We been using a number of plugin scripts to check the health on a number of network devices, these all use the Net::SNMP perl module, and have been working fine.
However, the authentication and privicy encryption protocols on our devices are being changed to AES256 and SHA256 from AES and SHA. The latest available version of the Net::SNMP Perl module doesn't support these protocols. We've tested and it fails.
The issue is the USM.pl file in the modules Perl directory. I've found a couple of posts in the Internet that say they have patched versions of USM and I've tried them, but they still fail, I suspect the postings were years ago and not related to the version of Net::SNMP we have installed.
I've even tried to get ChatGPT to rewrite our current USM.pm file, but with mixed results, ultimately it still doesn't work.
I know snnmp v5.9 and above supports these protocals if compiled with the correct arguements, but we would like to fix Net::SNMP.
Has anyone been able to do this? We have version 6.0.1 of Net::SNMP, which is the latest version on cpan.
Thanks om adance
Fixing Net::SNMP
-
nagios-dnelson
Re: Fixing Net::SNMP
Greetings!
Out of curiosity, does your environment have all of the requirements listed in the meta::cpan doc? https://metacpan.org/pod/Net::SNMP#REQUIREMENTS
Out of curiosity, does your environment have all of the requirements listed in the meta::cpan doc? https://metacpan.org/pod/Net::SNMP#REQUIREMENTS
REQUIREMENTS
- The Net::SNMP module uses syntax that is not supported in versions of Perl earlier than v5.6.0.
- The non-core modules Crypt::DES, Digest::MD5, Digest::SHA1, and Digest::HMAC are required to support SNMPv3.
- In order to support the AES Cipher Algorithm as a SNMPv3 privacy protocol, the non-core module Crypt::Rijndael is needed.
- To use UDP/IPv6 or TCP/IPv6 as a Transport Domain, the non-core module Socket6 is needed.
Re: Fixing Net::SNMP
Patching USM.pl works to enable SHA256. Info here: https://www.claudiokuenzler.com/blog/12 ... 256-sha512
I did this for NagiosXI MRTG graphs. My NagiosXI is running on Oracle Linux 9.
Just remember, after you replace the USM.pl file, you have to update the mrtg config files to use sha256, but you also have to update any mrtg files to sha1 for your older devices still using SHA1. The default "sha" does not work anymore, it needs to be "sha1" or "sha256" or "sha512".
I did this for NagiosXI MRTG graphs. My NagiosXI is running on Oracle Linux 9.
Just remember, after you replace the USM.pl file, you have to update the mrtg config files to use sha256, but you also have to update any mrtg files to sha1 for your older devices still using SHA1. The default "sha" does not work anymore, it needs to be "sha1" or "sha256" or "sha512".
delboy1966 wrote: ↑Thu Jul 31, 2025 8:06 am We been using a number of plugin scripts to check the health on a number of network devices, these all use the Net::SNMP perl module, and have been working fine.
However, the authentication and privicy encryption protocols on our devices are being changed to AES256 and SHA256 from AES and SHA. The latest available version of the Net::SNMP Perl module doesn't support these protocols. We've tested and it fails.
The issue is the USM.pl file in the modules Perl directory. I've found a couple of posts in the Internet that say they have patched versions of USM and I've tried them, but they still fail, I suspect the postings were years ago and not related to the version of Net::SNMP we have installed.
I've even tried to get ChatGPT to rewrite our current USM.pm file, but with mixed results, ultimately it still doesn't work.
I know snnmp v5.9 and above supports these protocals if compiled with the correct arguements, but we would like to fix Net::SNMP.
Has anyone been able to do this? We have version 6.0.1 of Net::SNMP, which is the latest version on cpan.
Thanks om adance