TECHZEN Zenoss User Community ARCHIVE  
FORUMS / Installation & Getting Started / DISCUSSION

snmpv3 - security level

Subject: snmpv3 - security level
Author: Chris De Coster
Posted: 2019-05-14 05:37

Hi,

I notive in the snmpwalk_v3 command that the security level is not in the command via a configuration property, but it is set fix to -l authNoPriv.

When I execute the command against a device that requests "authPriv", the snmpwalk_v3 command doens't work.

I also looked in the snmp configuration properties, there it is not possible to set the security level.
However I can set the zSnmpPrivPassword and zSnmpPrivType... but as the security level is fixed on "authNoPriv" this doesn't make sense, as these will never be used.... so no need to set these properties

This makes me also wonder if Zenoss is able to monitor devices over snmpv3 that requiere authPriv.
In the end... this is one of the goals of snmpv3 to have the data encrypted.

Any thoughts on this?

Thx,
Chris

------------------------------
Chris
------------------------------

Subject: RE: snmpv3 - security level
Author: Jane Curry
Posted: 2019-05-14 13:04

A few thoughts....
I am sure at some stage in the past I have also looked at this and I am pretty certain I managed to talk to SNMPv3 devices using authPriv....
.... but it is a long time ago.

Looking at the code ( /opt/zenoss/Products/ZenHub/services/PerformanceConfig.py and /opt/zenoss/Products/ZenModel/BasicDataSource.py ) other than in the command where, as you say, it is explicitly coded as authNoPriv, other SNMP v3 calls will default to authPriv mode provided the zSnmpPrivType property is set; if it isn't then it will check whether the zSnmpAuthType parameter is set and use that; the third option is to fall back to NoAuthNoPriv.

So - it should do what you want by default provided you have the coreect parameters set.

For the snmpwalk command, I would start by testing with a new command (which you can create either for a class or just for a specific device) using the Administration menu.  Copy the existing snmpwalkV3 command and modify it to have -l authPriv and use the appropriate zProperties for authPriv.

Cheers,
Jane

------------------------------
Jane Curry
Skills 1st United Kingdom
jane.curry@skills-1st.co.uk
------------------------------

Subject: RE: snmpv3 - security level
Author: Chris De Coster
Posted: 2019-05-15 14:21

Hi Jane,

I expected than you would answer :-)
Looking at /opt/zenoss/Products/ZenModel/BasicDataSource.py  you are correct, when the Private's parameters are set, the -l authPriv security level is set.
The documentation doesn't mention this, but the script clarifies it.

Thanks for you explanation.

Kind regards,
Chris

------------------------------
Chris
------------------------------


< Previous
install additional nagios plugins 		  Next
Problems with Zenoss Community Edition ansible deployment tool 		>