Installation/Getting Started

Expand all | Collapse all

snmpv3 - security level

  • 1.  snmpv3 - security level

    Posted 6 days ago
    Hi,

    I notive in the snmpwalk_v3 command that the security level is not in the command via a configuration property, but it is set fix to -l authNoPriv.

    When I execute the command against a device that requests "authPriv", the snmpwalk_v3 command doens't work.

    I also looked in the snmp configuration properties, there it is not possible to set the security level.
    However I can set the zSnmpPrivPassword and zSnmpPrivType... but as the security level is fixed on "authNoPriv" this doesn't make sense, as these will never be used.... so no need to set these properties

    This makes me also wonder if Zenoss is able to monitor devices over snmpv3 that requiere authPriv.
    In the end... this is one of the goals of snmpv3 to have the data encrypted.

    Any thoughts on this?

    Thx,
    Chris

    ------------------------------
    Chris
    ------------------------------


  • 2.  RE: snmpv3 - security level

    Posted 5 days ago
    A few thoughts....
    I am sure at some stage in the past I have also looked at this and I am pretty certain I managed to talk to SNMPv3 devices using authPriv....
    .... but it is a long time ago.

    Looking at the code ( /opt/zenoss/Products/ZenHub/services/PerformanceConfig.py and /opt/zenoss/Products/ZenModel/BasicDataSource.py ) other than in the command where, as you say, it is explicitly coded as authNoPriv, other SNMP v3 calls will default to authPriv mode provided the zSnmpPrivType property is set; if it isn't then it will check whether the zSnmpAuthType parameter is set and use that; the third option is to fall back to NoAuthNoPriv.

    So - it should do what you want by default provided you have the coreect parameters set.

    For the snmpwalk command, I would start by testing with a new command (which you can create either for a class or just for a specific device) using the Administration menu.  Copy the existing snmpwalkV3 command and modify it to have -l authPriv and use the appropriate zProperties for authPriv.

    Cheers,
    Jane

    ------------------------------
    Jane Curry
    Skills 1st United Kingdom
    jane.curry@skills-1st.co.uk
    ------------------------------



  • 3.  RE: snmpv3 - security level

    Posted 4 days ago
    Hi Jane,

    I expected than you would answer :-)
    Looking at /opt/zenoss/Products/ZenModel/BasicDataSource.py  you are correct, when the Private's parameters are set, the -l authPriv security level is set.
    The documentation doesn't mention this, but the script clarifies it.

    Thanks for you explanation.

    Kind regards,
    Chris

    ------------------------------
    Chris
    ------------------------------