering changes to Cactid 0.8.6f to support authNoPriv, but as of yet have not made that decision.
TheWitness
EDIT: Modified for snmp walk functionality.
- Attachments
-
- snmp.zip
- Revised SNMP.PHP for SNMPv3 authNoPriv support
- (2.63 KiB) Downloaded 162 times
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
I also revised Cactid. SNMPv3 support (authNoPriv) will be available in the next maintenance release.
Larry
Larry
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Cactid support for AuthPriv
Can you provide me cactid (or the source files and I can re-compile) to support snmpv3 AuthPriv. I know that the lastest version of cactid supports AuthNoPriv, my snmpv3 environment also requires privacy passphrase. I currently use the php poller with a modified ./lib/snmp.php, problem is due to number of hosts we're approaching 296 sec limit and need to pursue a more efficient poller.
Any help here would be much appreciated.
Thanks
Tom
Any help here would be much appreciated.
Thanks
Tom
- fmangeant
- Cacti Guru User
- Posts: 2345
- Joined: Fri Sep 19, 2003 8:36 am
- Location: Sophia-Antipolis, France
- Contact:
Hi
looking at cactid 0.8.6i beta source code, it seems the supported SNMP v3 parameters are :
looking at cactid 0.8.6i beta source code, it seems the supported SNMP v3 parameters are :
- authentication method : MD5
- privacy protocol : none
- security level : authenticate (but not encrypted)
Code: Select all
if ((snmp_version == 2) || (snmp_version == 1)) {
session.community = snmp_community;
session.community_len = strlen(snmp_community);
}else {
/* set the SNMPv3 user name */
session.securityName = snmp_username;
session.securityNameLen = strlen(session.securityName);
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
/* set the authentication method to MD5 */
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);
/* set the privacy protocol to none */
session.securityPrivProto = usmNoPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
/* set the security level to authenticate, but not encrypted */
session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityAuthKey,
&(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
}
}
[size=84]
[color=green]HOWTOs[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15353]Install and configure the Net-SNMP agent for Unix[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=26151]Install and configure the Net-SNMP agent for Windows[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=28175]Graph multiple servers using an SNMP proxy[/url][/list]
[color=green]Templates[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15412]Multiple CPU usage for Linux[/url]
[*][url=http://forums.cacti.net/viewtopic.php?p=125152]Memory & swap usage for Unix[/url][/list][/size]
[color=green]HOWTOs[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15353]Install and configure the Net-SNMP agent for Unix[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=26151]Install and configure the Net-SNMP agent for Windows[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=28175]Graph multiple servers using an SNMP proxy[/url][/list]
[color=green]Templates[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15412]Multiple CPU usage for Linux[/url]
[*][url=http://forums.cacti.net/viewtopic.php?p=125152]Memory & swap usage for Unix[/url][/list][/size]
Correct, and what i tried was to modify the source code to try and set the privacy protocal and recompiled cactid, but was unsucessful I still received values of "U" when running cactid against a snmpv3 node. The updates made are in red.
if ((snmp_version == 2) || (snmp_version == 1)) {
session.community = snmp_community;
session.community_len = strlen(snmp_community);
}else {
/* set the SNMPv3 user name */
session.securityName = snmp_username;
session.securityNameLen = strlen(session.securityName);
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
/* set the authentication method to MD5 */
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);
/* set the privacy protocol to none */
/*
session.securityPrivProto = usmNoPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
*/
/* set the security level to authenticate, but not encrypted */
/*session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;*/
/* set the privacy protocol to PrivProtocal */
/* Tom/Clement modified 08-17-06 */
session.securityPrivProto = usmDESPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmDESPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
/* set the security level to authenticate, encrypted */
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityAuthKey,
&(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
}
/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityPrivProto,
session.securityPrivProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityPrivKey,
&(session.securityPrivKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from privacy pass phrase."));
}
}
if ((snmp_version == 2) || (snmp_version == 1)) {
session.community = snmp_community;
session.community_len = strlen(snmp_community);
}else {
/* set the SNMPv3 user name */
session.securityName = snmp_username;
session.securityNameLen = strlen(session.securityName);
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
/* set the authentication method to MD5 */
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);
/* set the privacy protocol to none */
/*
session.securityPrivProto = usmNoPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
*/
/* set the security level to authenticate, but not encrypted */
/*session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;*/
/* set the privacy protocol to PrivProtocal */
/* Tom/Clement modified 08-17-06 */
session.securityPrivProto = usmDESPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmDESPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
/* set the security level to authenticate, encrypted */
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityAuthKey,
&(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
}
/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityPrivProto,
session.securityPrivProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityPrivKey,
&(session.securityPrivKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from privacy pass phrase."));
}
}
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Look at that section in the 0.9 SVN. You can use it instead. Only those calls, don't use the whole thing.
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Ive looked at that section in the 0.9 SVN code and made updates to the 8.6i cactid snmp.c code. I've attached the debug output when I query a snmpv3 authPriv node.
Anyone know why cactid is applying an 'U' value in the highlighted section in red?
Anyone know why cactid is applying an 'U' value in the highlighted section in red?
- Attachments
-
- cactid_debug_output.txt
- (8.42 KiB) Downloaded 234 times
My apologizes for the previous file attachment format. This attachment is formatted correctly. The line where the value 'U' is applied is on MySQL Query ID '24'
- Attachments
-
- cactid_debug_output.txt
- (7.74 KiB) Downloaded 396 times
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
The log is pretty much useless. How what is your goal here?
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
I'm trying to get cactid poller to support our snmpv3 authPriv environment.
From the cmdline using cactid or any other variations of cactid (modification to snmp.c code in an attempt to support authPriv), no snmp values are returned. On the initial snmp query for sysUpTime set assert_value='U' was returned.
From the cmdline using cactid or any other variations of cactid (modification to snmp.c code in an attempt to support authPriv), no snmp values are returned. On the initial snmp query for sysUpTime set assert_value='U' was returned.
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Where were you planning on storing your passphrase and security type in the database?
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Good question, but how is the storing of the passphrase and security type being accomplished to allow the cacti php poller to successfully poll, query and graph snmpv3 authpriv nodes after making an update to $auth_snmp in ./lib/snmp.php was done. The updated syntax for $auth_snmp is.
Code: Select all
$snmp_auth = "-u $username -l authPriv -a MD5 -A $password -x DES -X $password"; /* v3 - username/password *
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
We are not supporting the use of the Passphrase until Cacti 0.9. It was written a long time ago, but Cacti 0.9 has slipped quite a bit.
TheWitness
TheWitness
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Who is online
Users browsing this forum: No registered users and 3 guests