Unable to Gather SNMPv3 Data From Certain MIBs

[trebleCode]

Bug report

While able to snmpwalk to Palo Alto firewalls using snmpv3, data from Palo Alto-defined MIB files

(https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/zip/technical-documentation/snmp-mib-modules/PAN-MIB-MODULES-8.0.zip)

is not detected by telegraf. Only agent_host and host appear are the only fields with data to make it into InfluxDB.

Relevant telegraf.conf:

###############################################################################
#                            INPUT PLUGINS                                    #
###############################################################################

[[inputs.snmp]]

#   ## SNMPv3 auth parameters
sec_name = "mysecureusername"
auth_protocol = "SHA"      # Values: "MD5", "SHA", ""
auth_password = "myauthpw"
sec_level = "authPriv"   # Values: "noAuthNoPriv", "authNoPriv", "authPriv"
context_name = ""
priv_protocol = "AES"         # Values: "DES", "AES", ""
priv_password = "myprivpw"

  agents = [ "mypanorama.ip.address.here:161","my.first.firewall.address:161","my.second.firewall.address:161" ]

  ## Timeout for each SNMP query.
  timeout = "5s"

  ## Number of retries to attempt within timeout.
  retries = 50

  ## SNMP version, values can be 1, 2, or 3
  version = 3

  ## SNMP community string.
  community = "MyCommunityString"

  ## measurement name
  name = "PaloSNMP"

# session info
[[inputs.snmp.field]]
    name = "panSessionUtilization"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.1"

[[inputs.snmp.field]]
    name = "panSessionMax"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.2"

[[inputs.snmp.field]]
    name = "panSessionActive"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.3"

# Global Protect gateway info
[[inputs.snmp.field]]
    name = "panGPGWUtilizationPct"
    oid = "iso.3.6.1.4.1.25461.2.1.2.5.1.1"

[[inputs.snmp.field]]
    name = "panGPGWUtilizationMaxTunnels"
    oid = "iso.3.6.1.4.1.25461.2.1.2.5.1.2"

[[inputs.snmp.field]]
    name = "panGPGWUtilizationActiveTunnels"
    oid = "iso.3.6.1.4.1.25461.2.1.2.5.1.3"

# SSL
[[inputs.snmp.field]]
    name = "panSessionActiveSslProxy"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.7"

[[inputs.snmp.field]]
    name = "panSessionSslProxyUtilization"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.7"

System info:

[Include Telegraf version, operating system name, and other relevant details]

Steps to reproduce:

• establish above configuration

• unzip Palo Alto MIB's

• copy to a default mib directory cp /path/to/mibs /etc/snmp/mibs ~/.snmp/mibs

• Check that snmpwalk works with one of the Palo defined mibs: snmpwalk -v3 -u mysecureusername -l authPriv -a SHA -A myauthpw -x AES -X myprivpw my.first.firewall.here iso.3.6.1.4.1.25461.2.1.2.3.2

• Check if data is in Influx influx show series on telegraf

Expected behavior:

snmp,agent_host=mypanorama.ip.address.here:,host=myubuntuhost,panSessionUtilization=12312313,panSessionMax=200000000,panSessionActive=12312,panGpGWUtilizationPct=22,panGPGWutilizationActiveTunnels=20,panSessionActiveSslProxy=4989873487,panSessionSslProxyUtilization=33
snmp,agent_host=my.first.firewall.address,host=myubuntuhost,panSessionUtilization=12312313,panSessionMax=200000000,panSessionActive=12312,panGpGWUtilizationPct=22,panGPGWutilizationActiveTunnels=20,panSessionActiveSslProxy=4989873487,panSessionSslProxyUtilization=33
snmp,agent_host=my.second.firewall.address,host=myubuntuhost,panSessionUtilization=12312313,panSessionMax=200000000,panSessionActive=12312,panGpGWUtilizationPct=22,panGPGWutilizationActiveTunnels=20,panSessionActiveSslProxy=4989873487,panSessionSslProxyUtilization=33

Actual behavior:

snmp,agent_host=mypanorama.ip.address.here:,host=myubuntuhost
snmp,agent_host=my.first.firewall.address,host=myubuntuhost
snmp,agent_host=my.second.firewall.address,host=myubuntuhost

[trebleCode]

@danielnelson

Any additional information I can provide here to assist?

[danielnelson]

Can you get the fields with snmpget?

There must be at least one field being added to InfluxDB, since you cannot add a point without at least one field. Try this:

> show field keys from snmp

[trebleCode]

Here's what I get for output Daniel:

use telegraf Using database telegraf show field keys from snmp name: snmp fieldKey fieldType

---

SysUpTimeInstance integer SystemUptime integer hostname string inUCastPackets integer outUCastPackets integer

[danielnelson]

Were you able to get the values with snmpget?

[trebleCode]

If I run:

snmpget -v 3 -u myuser -l authPriv -a SHA -A mypriv -x AES -X my password my.fire.wall.ip iso.3.6.1.4.1.25461.2.1.2.3.2

I get: SNMPv2-SMI::enterprises.25461.2.1.2.3.2 = No Such Instance currently exists at this OID

[trebleCode]

Any additional suggestions?

[danielnelson]

It looks to me that the OID does not exist on the device you are querying.

[trebleCode]

But with the appropriate MIB files in a default location snmp looks in, and the OID being translated correctly via the above snmpwalk to my firewall, what else would be missing?

[danielnelson]

What is the output of the snmpwalk command?

[trebleCode]

I will run it and post the result when I have my system in front of me in the morning. Thanks for the continued support

[trebleCode]

If I run snmpwalk against a Palo Alto-specific MIB, I get the following in return:

snmpwalk -v3 -u myusername -l authPriv -a SHA -A myauthpw -x AES -X myprivpw iso.3.6.1.4.1.25461.2.1.2.3.2

SNMPv2-SMI::enterprises.25461.2.1.2.3.2.0 = INTEGER: 262142

[danielnelson]

In your config try adding the .0 to the end of this particular field:

[[inputs.snmp.field]]
    name = "panSessionMax"
    oid = "iso.3.6.1.4.1.25461.2.1.2.3.2.0"

[rrasale]

[[inputs.snmp]] priv_password = 'MyPass!word'

Double "" didn't work and had to use single 'xx/!xxx'
Don't see any errors after restarting the service about parsing .. but during collections I see below error ... No issues seen when i run snmpwalk on the same host using same credentials..

Do we need to add anything thing in the password if we use / or ! in passwords ??

E! Error in plugin [inputs.snmp]: agent : performing get on field hostname: Request timeout (after 3 retries)

[danielnelson]

@rrasale The exclamation mark is not a special character in TOML, so it shouldn't need any special escaping or quoting. Can you verify it works with a password not containing ! and if so open a new issue.

[danielnelson]

Closing this issue since no update, @trebleCode let me know if you would like more assistance.

[rrasale]

Yes, it works fine without !,
I tried with $ and other passwords without any spl characters all works without any issues.. issue is only with the ones that has ! and /

[danielnelson]

Okay, that is helpful to know, can you open a new issue?

[rrasale]

Can you please point me to where i can open a issue for this ?

On Jan 12, 2018, at 4:10 PM, Daniel Nelson notifications@github.com wrote:

Okay, that is helpful to know, can you open a new issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/influxdata/telegraf/issues/3502#issuecomment-357353862, or mute the thread https://github.com/notifications/unsubscribe-auth/AeYNEegNNlFvUTYy2aSVYjMOXHxTtH6Vks5tJ8lJgaJpZM4Qp3JI.

[rrasale]

Can you please point me where i open the issue ? Is it on InfluxData site? Any links would be helpful

[rrasale]

Never Mind, I opened the issue on the community link in influxdata

[danielnelson]

@rrasale This is the link to open a new issue (also at the top of the page in a green button).