RE: Call for testers: SNMPv3 support for bsnmpd(1)

From: Marciano, Anthony <amarcian_at_redcom.com>
Date: Mon, 31 Mar 2014 13:47:16 -0400
Hi Shteryana,

Thank you for your quick response.

Currently, we are just looking to monitor standard objects such as interfaces and send traps accordingly.
Would it be possible to provide a trap example of what needs to be added to the snmpd.config file to monitor an object and have it sent via V3?

I've searched for this information and read through various RFCs but have not discovered any bsnmpd specific trap syntax and/or examples.

Thanks you.

Tony

-----Original Message-----
From: shteryana_at_gmail.com [mailto:shteryana_at_gmail.com] On Behalf Of Shteryana Shopova
Sent: Monday, March 31, 2014 10:10 AM
To: Bjoern A. Zeeb
Cc: Marciano, Anthony; Hartmut Brandt; freebsd-current_at_freebsd.org; tomarox52_at_gmail.com
Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1)

Hi all,

The modules implementing SNMPv3 in bsnmpd(1) are snmp_usm(3),
snmp_vacm(3) and snmp_target(3) all based on standard RFC. snmp_usm(3) handles v1/v2c and v3 user configuration including user name, auth/priv protocol type and relevant keys. snmp_vacm(3) allows restricting users to specific parts of the MIB tree, and
snmp_target(3) allows configuring destination hosts for SNMP traps and notifications.

To get SNMPv3 traps, snmp_target(3) module needs to be loaded - the default /etc/snmpd.config file contains commented out example configuration, looking at snmp_target(3) man page should give some hints too - basicly you need to set at least one entry in snmpTargetAddrTable containing relevant connection parameters for the host that should receive the notifications, one snmpTargetParamsTable specifying the USM user credentials that should be used and one entry in  snmpNotifyTable specifying for which tag whether a trap or notification should be sent.
RFC 3413 also contains examples on how to fill in the SNMP-NOTIFICATION-MIB .

The standard SNMPv3 modules are somewhat too complicated for most configurations though, so I've had the idea to implement a private Begemot module with much simpler configuration that will fill automatically the standard MIB trees with v3 user configuration but I haven't gotten to actually implementing it yet.

cheers,
Shteryana


On Mon, Mar 31, 2014 at 4:07 PM, Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net> wrote:
> On 31 Mar 2014, at 12:14 , Marciano, Anthony <amarcian_at_redcom.com> wrote:
>
>> Thanks Harti.
>>
>> I did get the basic V3 configuration working in that I could walk the mib using authorization and encryption.
>>
>> If Shteryana has the time, maybe he would be able to provide me with some information needed to configure and test V3 traps.
>>
>> I don't have his e-mail so if you could forward this to him I would appreciate it.
>
> I’ve put her on Cc:
>
>
>> -----Original Message-----
>> From: Hartmut Brandt [mailto:hartmut.brandt_at_dlr.de]
>> Sent: Sunday, March 30, 2014 8:22 AM
>> To: Marciano, Anthony
>> Cc: freebsd-current_at_freebsd.org; tomarox52_at_gmail.com
>> Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1)
>>
>> Hi Anthony,
>>
>> On Fri, 28 Mar 2014, Marciano, Anthony wrote:
>>
>> MA>I've been tasked to get bsnmpd V3 working for my company. The post 
>> MA>referenced in the subject above gave me some insights but I'm 
>> MA>still stuck and was wondering if you would take the time to answer 
>> MA>some questions. I'm a snmpV3 newbie and have never worked with 
>> MA>bsnmpd. I have worked minimally with net-snmp V2.
>> MA>
>> MA>First, is there a document listing all of the configuration 
>> MA>options in the snmpd.confg file? It appears to differ from other 
>> MA>packages such as net-snmp.
>>
>>
>> I can answer only this question - I'm not very familiar with SNMPv3, but Shteryana should be able to help.
>>
>> No, there is no document with all the setting. The reason is simple: the config file is just a set of SNMP SET PDUs executed at startup, SIGHUP or module load. The file is segmented into sections by %name lines with all segments having the same name beeing put together. At the begin of the file there is an implicit %snmpd line.
>>
>> Each section is a SET PDU. The %snmpd PDU is executed on startup and SIGHUP, all other sections are executed when the corresponding module is beeing loaded or on SIGHUP if that module is already loaded when the SIGHUP occures.
>>
>> So any writeable or creatable MIB variable can be put into the configuration file.
>>
>> harti
>> _______________________________________________
>> freebsd-current_at_freebsd.org mailing list 
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current

>> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>
> —
> Bjoern A. Zeeb                             ????????? ??? ??????? ??????:
> '??? ??? ???? ??????  ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
> ?????? ?? ????? ????',  ????????? ?????????, "??? ????? ?? ?????", ?.???
>
Received on Mon Mar 31 2014 - 15:46:32 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:48 UTC