search

centreon / centreon-plugins

Collection of standard plugins to discover and gather cloud-to-edge metrics and status across your whole IT infrastructure.
https://www.centreon.com
Apache License 2.0
310 stars 274 forks source link

checkpoint snmpv3 not working #4240

Closed sdouce closed 1 year ago

sdouce commented 1 year ago

Hello,

We have an issue with Checkpoint firewalls plugin pack and SNMP v3.

Check Point 6400
Check Point Security Gateway |
R81
3.10.0-957.21.3cpx86_64
64-bit

When we try a snmpwalk all is ok :

snmpwalk -v3 -l authPriv -u snmpv3comname -a SHA256 -A 'hidepassSHA256' -x AES256 'hidepassAES256' XX.XX.XX.X

SNMPv2-MIB::sysDescr.0 = STRING: Linux xxxx 3.10.0-957.21.3cpx86_64 #1 SMP Mon Jun 20 14:34:51 IDT 2022 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2620.1.6.123.1.99 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (47120) 0:07:51.20 SNMPv2-MIB::sysContact.0 = STRING: root@localhost SNMPv2-MIB::sysName.0 = STRING: xxxx SNMPv2-MIB::sysLocation.0 = STRING: Unknown SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MI

But when I try with centreon checkpoint script it always return “unable to create session”

/usr/lib/centreon/plugins/centreon_checkpoint.pl --plugin=network::checkpoint::snmp::plugin --mode=connections --hostname=XX.XX.XX.XX --snmp-version='3' --snmp-username='snmpv3comname' --authpassphrase='hidepassSHA256' --authprotocol='SHA256' --privpassphrase='hidepassAES256' --privprotocol='AES256'

I try to add different type of SNMPV3 Authprotocol , with ou without privprotocol... Nothing change , it always work with snmpwalk but not with plugins.

There is no info with --debug

Do i miss something or need to install another dependency package ?

garnier-quentin commented 1 year ago

Your issue is about SHA265 i think. You need a very recent version perl net-snmp (the 5.9.1 i think)

You need to backport it (that version is not available on Debian 8 and rhel 8).

sdouce commented 1 year ago

Your issue is about SHA265 i think. You need a very recent version perl net-snmp (the 5.9.1 i think)

You need to backport it (that version is not available on Debian 8 and rhel 8).

Is there any package , in repo delivered by centreon repo ? like remi ou Codebuilder ?

garnier-quentin commented 1 year ago

No we don't provide it

sdouce commented 1 year ago

Via cpan i update Net::SNMP version 6.0.1 , no success .

garnier-quentin commented 1 year ago

We dont use that module. we use the perl binding in the project: https://github.com/net-snmp/net-snmp

sdouce commented 1 year ago

Ok i compiled it n and although the libraries are not the path it work !! I need to test through centreon check_command.

I also created the rpm's by rebuilding the spec file. But for the installation of this rpm, there are too many dependencies with centreon when i tried to update ...

garnier-quentin commented 1 year ago

thanks for the feedback