Cacti 0.8.6.d support snmp v3 yes or no ?

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Moderators, Developers

Post Reply
Author
Message
pat_ra2001
Posts: 11
Joined: Thu Aug 18, 2005 2:02 am

Cacti 0.8.6.d support snmp v3 yes or no ?

#1 Post by pat_ra2001 » Thu Aug 18, 2005 2:11 am

I upgrade from snmpv2 to snmpv3 so cacti not respond snmp. I must config something please tell me adn help me .

thank you very much

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#2 Post by TheWitness » Thu Aug 18, 2005 12:20 pm

authPriv or authNoPriv? cmd.php or cactid?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#3 Post by TheWitness » Thu Aug 18, 2005 12:41 pm

If you upgrade to 0.8.6f, apply the patches and then apply the file below, you may be Ok. It only supports authNoPriv. Otherwise, you will have to provide additional customization.

I am considering changes to Cactid 0.8.6f to support authNoPriv, but as of yet have not made that decision.

TheWitness

EDIT: Modified for snmp walk functionality.
Attachments
snmp.zip
Revised SNMP.PHP for SNMPv3 authNoPriv support
(2.63 KiB) Downloaded 121 times
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#4 Post by TheWitness » Thu Aug 18, 2005 8:49 pm

I also revised Cactid. SNMPv3 support (authNoPriv) will be available in the next maintenance release.

Larry
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

Cactid support for AuthPriv

#5 Post by tclark » Thu Aug 17, 2006 7:20 pm

Can you provide me cactid (or the source files and I can re-compile) to support snmpv3 AuthPriv. I know that the lastest version of cactid supports AuthNoPriv, my snmpv3 environment also requires privacy passphrase. I currently use the php poller with a modified ./lib/snmp.php, problem is due to number of hosts we're approaching 296 sec limit and need to pursue a more efficient poller.

Any help here would be much appreciated.

Thanks

Tom

User avatar
fmangeant
Cacti Guru User
Posts: 2326
Joined: Fri Sep 19, 2003 8:36 am
Location: Sophia-Antipolis, France
Contact:

#6 Post by fmangeant » Fri Aug 18, 2006 2:37 am

Hi

looking at cactid 0.8.6i beta source code, it seems the supported SNMP v3 parameters are :
  • authentication method : MD5
  • privacy protocol : none
  • security level : authenticate (but not encrypted)

Code: Select all

if ((snmp_version == 2) || (snmp_version == 1)) {
		session.community = snmp_community;
		session.community_len = strlen(snmp_community);
	}else {
	    /* set the SNMPv3 user name */
	    session.securityName = snmp_username;
	    session.securityNameLen = strlen(session.securityName);

		session.securityAuthKeyLen = USM_AUTH_KU_LEN;

	    /* set the authentication method to MD5 */
	    session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
	    session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);

		/* set the privacy protocol to none */
		session.securityPrivProto = usmNoPrivProtocol;
		session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
		session.securityPrivKeyLen = USM_PRIV_KU_LEN;

	    /* set the security level to authenticate, but not encrypted */
		session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;

	    /* set the authentication key to the hashed version. The password must me at least 8 char */
	    if (generate_Ku(session.securityAuthProto, 
						session.securityAuthProtoLen,
						(u_char *) snmp_password,
						strlen(snmp_password),
	                    session.securityAuthKey,
	                    &(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
	        CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
		}
	}
[size=84]
[color=green]HOWTOs[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15353]Install and configure the Net-SNMP agent for Unix[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=26151]Install and configure the Net-SNMP agent for Windows[/url]
[*][url=http://forums.cacti.net/viewtopic.php?t=28175]Graph multiple servers using an SNMP proxy[/url][/list]
[color=green]Templates[/color] :
[list][*][url=http://forums.cacti.net/viewtopic.php?t=15412]Multiple CPU usage for Linux[/url]
[*][url=http://forums.cacti.net/viewtopic.php?p=125152]Memory & swap usage for Unix[/url][/list][/size]

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

#7 Post by tclark » Fri Aug 18, 2006 12:20 pm

Correct, and what i tried was to modify the source code to try and set the privacy protocal and recompiled cactid, but was unsucessful I still received values of "U" when running cactid against a snmpv3 node. The updates made are in red.

if ((snmp_version == 2) || (snmp_version == 1)) {
session.community = snmp_community;
session.community_len = strlen(snmp_community);
}else {
/* set the SNMPv3 user name */
session.securityName = snmp_username;
session.securityNameLen = strlen(session.securityName);

session.securityAuthKeyLen = USM_AUTH_KU_LEN;

/* set the authentication method to MD5 */
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, OIDSIZE(usmHMACMD5AuthProtocol));
session.securityAuthProtoLen = OIDSIZE(usmHMACMD5AuthProtocol);

/* set the privacy protocol to none */
/*
session.securityPrivProto = usmNoPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmNoPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
*/
/* set the security level to authenticate, but not encrypted */
/*session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;*/

/* set the privacy protocol to PrivProtocal */
/* Tom/Clement modified 08-17-06 */
session.securityPrivProto = usmDESPrivProtocol;
session.securityPrivProtoLen = OIDSIZE(usmDESPrivProtocol);
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
/* set the security level to authenticate, encrypted */
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;

/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityAuthKey,
&(session.securityAuthKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from authentication pass phrase."));
}

/* set the authentication key to the hashed version. The password must me at least 8 char */
if (generate_Ku(session.securityPrivProto,
session.securityPrivProtoLen,
(u_char *) snmp_password,
strlen(snmp_password),
session.securityPrivKey,
&(session.securityPrivKeyLen)) != SNMPERR_SUCCESS) {
CACTID_LOG(("SNMP: Error generating SNMPv3 Ku from privacy pass phrase."));
}
}

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#8 Post by TheWitness » Fri Aug 18, 2006 2:01 pm

Look at that section in the 0.9 SVN. You can use it instead. Only those calls, don't use the whole thing.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

#9 Post by tclark » Mon Aug 21, 2006 8:24 pm

Ive looked at that section in the 0.9 SVN code and made updates to the 8.6i cactid snmp.c code. I've attached the debug output when I query a snmpv3 authPriv node.

Anyone know why cactid is applying an 'U' value in the highlighted section in red?
Attachments
cactid_debug_output.txt
(8.42 KiB) Downloaded 195 times

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

#10 Post by tclark » Mon Aug 21, 2006 8:57 pm

My apologizes for the previous file attachment format. This attachment is formatted correctly. The line where the value 'U' is applied is on MySQL Query ID '24'
Attachments
cactid_debug_output.txt
(7.74 KiB) Downloaded 362 times

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#11 Post by TheWitness » Mon Aug 21, 2006 10:03 pm

The log is pretty much useless. How what is your goal here?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

#12 Post by tclark » Tue Aug 22, 2006 3:33 am

I'm trying to get cactid poller to support our snmpv3 authPriv environment.

From the cmdline using cactid or any other variations of cactid (modification to snmp.c code in an attempt to support authPriv), no snmp values are returned. On the initial snmp query for sysUpTime set assert_value='U' was returned.

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#13 Post by TheWitness » Tue Aug 22, 2006 6:31 am

Where were you planning on storing your passphrase and security type in the database?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

tclark
Posts: 28
Joined: Mon Jul 11, 2005 7:10 pm

#14 Post by tclark » Thu Sep 14, 2006 1:55 am

Good question, but how is the storing of the passphrase and security type being accomplished to allow the cacti php poller to successfully poll, query and graph snmpv3 authpriv nodes after making an update to $auth_snmp in ./lib/snmp.php was done. The updated syntax for $auth_snmp is.

Code: Select all

$snmp_auth = "-u $username -l authPriv -a MD5 -A $password -x DES -X $password"; /* v3 - username/password *

User avatar
TheWitness
Developer
Posts: 14817
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#15 Post by TheWitness » Thu Sep 14, 2006 6:33 am

We are not supporting the use of the Passphrase until Cacti 0.9. It was written a long time ago, but Cacti 0.9 has slipped quite a bit.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

Post Reply