search

oetiker / mrtg

MRTG - Multi Router Traffic Grapher
http://www.mrtg.org
250 stars 62 forks source link

cfgmaker error with snmpv3 #98

Closed jon-larsen closed 1 year ago

jon-larsen commented 2 years ago

I get the following output from cfgmaker:

--base: SNMP V3 libraries found, SNMP V3 enabled. --base: Get Device Info on public@hostname:::::3 usage: $sock->socket(DOMAIN, TYPE, PROTOCOL) at /usr/share/perl5/Net/SNMP/Transport/IPv4.pm line 36.

Using this command:

cfgmaker --contextengineid=xxxxxx --snmp-options=:::::3 --enablesnmpv3 --username=xxx --authpassword='xxx' --privpassword='xxx' hostname > /etc/mrtg.cfg

Versions:

cfgmaker --version cfgmaker for mrtg-2.17.10

perl -v This is perl 5, version 34, subversion 0 (v5.34.0) built for x86_64-linux-gnu-thread-multi (with 50 registered patches, see perl -V for more detail)

Using Ubuntu 22.04, but replicated with Ubuntu 20.04

sharkbit commented 1 year ago

@jon-larsen your cfgmaker syntax fixed my issue! So I can say SNMP v3 with cfgmaker does work. Run system updates and if it still dosn't work after updates, I would try: snmpwalk -v3 -u snmp3user -A "pwd" -a MD5 -l authnoPriv 127.0.0.1

sharkbit commented 1 year ago

figured I would also add how to pull the Engine ID:

export MIBS=ALL

snmpwalk -v3 -u snmp3user -A "pwd" -a MD5 -l authnoPriv 127.0.0.1 snmpEngineID

jon-larsen commented 1 year ago

@jon-larsen your cfgmaker syntax fixed my issue! So I can say SNMP v3 with cfgmaker does work. Run system updates and if it still dosn't work after updates, I would try: snmpwalk -v3 -u snmp3user -A "pwd" -a MD5 -l authnoPriv 127.0.0.1

This is very interesting! Thank you for telling me :)

jon-larsen commented 1 year ago

I still have problems. It's not a problem doing the snmpwalk. I also use SNMPv3 towards the switches in our monitoring system. I have installed mrtg using the official Ubuntu 22.04 docker image as base. It is constantly being updated.

I feel like I'm missing something obvious...

cfgmaker --authprotocol=sha --privprotocol=aes128 --contextengineid=00:00:00:00:00:00:00:00:00:00:00 --snmp-options=:::::3 --enablesnmpv3 --username=snmp --authpassword='authpassword' --privpassword='privpassword' --subdirs=HOSTNAME --ifdesc=descr --show-op-down --global "options[_]: growright,bits" --global "LogFormat: rrdtool"  --global "WorkDir: /var/www/html" --global "IconDir: http://mrtg" hostname
--base: SNMP V3 libraries found, SNMP V3 enabled.
--base: Get Device Info on public@hostname:::::3
usage: $sock->socket(DOMAIN, TYPE, PROTOCOL) at /usr/share/perl5/Net/SNMP/Transport/IPv4.pm line 36.
sharkbit commented 1 year ago

I had to pull the context engine id then remove ':' snmpwalk -v3 -u snmp3user -A "pwd" -a MD5 -l authnoPriv hostname snmpEngineID

jon-larsen commented 1 year ago

I had to pull the context engine id then remove ':' snmpwalk -v3 -u snmp3user -A "pwd" -a MD5 -l authnoPriv hostname snmpEngineID

Okay. It doesn't help unfortunately. What OS are you running it at? And what version of mrtg? Could you also send me the cfgmaker command you are using?

sharkbit commented 1 year ago

I am using a Ubuntu box, but I think the issue is the are multiple ways to create an SNMP user: one with noauthpriv, and the more secure with authpriv. this is what worked for us when we enabled authpriv

AuthPriv:

net-snmp-config --create-snmpv3-user -ro -A "$authvar" -a SHA -X "$privvar" -x AES $uservar export MIBS=ALL snmpwalk -v3 -u $uservar -A "$authvar" -a SHA -l authPriv -x AES -X "$privvar" 127.0.0.1 snmpEngineID

cfgmaker --show-op-down --ifdesc=alias --global "WorkDir: /var/www/mrtg" --output /var/www/mrtg/my.conf --global "Options[_]: growright, bits, avgpeak, unknaszero" --contextengineid=0x$engid --global "EnableSnmpV3: yes" --snmp-options=:::::3 --username=$uservar --authpassword=$authvar --authprotocol=sha --privpassword=$privvar --privprotocol=aes128 127.0.0.1

jon-larsen commented 1 year ago

I am using a Ubuntu box, but I think the issue is the are multiple ways to create an SNMP user: one with noauthpriv, and the more secure with authpriv. this is what worked for us when we enabled authpriv

AuthPriv:

net-snmp-config --create-snmpv3-user -ro -A "$authvar" -a SHA -X "$privvar" -x AES $uservar export MIBS=ALL snmpwalk -v3 -u $uservar -A "$authvar" -a SHA -l authPriv -x AES -X "$privvar" 127.0.0.1 snmpEngineID cfgmaker --show-op-down --ifdesc=alias --global "WorkDir: /var/www/mrtg" --output /var/www/mrtg/my.conf --global "Options[_]: growright, bits, avgpeak, unknaszero" --contextengineid=0x$engid --global "EnableSnmpV3: yes" --snmp-options=:::::3 --username=$uservar --authpassword=$authvar --authprotocol=sha --privpassword=$privvar --privprotocol=aes128 127.0.0.1

Okay. Thanks a lot for your time, but it still is a problem for me :cry: Hope someone with a more understanding of the code can explain the error message I receive.

sharkbit commented 1 year ago

ok my last try. do you have all the required libraries installed. while we were working on it we found we didnt have all the Perl modules that were quietly required installed.

apt-get install -y snmpd mrtg libsnmp-dev libcrypt-des-perl libdigest-hmac-perl snmp-mibs-downloader snmp libcrypt-rijndael-perl

jon-larsen commented 1 year ago

Thanks, worth a try :) I added the packages that I didn't have, but still the same output: usage: $sock->socket(DOMAIN, TYPE, PROTOCOL) at /usr/share/perl5/Net/SNMP/Transport/IPv4.pm line 36.

jon-larsen commented 1 year ago

After massive googling I found some post referring to the /etc/protocols file, which did not exist on my system. So I tried installing random packages until it appeared. The packet in question was liblwp-protocol-https-perl. So after installing that one, it works! Finally! :D Thanks @sharkbit for leading me to pursue this further :)