Date: Mon, 31 Mar 2014 17:09:38 +0300 From: Shteryana Shopova <syrinx@FreeBSD.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: "Marciano, Anthony" <amarcian@redcom.com>, Hartmut Brandt <hartmut.brandt@dlr.de>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "tomarox52@gmail.com" <tomarox52@gmail.com> Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1) Message-ID: <CAExw995az5ym=gAQOEpbkFxoAQW6dBxF1GXWaM2vy9UZAtMPew@mail.gmail.com> In-Reply-To: <F0C6CE2A-FAB4-4E5B-B3A8-F21C785A45BC@lists.zabbadoz.net> References: <401084E5E73F4241A44F3C9E6FD7942801091834B4@exch-01> <alpine.BSF.2.00.1403301416560.30880@KNOP-BEAGLE.kn.op.dlr.de> <401084E5E73F4241A44F3C9E6FD794280109183637@exch-01> <F0C6CE2A-FAB4-4E5B-B3A8-F21C785A45BC@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, The modules implementing SNMPv3 in bsnmpd(1) are snmp_usm(3), snmp_vacm(3) and snmp_target(3) all based on standard RFC. snmp_usm(3) handles v1/v2c and v3 user configuration including user name, auth/priv protocol type and relevant keys. snmp_vacm(3) allows restricting users to specific parts of the MIB tree, and snmp_target(3) allows configuring destination hosts for SNMP traps and notifications. To get SNMPv3 traps, snmp_target(3) module needs to be loaded - the default /etc/snmpd.config file contains commented out example configuration, looking at snmp_target(3) man page should give some hints too - basicly you need to set at least one entry in snmpTargetAddrTable containing relevant connection parameters for the host that should receive the notifications, one snmpTargetParamsTable specifying the USM user credentials that should be used and one entry in snmpNotifyTable specifying for which tag whether a trap or notification should be sent. RFC 3413 also contains examples on how to fill in the SNMP-NOTIFICATION-MIB= . The standard SNMPv3 modules are somewhat too complicated for most configurations though, so I've had the idea to implement a private Begemot module with much simpler configuration that will fill automatically the standard MIB trees with v3 user configuration but I haven't gotten to actually implementing it yet. cheers, Shteryana On Mon, Mar 31, 2014 at 4:07 PM, Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote: > On 31 Mar 2014, at 12:14 , Marciano, Anthony <amarcian@redcom.com> wrote: > >> Thanks Harti. >> >> I did get the basic V3 configuration working in that I could walk the mi= b using authorization and encryption. >> >> If Shteryana has the time, maybe he would be able to provide me with som= e information needed to configure and test V3 traps. >> >> I don't have his e-mail so if you could forward this to him I would appr= eciate it. > > I=E2=80=99ve put her on Cc: > > >> -----Original Message----- >> From: Hartmut Brandt [mailto:hartmut.brandt@dlr.de] >> Sent: Sunday, March 30, 2014 8:22 AM >> To: Marciano, Anthony >> Cc: freebsd-current@freebsd.org; tomarox52@gmail.com >> Subject: Re: Call for testers: SNMPv3 support for bsnmpd(1) >> >> Hi Anthony, >> >> On Fri, 28 Mar 2014, Marciano, Anthony wrote: >> >> MA>I've been tasked to get bsnmpd V3 working for my company. The post >> MA>referenced in the subject above gave me some insights but I'm still >> MA>stuck and was wondering if you would take the time to answer some >> MA>questions. I'm a snmpV3 newbie and have never worked with bsnmpd. I >> MA>have worked minimally with net-snmp V2. >> MA> >> MA>First, is there a document listing all of the configuration options >> MA>in the snmpd.confg file? It appears to differ from other packages >> MA>such as net-snmp. >> >> >> I can answer only this question - I'm not very familiar with SNMPv3, but= Shteryana should be able to help. >> >> No, there is no document with all the setting. The reason is simple: the= config file is just a set of SNMP SET PDUs executed at startup, SIGHUP or = module load. The file is segmented into sections by %name lines with all se= gments having the same name beeing put together. At the begin of the file t= here is an implicit %snmpd line. >> >> Each section is a SET PDU. The %snmpd PDU is executed on startup and SIG= HUP, all other sections are executed when the corresponding module is beein= g loaded or on SIGHUP if that module is already loaded when the SIGHUP occu= res. >> >> So any writeable or creatable MIB variable can be put into the configura= tion file. >> >> harti >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.or= g" > > =E2=80=94 > Bjoern A. Zeeb ????????? ??? ??????? ??????: > '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ???? > ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.??? >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAExw995az5ym=gAQOEpbkFxoAQW6dBxF1GXWaM2vy9UZAtMPew>