From owner-freebsd-current@FreeBSD.ORG Mon Mar 31 14:09:39 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E6475623 for ; Mon, 31 Mar 2014 14:09:39 +0000 (UTC) Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A1CEF1D1 for ; Mon, 31 Mar 2014 14:09:39 +0000 (UTC) Received: by mail-qc0-f169.google.com with SMTP id i17so9075963qcy.28 for ; Mon, 31 Mar 2014 07:09:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=ztBct9G3ax6qBHpvVtbzENb4vJj64bOoKXgW6YhtwcE=; b=V88qqbTbNJAndhQ5Y2Fv83vTLnCSur6GqyDFSc89BMQfmzFCkvKloSjLMCAzh27HPt kfymNug69ycGi4pshrqG7S+axxJGJTJxY49K8DhwSKuwOE7wYQKnes8yFCoINkZqWYd6 JsVED2LM4p2REn9DuCtKnGO93NYJWLKQkInAaWxVDv0+sY8pmTzQK251I2enZhM3/Uo7 GPfhczWVD1NfVkx8wkhZ45fTlnYVS5yFrXOztejuG1UqRqbCyEc8MWC3KoMn5hFhPxlb W9V6ppXc+CojQI5QLOYENsCp3lTQjRCBZA3P0vX8zNMlk3NxoqQe5uClUNRU2SHAD/Pf lkXQ== MIME-Version: 1.0 X-Received: by 10.224.104.1 with SMTP id m1mr8865499qao.51.1396274978802; Mon, 31 Mar 2014 07:09:38 -0700 (PDT) Sender: shteryana@gmail.com Received: by 10.224.182.76 with HTTP; Mon, 31 Mar 2014 07:09:38 -0700 (PDT) In-Reply-To: References: <401084E5E73F4241A44F3C9E6FD7942801091834B4@exch-01> <401084E5E73F4241A44F3C9E6FD794280109183637@exch-01> Date: Mon, 31 Mar 2014 17:09:38 +0300 X-Google-Sender-Auth: 2RcrLpDRP_w3KofCM0iDVGhI-Ik Message-ID: Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1) From: Shteryana Shopova To: "Bjoern A. Zeeb" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "Marciano, Anthony" , Hartmut Brandt , "freebsd-current@freebsd.org" , "tomarox52@gmail.com" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: syrinx@FreeBSD.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 14:09:40 -0000 Hi all, The modules implementing SNMPv3 in bsnmpd(1) are snmp_usm(3), snmp_vacm(3) and snmp_target(3) all based on standard RFC. snmp_usm(3) handles v1/v2c and v3 user configuration including user name, auth/priv protocol type and relevant keys. snmp_vacm(3) allows restricting users to specific parts of the MIB tree, and snmp_target(3) allows configuring destination hosts for SNMP traps and notifications. To get SNMPv3 traps, snmp_target(3) module needs to be loaded - the default /etc/snmpd.config file contains commented out example configuration, looking at snmp_target(3) man page should give some hints too - basicly you need to set at least one entry in snmpTargetAddrTable containing relevant connection parameters for the host that should receive the notifications, one snmpTargetParamsTable specifying the USM user credentials that should be used and one entry in snmpNotifyTable specifying for which tag whether a trap or notification should be sent. RFC 3413 also contains examples on how to fill in the SNMP-NOTIFICATION-MIB= . The standard SNMPv3 modules are somewhat too complicated for most configurations though, so I've had the idea to implement a private Begemot module with much simpler configuration that will fill automatically the standard MIB trees with v3 user configuration but I haven't gotten to actually implementing it yet. cheers, Shteryana On Mon, Mar 31, 2014 at 4:07 PM, Bjoern A. Zeeb wrote: > On 31 Mar 2014, at 12:14 , Marciano, Anthony wrote: > >> Thanks Harti. >> >> I did get the basic V3 configuration working in that I could walk the mi= b using authorization and encryption. >> >> If Shteryana has the time, maybe he would be able to provide me with som= e information needed to configure and test V3 traps. >> >> I don't have his e-mail so if you could forward this to him I would appr= eciate it. > > I=E2=80=99ve put her on Cc: > > >> -----Original Message----- >> From: Hartmut Brandt [mailto:hartmut.brandt@dlr.de] >> Sent: Sunday, March 30, 2014 8:22 AM >> To: Marciano, Anthony >> Cc: freebsd-current@freebsd.org; tomarox52@gmail.com >> Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1) >> >> Hi Anthony, >> >> On Fri, 28 Mar 2014, Marciano, Anthony wrote: >> >> MA>I've been tasked to get bsnmpd V3 working for my company. The post >> MA>referenced in the subject above gave me some insights but I'm still >> MA>stuck and was wondering if you would take the time to answer some >> MA>questions. I'm a snmpV3 newbie and have never worked with bsnmpd. I >> MA>have worked minimally with net-snmp V2. >> MA> >> MA>First, is there a document listing all of the configuration options >> MA>in the snmpd.confg file? It appears to differ from other packages >> MA>such as net-snmp. >> >> >> I can answer only this question - I'm not very familiar with SNMPv3, but= Shteryana should be able to help. >> >> No, there is no document with all the setting. The reason is simple: the= config file is just a set of SNMP SET PDUs executed at startup, SIGHUP or = module load. The file is segmented into sections by %name lines with all se= gments having the same name beeing put together. At the begin of the file t= here is an implicit %snmpd line. >> >> Each section is a SET PDU. The %snmpd PDU is executed on startup and SIG= HUP, all other sections are executed when the corresponding module is beein= g loaded or on SIGHUP if that module is already loaded when the SIGHUP occu= res. >> >> So any writeable or creatable MIB variable can be put into the configura= tion file. >> >> harti >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.or= g" > > =E2=80=94 > Bjoern A. Zeeb ????????? ??? ??????? ??????: > '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ???? > ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.??? >