SNMPv3 - Complex Passwords & Wizards

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
klewia
Posts: 25
Joined: Thu Oct 04, 2012 9:56 am

SNMPv3 - Complex Passwords & Wizards

Post by klewia »

Hi Team,

2014.R7

First, I think there is a bash/wizard bug when a "$" is used in a password (Auth or Priv). This happens directly on the command line with snmp walk. (Not savvy enough with Linux to know how to instruct a bypass).

So, to fix the above I changed the password to one without a $.


Using the credentials that I successfully tested with the SNMP walk tool, I attempted to use the Network Switch / Routing Monitoring Wizard and recieved an error indicating that no ports were detected on the switch.
-> This is a Cisco 3850, I have not installed any Mib's on the Nagios server. (only need to for traps?)
-> I am not overly experienced with SNMP

Thanks for your time!

EDIT: Running on the cmd line returns some warnings indicated that is trying to do v1/2 yields the following.

Code: Select all

/usr/bin/cfgmaker --show-op-down --noreversedns --zero-speed '100000000' --enablesnmpv3 --snmp-options=:::::3 --username='redacted' --authprotocol='sha' --authpassword='redacted' --privprotocol='des' --privpassword='redacted' --contextengineid=0 'redacted'

SNMPopen failed: Support unavailable for privProtocol [aes] (Required module Crypt/Rijndael.pm not found)
 at /usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 1580
        Net_SNMP_util::snmpopen('public@redacted:::::3:v4only', 0, 'ARRAY(0x9e4f3b0)') called at /usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 1690
        Net_SNMP_util::snmpwalk_flg('public@redacted:::::3:v4only', undef, 'HASH(0x9a04998)', 1.3.6.1.2.1.1) called at /usr/bin/../lib/mrtg2/Net_SNMP_util.pm line 786
        Net_SNMP_util::snmpwalk('public@redacted:::::3:v4only', 'HASH(0x9a04998)', 1.3.6.1.2.1.1) called at /usr/bin/cfgmaker line 951
        main::DeviceInfo('public@redacted:::::3', 'HASH(0x9a04a18)', 'HASH(0x9a04998)') called at /usr/bin/cfgmaker line 142
        main::main() called at /usr/bin/cfgmaker line 160
SNMPWALK Problem for public@redacted:::::3:v4only at /usr/bin/cfgmaker line 951
WARNING: Skipping public@redacted:::::3 as no info could be retrieved
Last edited by klewia on Tue May 12, 2015 10:07 am, edited 1 time in total.
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by tmcdonald »

Please run the following from the Nagios server and paste the output:

Code: Select all

nmap <ip of snmp device>
Former Nagios employee
Top
klewia
Posts: 25
Joined: Thu Oct 04, 2012 9:56 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by klewia »

Code: Select all

nmap redacted -sU

Starting Nmap 5.51 ( http://nmap.org ) at 2015-05-12 11:08 EDT
Nmap scan report for redacted (redacted)
Host is up (0.0022s latency).
Not shown: 998 open|filtered ports
PORT    STATE SERVICE
123/udp open  ntp
161/udp open  snmp

Nmap done: 1 IP address (1 host up) scanned in 7.86 seconds
[root@PinnNagios snmp]#
added -sU - I assume you are checking for an snmp service
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: SNMPv3 - Complex Passwords & Wizards

Post by lmiltchev »

It seems like you are missing a required perl module.
SNMPopen failed: Support unavailable for privProtocol [aes] (Required module Crypt/Rijndael.pm not found)
Can you run the following command to see if this is going to fix your issue?

Code: Select all

yum install perl-Crypt-Rijndael -y
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by tmcdonald »

Ahh, did not catch your edit in time. Looks like it is just a missing perl module. Try this:

Code: Select all

PERL_MM_USE_DEFAULT=1 perl -MCPAN -e "install Crypt::Rijndael"
Edit of my own: And of course Ludmil beats me to it :)

On the plus side, the fact that we both suspect a perl module is a good sign.
Former Nagios employee
Top
klewia
Posts: 25
Joined: Thu Oct 04, 2012 9:56 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by klewia »

That fixed it! -- Thanks team!

Well, now a new problem is popping up.

Code: Select all

 	
Port 111 Status
	Unknown 	1m 9s 	2/5 	2015-05-12 11:44:12 	UNKNOWN - No info is being retrieved.
	
Port 112 Bandwidth
	Unknown 	36s 	1/5 	2015-05-12 11:43:45 	/var/lib/mrtg/redacted_112.rrd does not exist.
	
Port 112 Status
	Unknown 	2s 	1/5 	2015-05-12 11:44:19 	UNKNOWN - No info is being retrieved.
EDIT2: So, I applied configuration and am getting bandwidth values - 0/0, but Port status is still unknown.


Little ashamed I didn't read the error and do that myself.

Any commentary on the use of "$" in my passwords?
Last edited by klewia on Tue May 12, 2015 10:49 am, edited 1 time in total.
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by tmcdonald »

You can usually escape them by putting a backslash in front like so: \$

Try that, and if it does not work you might try putting it in the resource.cfg file and referencing the password as "$USERx$" in your arguments.
Former Nagios employee
Top
klewia
Posts: 25
Joined: Thu Oct 04, 2012 9:56 am

Re: SNMPv3 - Complex Passwords & Wizards

Post by klewia »

Thanks tmcdonald!

Could I have some help regarding the interface status Unknown? Any way to see errors/debug?

Thanks!
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: SNMPv3 - Complex Passwords & Wizards

Post by ssax »

If you run this from the command line do you get the status?

* Make sure to change SWITCHIP, SNMPCOMMUNITY, USERNAME, AUTHPASS, PRIVPASS

Code: Select all

/usr/local/nagios/libexec/check_ifoperstatus -H SWITCHIP -C SNMPCOMMUNITY -v3 -U USERNAME -A AUTHPASS -P DES -X PRIVPASS -a SHA1-k 111
Top
Locked

Return to “Nagios XI”