search

influxdata / telegraf

Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
https://influxdata.com/telegraf
MIT License
14.89k stars 5.6k forks source link

[inputs.snmp_trap] SNMP V3 trap input authentication settings being ignored #16222

Open doncraig opened 3 days ago

doncraig commented 3 days ago

Relevant telegraf.conf

[agent]
  debug = true

[[inputs.snmp_trap]]
    service_address = "udp://:162"
    version = "3"
    sec_name = "my_user"
    auth_protocol = "SHA"
    auth_password = "my_auth_pass"
    sec_level = "authPriv"
    priv_protocol = "AES"
    priv_password = "my_priv_pass"
    [inputs.snmp_trap.tags]
        send_to_stdout = "snmptrap"

[[outputs.file]]
  files = ["stdout"]
  [outputs.file.tagpass]
    send_to_stdout = ["snmptrap"]

Logs from Telegraf

# When running the command:
# snmptrap -v 3 -u "fake_user" localhost:162 1 coldStart.0

2024-11-22T15:55:14Z I! Starting Telegraf 1.32.3 brought to you by InfluxData the makers of InfluxDB
2024-11-22T15:55:14Z I! Available plugins: 235 inputs, 9 aggregators, 32 processors, 26 parsers, 62 outputs, 5 secret-stores
2024-11-22T15:55:14Z I! Loaded inputs: snmp_trap
2024-11-22T15:55:14Z I! Loaded aggregators:
2024-11-22T15:55:14Z I! Loaded processors:
2024-11-22T15:55:14Z I! Loaded secretstores:
2024-11-22T15:55:14Z I! Loaded outputs: file
2024-11-22T15:55:14Z I! Tags enabled: host=my_host
2024-11-22T15:55:14Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:"my_host", Flush Interval:10s
2024-11-22T15:55:14Z D! [agent] Initializing plugins
2024-11-22T15:55:14Z D! [agent] Connecting outputs
2024-11-22T15:55:14Z D! [agent] Attempting connection to [outputs.file]
2024-11-22T15:55:14Z D! [agent] Successfully connected to outputs.file
2024-11-22T15:55:14Z D! [agent] Starting service inputs
2024-11-22T15:55:14Z I! [inputs.snmp_trap] Listening on udp://:162
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Packet sanity verified, we got all the bytes (149)
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: version
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed version 3
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Packet sanity verified, we got all the bytes (149)
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: version
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed version 3
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed message ID 485157070
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgMaxSize
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed message max size 65507
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgFlags
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parsed msg flags 
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgSecurityModel
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed security model 3
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgAuthoritativeEngineID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed authoritativeEngineID 80001f8880fb08005d65a9406700000000
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgAuthoritativeEngineBoots
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed authoritativeEngineBoots 1
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgAuthoritativeEngineTime
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed authoritativeEngineTime 0
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgUserName
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed userName fake_user
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgAuthenticationParameters
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed authenticationParameters 
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: msgPrivacyParameters
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed privacyParameters 
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed Security Parameters. now offset=69,
2024-11-22T15:55:17Z D! [inputs.snmp_trap] UnmarshalV3Header done. [with SecurityParameters]. Header Size 63. Last 4 Bytes=[[4 0 4 0]]
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: contextEngineID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed contextEngineID ???]e?@g
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: contextName
2024-11-22T15:55:17Z D! [inputs.snmp_trap] Parsed contextName 
2024-11-22T15:55:17Z D! [inputs.snmp_trap] UnmarshalPayload Meet PDUType 0x534e4d50763254726170. Offset 92
2024-11-22T15:55:17Z D! [inputs.snmp_trap] getResponseLength: 57
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: request id
2024-11-22T15:55:17Z D! [inputs.snmp_trap] requestID: 1066493423
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: error-status
2024-11-22T15:55:17Z D! [inputs.snmp_trap] errorStatus: 0
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: error index
2024-11-22T15:55:17Z D! [inputs.snmp_trap] error-index: 0
2024-11-22T15:55:17Z D! [inputs.snmp_trap] vblLength: 43
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: OID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] OID: .1.3.6.1.2.1.1.3.0
2024-11-22T15:55:17Z D! [inputs.snmp_trap] decodeValue: type is TimeTicks
2024-11-22T15:55:17Z D! [inputs.snmp_trap] decodeValue: value is 0x1
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: OID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] OID: .1.3.6.1.6.3.1.1.4.1.0
2024-11-22T15:55:17Z D! [inputs.snmp_trap] decodeValue: type is ObjectIdentifier
2024-11-22T15:55:17Z D! [inputs.snmp_trap] parseRawField: OID
2024-11-22T15:55:17Z D! [inputs.snmp_trap] decodeValue: value is ".1.3.6.1.6.3.1.1.5.1.0"
snmp_trap,engine_id=80001f8880fb08005d65a9406700000000,host=my_host,mib=SNMPv2-MIB,name=coldStart.0,oid=.1.3.6.1.6.3.1.1.5.1.0,send_to_stdout=snmptrap,source=127.0.0.1,version=3 sysUpTimeInstance=1i 1732290917158567000
2024-11-22T15:55:24Z D! [outputs.file] Wrote batch of 1 metrics in 222.042µs

System info

Telegraf 1.32.3, MacOS or Linux

Docker

No response

Steps to reproduce

  1. Configure Telegraf as per the given config file.
  2. Send an SNMP V3 trap using any incorrect username, with no priv or auth password. e.g. snmptrap -v 3 -u "fake_user" localhost:162 1 coldStart.0
  3. Observe in the Telegraf log that the trap is accepted even though the username does not match the config.

Expected behavior

Telegraf should reject the trap as the username is incorrect and the rest of the auth config is missing.

Actual behavior

Telegraf accepts the trap and writes to the output.

Additional info

If the priv and auth passwords are supplied they must be correct, otherwise the trap is rejected. e.g. snmptrap -v 3 -u "my_user" -a SHA -A 'my_auth_pass' -X 'my_priv_pass' -l authPriv -x AES localhost:162 1 coldStart.0