If you use Cisco devices then you have to use a "C" at the end of the privacy protocol because it seems Cisco has specific impelementation.
I use *priv_protocol: AES256C* for Cisco IOS and IOS XE devices running 17.x.y version. Brian Candler schrieb am Mittwoch, 10. Januar 2024 um 12:32:08 UTC+1: > > Please list the SNMP V3 instance configuration in generator.yml. I want > to know where the configuration error is! > > It's in the documentation: > > https://github.com/prometheus/snmp_exporter/blob/main/generator/README.md#file-format > > However, you don't need to compile anything to get started. Just use the > supplied snmp.yml, and edit the section under "auths" so it looks like this: > > auths: > public_v1: > community: public > security_level: noAuthNoPriv > auth_protocol: MD5 > priv_protocol: DES > version: 1 > public_v2: > community: public > security_level: noAuthNoPriv > auth_protocol: MD5 > priv_protocol: DES > version: 2 > > > > > > > > * prod_v3: version: 3 security_level: authPriv username: admin > auth_protocol: SHA password: XXXXXXX priv_protocol: AES > priv_password: YYYYYYY* > > And you're done. > > The next simplest option is to load multiple config files. This means you > can use the existing snmp.yml completely unchanged, and a separate yml file > that has just your auth(s) in it. I use the following: > > *snmp_exporter --config.file=/etc/prometheus/snmp.d/*.yml* > > Then I have /etc/prometheus/snmp.d/auth.yml (which is mine) > and /etc/prometheus/snmp.d/snmp.yml (which is the standard one). > > You only need to use the generator if you want to scrape MIBs other than > the supplied example ones. You can do this by starting with the supplied > generator.yml > <https://github.com/prometheus/snmp_exporter/blob/main/generator/generator.yml> > > and modifying it. But if all you want to do is change the auths, I wouldn't > bother, since the generator essentially just copies the auths from its > input to its output. > > On Wednesday 10 January 2024 at 10:36:09 UTC Awemnhd wrote: > >> I tried using snmp_exporter-0.25.0, using SNMP v3 mode, SHA and AES still >> not successful, and I have to recompile the generator.yml file, otherwise >> using the default snmp.yml file will have no effect! >> >> Please list the SNMP V3 instance configuration in generator.yml. I want >> to know where the configuration error is! >> >> 在2024年1月9日星期二 UTC+8 22:54:36<Brian Candler> 写道: >> >>> > Why is SNMP v3 so difficult to implement? >>> >>> It's not. It's dead easy. Do you have a working snmpwalk command line >>> which talks to your device? Then you just transfer the settings to your >>> snmp_exporter configuration. >>> >>> This has been made easier since snmp_exporter v0.23.0 >>> <https://github.com/prometheus/snmp_exporter/releases/tag/v0.23.0>, >>> because the "modules" which define the OID walking and the "auths" which >>> provide the credentials have been made orthogonal. You can add new auths, >>> without touching modules. You can also put them in separate files. >>> >>> So you end up with e.g. >>> >>> auths: >>> prod_v3: >>> version: 3 >>> security_level: authPriv >>> username: admin >>> auth_protocol: SHA >>> password: XXXXXXX >>> priv_protocol: AES >>> priv_password: YYYYYYY >>> >>> then you call /snmp?target=x.x.x.x&module=if_mib&auth=prod_v3 >>> >>> The default is indeed still public_v2. The only other option would be to >>> have no default, i.e. snmp_exporter would fail unless you provide an >>> explicit set of credentials. >>> >>> Hence I'd definitely recommend moving to snmp_exporter 0.25.0. If you >>> can't do that, then there is a YAML trick you can do to make adding new >>> auths easier: >>> >>> modules: >>> if_mib: *&if_mib* >>> .... etc >>> >>> # Append to end of file >>> >>> *if_mib_prod_v3: <<: *if_mib* >>> version: 3 >>> timeout: 3s >>> retries: 3 >>> auth: >>> security_level: authPriv >>> username: admin >>> auth_protocol: SHA >>> password: XXXXXXXX >>> ... etc >>> >>> This effectively "clones" the if_mib module under a new module >>> "if_mib_prod_v3", and then overrides parts of it. >>> >>> On Tuesday 9 January 2024 at 10:04:57 UTC Awemnhd wrote: >>> >>>> see >>>> https://github.com/prometheus/snmp_exporter/tree/main/generator#file-format >>>> >>>> Tried various ways to achieve some parameter passing >>>> username: >>>> security_level: >>>> password: SHA >>>> auth_protocol: AES >>>> priv_protocol: >>>> priv_password: >>>> >>>> As a result, when the service is started, the default access method is >>>> community: public_v2! >>>> >>>> Why is SNMP v3 so difficult to implement? Why are they all in SNMP V2 >>>> mode? Why? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/2bf9c39a-b2b9-4b08-9105-d32df0fd70aen%40googlegroups.com.
