[mrtg] Re: MRTG and SNMPV3
LE SAOUT Yann NEURONES
yann.le-saout-neurones at irsn.fr
Fri Jan 13 10:45:28 MET 2006
Hi Daniel,
I have omitted to say that i had done (yesterday) some tests with a simple
SNMPv3 configuration on MRTG.
I'm working on cisco and before testing MRTG-SNMPv3 i have validated the
SNMPv3 confugaration with Net-SNMP. My SNMPV3 parameters on the router are
corrects for NoAuthNoPriv,AuthNoPriv,AuthPriv.
Note that i have tested with only NoAuthNoPriv and in the example i have
respected the syntax of the MRTG Reference Documentation.
I've also tested other configurations without success.
Here are the configurations:
====================== BEGIN OF RESULT ================================
###################################################
snmp-server user adm-mrtg mrtg1 v3
snmp-server group mrtg1 v3 noauth
snmp-server group mrtg2 v3 auth
snmp-server group mrtg3 v3 priv
###################################################
Router1#sh snmp user
User name: adm-mrtg
Engine ID: XXXX
storage-type: nonvolatile active
User name: adm-mrtg2
Engine ID: XXXX
storage-type: nonvolatile active
User name: adm-mrtg3
Engine ID: XXXX
storage-type: nonvolatile active
Router1#sh snmp group
groupname: mrtg1 security model:v3 noauth
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: mrtg2 security model:v3 auth
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: mrtg3 security model:v3 priv
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
############################################################################
#
MRTG Configuration:
------------------
#Globbal Config Options
# for UNIX
# WorkDir: /home/http/mrtg
Workdir: /home/mrtg/preprod/data
### Global Defaults
XSize[_]: 500
YSize[_]: 250
# to get bits instead of bytes and graphs growing to the right
Language: french
Options[_]: growright, pngdate, printrouter, unknaszero
EnableSnmpV3: yes
######################################################################
Target[Router1_FastEthernet0_0]: 1:192.168.108.210:::::3
SnmpOptions[Router1_FastEthernet0_0]: username=>'adm-mrtg'
SetEnv[Router1_FastEthernet0_0]: MRTG_INT_IP="192.168.108.210"
MRTG_INT_DESCR="FastEthernet0/0"
MaxBytes[Router1_FastEthernet0_0]: 12500000
blablabla ....
#####################################################################
Net-Snmp results :
-----------------
snmpget -u adm-mrtg 192.168.108.210 1.3.6.1.2.1.1.3.0
SNMPv2-MIB::sysUpTime.0 = Timeticks: (6647915) 18:27:59.15
####################################################################
MRTG Logfile :
--------------
2006-01-13 10:25:01 -- Started mrtg with config
'/home/mrtg/preprod/conf/test.cfg'
2006-01-13 10:25:01 -- ERROR: Target[router1_fastethernet0_0][_IN_]
'1:192.168.108.210:::::3' (warn): Bareword "::::" refers to nonexistent
package at (eval 8) line 1.
2006-01-13 10:25:01 -- ERROR: Target[router1_fastethernet0_0][_OUT_]
'1:192.168.108.210:::::3' (warn): Bareword "::::" refers to nonexistent
package at (eval 9) line 1.
=========END OF RESULTS
=========================================================
I don't know where is(are) the problem(s) ... "my poor configuration" or ...
Regards,
-----Message d'origine-----
De : Daniel J McDonald [mailto:dan.mcdonald at austinenergy.com]
Envoyé : jeudi 12 janvier 2006 17:19
À : mrtg
Objet : [mrtg] Re: MRTG and SNMPV3
On Thu, 2006-01-12 at 16:50 +0100, LE SAOUT Yann NEURONES wrote:
> Hi,
>
> I'm trying to monitor a cisco router with Snmpv3
> protocol but i don't know how to use Net::SNMP like it's notified in the
> reference documentation .
> "mrtg-reference - MRTG 2.13.0rc4 configuration reference"
> EnableSnmpV3
> When set to yes, uses the Net::SNMP module instead of the SNMP_SESSION
> module for generating snmp queries. This allows the use of SNMPv3 if other
> snmpv3 parameters are set.
> SNMPv3 is disabled by default.
> Example:
> EnableSnmpV3: yes"
>
> Any idea ???
You need to specify all of the snmp v3 parameters on a target. For
example:
Target[fiskville-net.austin-energy.net.cpu1]:
cpmCPUTotal5secRev.1&cpmCPUTotal1minRev.1:public at fiskville-net.austin-energy
.net::2:1:1:3
SnmpOptions[fiskville-net.austin-energy.net.cpu1]:
authkey=>'0x5[omitted]',authprotocol=>'sha',privprotocol=>'des',username=>'p
ublic',privkey=>'0x7[omitted]'
On the Target[] statement, the snmp version must be set to "3"
the SnmpOptions[] statement should have a hash of snmp v3 parameters.
The number of parameters depends on how you set up your group/user.
For example, this user was set up something like:
snmp-server group mygroup v3 priv
snmp-server user public mygroup v3 auth sha [omitted] priv des [omitted]
access 79
I could have specified the authpassword and privpassword fields, along
with the engineid, instead of using the hashed authkey and privkey
statements.
Since I wrote the original docs, please critique the discussion on
SnmpOptions in the manual and offer suggestions. I spent a long time
developing the solution, and know it a little too well to write good
docs, as I don't know what the average person doesn't know....
--
Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281
Austin Energy
dan.mcdonald at austinenergy.com
gpg Key: http://austinnetworkdesign.com/pgp.key
Key fingerprint = B527 F53D 0C8C D38B DCC7 901D 2F19 A13A 22E8 A76A
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://lists.ee.ethz.ch/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://lists.ee.ethz.ch/lsg2.cgi
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://lists.ee.ethz.ch/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://lists.ee.ethz.ch/lsg2.cgi
More information about the mrtg
mailing list