Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNMP input plugin: Fixed SNMPv3 encryption and authentication #7755

Closed
wants to merge 1 commit into from
Closed

SNMP input plugin: Fixed SNMPv3 encryption and authentication #7755

wants to merge 1 commit into from

Conversation

kauppine
Copy link
Contributor

@kauppine kauppine commented Jun 27, 2020
edited
Loading

This PR fixes SNMP plugin's SNMPv3 authentication and encryption. Previously the parameters were set incorrectly, hence the requests were not using USM properly. Therefore, the requests were unencrypted and garbage values were observed as seen in #7746

This PR passes all the existing tests, however, in my opinion the SNMP-plugin would benefit from better unit tests.
I've used snmplabs' testing service: http://snmplabs.com/snmp-simulation-service.html#snmpv3-usm

Closes #7746
Using invalid auth or priv password yields an error:

[[inputs.snmp]]
agents = [ "demo.snmplabs.com:1161" ]
interval = "5s"
timeout = "5s"
retries = 3
version = 3
sec_name = "usr-md5-none"
auth_protocol = "MD5"
auth_password = "invalid"
sec_level = "authNoPriv"
 
  [[inputs.snmp.field]]
    name = "hostname"
    oid = ".1.3.6.1.2.1.1.5.0"
    is_tag = true
 
  [[inputs.snmp.field]]
    name = "uptime"
    oid = "1.3.6.1.2.1.1.3.0"
 
  [[inputs.snmp.field]]
    name = "cpmCPUTotal1min"
    oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.7"

./telegraf -test -config snmp.conf
2020-06-28T16:49:40Z I! Starting Telegraf
2020-06-28T16:49:42Z E! [inputs.snmp] Error in plugin: agent demo.snmplabs.com:1161: performing get on field hostname: Incoming packet is not authentic, discarding
2020-06-28T16:49:42Z E! [telegraf] Error running agent: input plugins recorded 1 errors

Closes #3788
Telegraf now sends messages encrypted if encryption is used:

[[inputs.snmp]]
agents = [ "demo.snmplabs.com:1161" ]
interval = "5s"
timeout = "5s"
retries = 3
version = 3
sec_name = "usr-md5-aes"
auth_protocol = "MD5"
auth_password = "authkey1"
priv_protocol = "AES"
priv_password = "privkey1"
sec_level = "authPriv"
 
  [[inputs.snmp.field]]
    name = "hostname"
    oid = ".1.3.6.1.2.1.1.5.0"
    is_tag = true
 
  [[inputs.snmp.field]]
    name = "uptime"
    oid = "1.3.6.1.2.1.1.3.0"
 
  [[inputs.snmp.field]]
    name = "cpmCPUTotal1min"
    oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.7"

./telegraf -test -config snmp.conf 
2020-06-28T17:08:08Z I! Starting Telegraf
snmp,agent_host=demo.snmplabs.com,hostname=458 uptime=1069527715i 1593364090000000000
> snmp,agent_host=demo.snmplabs.com,hostname=458 uptime=1069527715i 1593364090000000000

snmp_encrypted

  • Signed CLA.
  • Associated README.md updated.
  • Has appropriate unit tests.

@kauppine kauppine marked this pull request as ready for review June 28, 2020 17:06
@danielnelson danielnelson requested a review from reimda June 29, 2020 17:04
@danielnelson danielnelson added area/snmp fix pr to fix corresponding bug labels Jun 29, 2020
@danielnelson
Copy link
Contributor

I must be missing something, I don't understand how these changes would have any effect as it seems like equivalent code. Can you explain how this works?

@kauppine kauppine closed this Jun 29, 2020
@kauppine kauppine deleted the snmpv3-error branch June 29, 2020 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reimda reimda Awaiting requested review from reimda

Assignees
No one assigned
Labels
area/snmp fix pr to fix corresponding bug
Projects
None yet
Milestone
No milestone
2 participants
@kauppine @danielnelson