Re: Call for testers: SNMPv3 support for bsnmpd(1)

Hi all,

The modules implementing SNMPv3 in bsnmpd(1) are snmp_usm(3),
snmp_vacm(3) and snmp_target(3) all based on standard RFC. snmp_usm(3)
handles v1/v2c and v3 user configuration including user name,
auth/priv protocol type and relevant keys. snmp_vacm(3) allows
restricting users to specific parts of the MIB tree, and
snmp_target(3) allows configuring destination hosts for SNMP traps and
notifications.

To get SNMPv3 traps, snmp_target(3) module needs to be loaded - the
default /etc/snmpd.config file contains commented out example
configuration, looking at snmp_target(3) man page should give some
hints too - basicly you need to set at least one entry in
snmpTargetAddrTable containing relevant connection parameters for the
host that should receive the notifications, one snmpTargetParamsTable
specifying the USM user credentials that should be used and one entry
in  snmpNotifyTable specifying for which tag whether a trap or
notification should be sent.
RFC 3413 also contains examples on how to fill in the SNMP-NOTIFICATION-MIB .

The standard SNMPv3 modules are somewhat too complicated for most
configurations though, so I've had the idea to implement a private
Begemot module with much simpler configuration that will fill
automatically the standard MIB trees with v3 user configuration but I
haven't gotten to actually implementing it yet.

cheers,
Shteryana


On Mon, Mar 31, 2014 at 4:07 PM, Bjoern A. Zeeb
<bzeeb-lists_at_lists.zabbadoz.net> wrote:
> On 31 Mar 2014, at 12:14 , Marciano, Anthony <amarcian_at_redcom.com> wrote:
>
>> Thanks Harti.
>>
>> I did get the basic V3 configuration working in that I could walk the mib using authorization and encryption.
>>
>> If Shteryana has the time, maybe he would be able to provide me with some information needed to configure and test V3 traps.
>>
>> I don't have his e-mail so if you could forward this to him I would appreciate it.
>
> I’ve put her on Cc:
>
>
>> -----Original Message-----
>> From: Hartmut Brandt [mailto:hartmut.brandt_at_dlr.de]
>> Sent: Sunday, March 30, 2014 8:22 AM
>> To: Marciano, Anthony
>> Cc: freebsd-current_at_freebsd.org; tomarox52_at_gmail.com
>> Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1)
>>
>> Hi Anthony,
>>
>> On Fri, 28 Mar 2014, Marciano, Anthony wrote:
>>
>> MA>I've been tasked to get bsnmpd V3 working for my company. The post
>> MA>referenced in the subject above gave me some insights but I'm still
>> MA>stuck and was wondering if you would take the time to answer some
>> MA>questions. I'm a snmpV3 newbie and have never worked with bsnmpd. I
>> MA>have worked minimally with net-snmp V2.
>> MA>
>> MA>First, is there a document listing all of the configuration options
>> MA>in the snmpd.confg file? It appears to differ from other packages
>> MA>such as net-snmp.
>>
>>
>> I can answer only this question - I'm not very familiar with SNMPv3, but Shteryana should be able to help.
>>
>> No, there is no document with all the setting. The reason is simple: the config file is just a set of SNMP SET PDUs executed at startup, SIGHUP or module load. The file is segmented into sections by %name lines with all segments having the same name beeing put together. At the begin of the file there is an implicit %snmpd line.
>>
>> Each section is a SET PDU. The %snmpd PDU is executed on startup and SIGHUP, all other sections are executed when the corresponding module is beeing loaded or on SIGHUP if that module is already loaded when the SIGHUP occures.
>>
>> So any writeable or creatable MIB variable can be put into the configuration file.
>>
>> harti
>> _______________________________________________
>> freebsd-current_at_freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>
> —
> Bjoern A. Zeeb                             ????????? ??? ??????? ??????:
> '??? ??? ???? ??????  ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
> ?????? ?? ????? ????',  ????????? ?????????, "??? ????? ?? ?????", ?.???
>