Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Tue Jul 25, 2017 7:43 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Feature: Net-SNMP Context Name
PostPosted: Tue Nov 01, 2005 4:25 am 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
Feature request to at somepoint add the ability to use Net-SNMP's relay feature. To do this I think that a "Context Name" needs adding to the Device properties, and passed to the snmp "get" function. Not sure if it would rely on php-snmp having support for it too. Don't see it listed as a parameter in :

string snmpget ( string hostname, string community, string object_id [, int timeout [, int retries]] )


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 01, 2005 5:40 am 
Offline
Developer
User avatar

Joined: Tue May 14, 2002 5:08 pm
Posts: 14863
Location: MI, USA
Please educate me please... Three of four paragraphs is all I require.....

TheWitness

_________________
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
Gandalfs Official Debugging Help
Central Plugin Repository
Central Templates Repository


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 01, 2005 1:21 pm 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
This is do do with the other posting here.

Basically one parameter of the net-snmp daemon lets you set it up as a relay. According to the net-snmp documentation (I've yet to experiment in depth), you can have net-snmp either relay by specific OID, OR you can use a context name parameter within the snmp request, and match that name against another agents IP address. The netsnmp agent will then match incoming snmp queries to the other agents and forward the request (act like a relay), and also pass the messages back.

In my network, I've my "general" lab network accessable corporate-wide, but theres also a private network (10.10.10.x). For security requirements I have to keep this seperate, and of course its not routable, but I have one PC that acts as a bridge for OA&M. I was hoping to set that PC up with the relayed net-snmp daemon on a private port, and then I'd be able to access the 10.10.10.x machines.

For that to work, Cacti would have to be able to :

a) Know about the relay "context name"
b) Be able to use that in the snmp-gets.

Hope thats enough. Looking in the php SNMP website I don't see where the support for the context name is, but I don't know PHP too well so maybe I've missed it.

Of course I could achieve the same thing by putting another NIC in the cacti PC, but then I'd be increasing the security risk on the corp<>Private bridge, and if I had several private networks then I wouldn't really want to have to add a new NIC for each one, just to measure the stats.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 01, 2005 1:41 pm 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6032
Location: Michigan, USA
Um... I was thinking about this..

Does <Community>@<context> work as the community? I've seen this some devices as a way to get access to a certain card.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject: SNMNP relay
PostPosted: Wed Nov 02, 2005 2:34 am 
Offline

Joined: Wed Nov 02, 2005 2:28 am
Posts: 1
Location: Germany
There seem to exist two forms of relay I guess.

The first one is an SNMPv3 defined one in which the SNMP agent
functions like a proxy as defined in the standard. However,
I am not sure if this is fully implemented with NET-SNMP.


The second one is the PROXY-MIB defined by the NET-SNMP
developers. This MIB is not really a MIB as we know it, but more
a way to include a part of a MIB from another SNMP agent.
From an SNMP manager perspective, the relay is not visible
and transparant. For that reason, no additional parameters
like context would be needed.

_________________
PHP-SNMP maintainer
Author MOD-SNMP


Top
 Profile  
 
 Post subject:
PostPosted: Wed Nov 02, 2005 12:30 pm 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
Harrie,

There is this section of the manualfor net-snmp, that suggest it does support the proxy method:

Quote:
proxy [-Cn CONTEXTNAME] [SNMPCMD ARGS] HOST OID [REMOTEOID]
This token specifies that any incoming requests under OID should be proxied on to another HOST instead. If a CONTEXTNAME is specified, it assigns the proxied tree to a particular context name within the local agent. This is the proper way to query multiple agents through a single proxy. Assign each remote agent to a different context name. Then you can use "snmpwalk -n contextname1" to walk one remote proxied agent and "snmpwalk -n contextname2" to walk another, assuming you are using SNMPv3 to talk to the proxy (snmpv1 and snmpv2c context mappings aren't currently supported but might be in the future). Optionally, relocate the local OID tree to the new location at the REMOTEOID. To authenticate to HOST you should use the appropriate set of SNMPCMD ARGS. See the snmpcmd(1) manual page for details.
Examples:
# assigns the entire mib tree on remotehost1 to the context of the
# same name:
proxy -Cn remotehost1 -v 1 -c public remotehost1 .1.3
# ditto, but for remotehost 2
proxy -Cn remotehost2 -v 1 -c public remotehost2 .1.3
# proxies only the ucdavis enterprises tree to the remote host using snmpv1
proxy -v 1 -c public remotehost .1.3.6.1.4.1.2021
# uses v3 to access remotehost and converts the remote .1.3.6.1.2.1.1
# oid to local .1.3.6.1.3.10 oid (another way to access mulitple hosts
# without using contexts)
proxy -v 3 -l noAuthNoPriv -u user remotehost .1.3.6.1.3.10 .1.3.6.1.2.1.1


I'm not sure which would be the best way to go though. I'm also wondering if the whole thing might not be easier with a basic port forwarder, but i'm not sure if w2kAS has this built in or not.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Apr 27, 2006 9:42 pm 
Offline

Joined: Tue Mar 08, 2005 6:11 pm
Posts: 5
I have a snmp proxy currently running in my forewalls I have developed for my clients hete is the example of the proxy strings that I need to add to the SNMPD on the gateway device to proxy for hosts in the LAN.

com2sec -Cn <context> <security name> default <community string>
group <group name> v1 <security name>
access <group name> <context> any noauth exact all none none
proxy -Cn <context> -v 1 -c <community string> <host> .1.3

The limits to this is that you query in v1 syntax to the IP of the gateway device and ech entry MUST have an individual community string.

I had this running with cacti but I am now not getting any data getting to cacti. Though I am able to query the gateway device to get data from a host it is proxying for. It is able to see the system description data and all of the things that it is able to graph when creating a graph, but unable to add data to the graph. Where am I best to look??


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 29, 2006 9:19 am 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
Does cacti graph for other non-proxied items ?


Top
 Profile  
 
 Post subject:
PostPosted: Mon May 01, 2006 9:14 pm 
Offline

Joined: Tue Mar 08, 2005 6:11 pm
Posts: 5
Yes it is doing it for other hosts


Top
 Profile  
 
 Post subject:
PostPosted: Tue May 02, 2006 4:38 pm 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
You should switch on some of the debug options in cacti, and when the poller runs, look to see what values were returned. Choose a specific failing device and OID to start with, trace it through. Most likely its producing a "U". If it is, then you'd have to figure out why.

Remember, SNMP works (default) over UDP, so Cacti will send an SNMPget message to the SNMP client, and the client has to transmit it back seperately.

One of the problems with private networks, and having to use a proxy is that maybe that Cacti can communicate to the Client, but that the network routes defined may mean the Client cannot communicat back to the Cacti server.

One solution to this may be to use TCP instead, which may be supported (I think) in SNMPv3 (not sure).

I stopped work on this for other priorities, but maybe I'll pick it up again with some of your settings..


Top
 Profile  
 
 Post subject: Feature: Net-SNMP Context Name
PostPosted: Wed May 03, 2006 3:59 am 
Offline
User avatar

Joined: Wed May 03, 2006 3:18 am
Posts: 2
Location: NL
No luck using contexts so I've tried a different approach to the SNMP proxy mechanism: I'm having Cacti query a number of snmpds running on a single host on different ports using SNMP v3. Each daemon is configured to proxy requests for a single host.
CLI snmpgets work well this way but somehow Cacti messes things up; eventhough the queries and the resulting data appear to be correct, the data stored in the rrds is the same for all hosts.
So for instance proxiedhost1_load_1min_123.rrd appears to be the same as proxiedhost2_load_1min_345.rrd. I have a feeling that this is caused by the fact that the target IP address for all these hosts are the same, i.e. the proxy address, and thus Cacti treats them as being the same..
Bug or feature? Any way around this?

Cacti version is 0.8.6h and is graphing perfectly for many non-proxied targets..


Top
 Profile  
 
 Post subject:
PostPosted: Wed May 03, 2006 12:01 pm 
Offline
Cacti User
User avatar

Joined: Wed Aug 17, 2005 8:51 am
Posts: 427
Location: UK
What do you see in the debug in Cacti ? I'd suggest:

- Clear the log
- Enable full debug
- Allow one session to run
- Disable full debug
- Zip up the file and attach it to the forum


Top
 Profile  
 
 Post subject:
PostPosted: Fri May 05, 2006 5:13 am 
Offline
User avatar

Joined: Wed May 03, 2006 3:18 am
Posts: 2
Location: NL
The cactid README explains a lot:

"If you are polling a device that has multiple agents on multiple ports, Cactid will not work for you yet."

This info should be on the Cactid Information page. It surely would have saved me a lot of time..
Anyways. I haven't gotten the SVN cactid to work and cmd.php is too slow for my setup. Any idea when there will be a new release that fixes the SNMP port issue?


Top
 Profile  
 
 Post subject:
PostPosted: Sat May 13, 2006 6:04 am 
Offline
Developer
User avatar

Joined: Tue May 14, 2002 5:08 pm
Posts: 14863
Location: MI, USA
The SVN cactid does support polling at multiple ports...

TheWitness

_________________
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
Gandalfs Official Debugging Help
Central Plugin Repository
Central Templates Repository


Top
 Profile  
 
 Post subject:
PostPosted: Sat Sep 15, 2007 10:43 pm 
Offline
Developer
User avatar

Joined: Tue May 14, 2002 5:08 pm
Posts: 14863
Location: MI, USA
Cacti 0.8.7 and Cactid (provided with a few Caveot's like you can not use php_snmp) will support multiple snmp Context's. I need a few testers. It will be available in Beta3 next week.

TheWitness

_________________
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
Gandalfs Official Debugging Help
Central Plugin Repository
Central Templates Repository


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group