Linux SNMP V3 - wizrard needs update

[saherker]

We're implementing nagiosxi into our environment and trying to do snmp v3 with our linux hosts. Your wizard has the users and pass word for snmp v3 in it, however it doesn't use them. Upon further investigation of the wizard source, it appears that the php page for the wizard was never completed in regards to implementing snmp v3. Is there a timeline to when a new version with a working snmp v3 wizard?

[scottwilkerson]

I believe this was a bug. I have made a new wizard and attached it here, can you install it through
Admin -> Manage Config Wizards

Let me know if it is using your v3 properly. You will need to run the wizard again to have it setup correctly.

[saherker]

I will tell you it still won't work just by viewing the linux_snmp.inc.php coding before trying to install.

Lines 165-178

Code: Select all

	<!--
	<tr>
	<td valign="top">
	<label>Authentication Protocol:</label><br class="nobr" />
	</td>
	<td>
	<select name="snmpopts[v3_auth_proto]">
	<option value="MD5" '.is_selected($snmpopts["v3_auth_proto"],"MD5").'>MD5</option>
	<option value="SHA" '.is_selected($snmpopts["v3_auth_proto"],"SHA").'>SHA</option>
	</select>
	<br class="nobr" />
	</td>
	</tr>
	//-->

We are using SHA,AES encryption, not the default MD5,DES encryption, and that section of the php file is commented out like the original. If we can't specify the encryption type, it will fail the check on our systems.

Also in the php coding lines 202 and 203

Code: Select all

			if(have_value($snmpcommunity)==false)
				$errmsg[$errors++]="No SNMP community specified.";

Snmp v3 doesn't use communities, so the plugin can't fail if we don't have a community, which this one still does.

In the section for actually creating the command Nagios will run, lines 543-563, you're missing an if statement to check if I've chosen MD5 or SHA encryption and to set the appropriate flags in the snmp command. The if statements for user, pass, and privilege pass are there, but the protocols need to be defined as well.

[scottwilkerson]

You are correct, this is a total bust N

ow that I've given it more than a cursory look, it will need a bit of modification. I'm adding it to my current TODO list, and will let you know when it has been completed and is working.

[scottwilkerson]

Ok,

I think we have it this time, all worked well on a machine I setup, only thing that should be different was that my machine was using MD5 instead of SHA, but the --authproto is now added to the plugin...

[saherker]

Wizard still doesn't work. In the check, your using the wrong flags

Code: Select all

--authproto=SHA

--authproto doesn't exist

Lines 147-149 of /usr/local/nagios/libexec/check_snmp_storage_wizard.pl ( for example )

Code: Select all

-L, --protocols=<authproto>,<privproto>
   <authproto> : Authentication protocol (md5|sha : default md5)
   <privproto> : Priv protocole (des|aes : default des)

When submitting the argument for the command, you must have "--protocols=sha,aes" or "--protocols=md5,des"

Below is working command I got from command line of nagios server.

Code: Select all

./check_snmp_storage_wizard.pl -v -H 1.1.1.1  -l user -x 'authpass' -X 'privpass' --protocols=sha,aes -m "^/$" -w 80 -c 95 -f

[scottwilkerson]

Boy, I think I've been looking at the specs of too many similar plugins..

Apparently my test of the last plugin worked because I was using the default Authentication and priv protocol.

Thanks again for giving the feedback, yet another version, adding in the selection for priv protocol and using the correct flag for it.

[saherker]

Thanks for your hard work, plugins works flawlessly now.