There is no support for SNMP v3 traps at this point. There don't seem to be many devices that support them and we haven't had much demand for them, so implementing support has not been a high priority. http://www.zenoss.com/community/docs/zenoss-guide/2.3.3/apds02.html
Thanks, Matt Ray Zenoss Community Manager community.zenoss.com [email protected] On Mar 25, 2009, at 1:36 PM, rjrobi wrote: > I am new to Zenoss and I am trying to test Zenoss to see if it will > work as a reliable network monitoring solution. [Question] I > have configured a Cisco 1841 router as a test router and I want to > see if I can use only SNMPv3 with traps because of v3 security > features. I have tried a number of different configurations and I > am getting the same results. > > Scenario: > -If I use the following Cisco Config.: > snmp-server location ***** ***** ****** ********, ***** ***, ***** > ******, ** ***** > snmp-server contact ******* **** **** **** ###-###-#### > snmp-server view ROview internet included > snmp-server view ROview cisco included > snmp-server group ROgroup v3 priv read ROview > snmp-server user ROuser ROgroup v3 auth sha ROauthpassword priv des > ROprivpassword > snmp-server host 10.20.1.160 traps version 3 priv ROuser > snmp-server enable traps > > -I can manually Add Device to Zenoss with the following configuration: > > Device Name: 10.20.1.28 > Device Class Path: /Network/Router/Cisco > Discovery Protocol: None > Snmp Community: {blank} > HW Manufacturer: Cisco > HW Product: 1841 > OS Manufacturer: Cisco > OS Product: IOS > > -After adding the device to Zenoss I have added the following to > zProperties: > > zSnmpAuthPassword: ROauthpassword > zSnmpAuthType: SHA > zSnmpCommunities: {deleted default: public and Private} > zSnmpCommunity: {left blank} > zSnmpPrivPassword: ROprivpassword > zSnmpPrivType: DES > zSnmpSecurityName: ROuser > zSnmpVer: v3 > > -After running the Model Device, the Device Information shows up, > including the Contact and Location information, and the SNMP Descr. > -Two component Types show up on the status tab called IpRouteEntry > and IpInterface. > -All my interfaces show up on the OS tab with apropriate green and > read indicators. > -I am able to run an SNMPWalk with success: > > snmpwalk -${device/zSnmpVer} -l authPriv -u ${device/ > zSnmpSecurityName} -A ${device/zSnmpAuthPassword} -a ${device/ > zSnmpAuthType} -x ${device/zSnmpPrivType} -X ${device/ > zSnmpPrivPassword} ${here/manageIp} system > -which gives me: > snmpwalk -v3 -l authPriv -u ROuser -A ROauthpassword -a SHA -x DES - > X ROprivpassword 10.20.1.28 system > -Output example (truncated to save space): > SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, 1841 Software > (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T8, RELEASE SOFTWARE (fc3) > SNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::enterprises.9.7.129 > SNMPv2-MIB::sysORID.2 = OID: SNMPv2-SMI::enterprises.9.7.115 > SNMPv2-MIB::sysORID.3 = OID: SNMPv2-SMI::enterprises.9.7.265 > SNMPv2-MIB::sysORID.4 = OID: SNMPv2-SMI::enterprises.9.7.112 > SNMPv2-MIB::sysORID.5 = OID: SNMPv2-SMI::enterprises.9.7.106 > SNMPv2-MIB::sysORID.6 = OID: SNMPv2-SMI::enterprises.9.7.47 > SNMPv2-MIB::sysORID.7 = OID: SNMPv2-SMI::enterprises.9.7.122 > SNMPv2-MIB::sysORID.8 = OID: SNMPv2-SMI::enterprises.9.7.135 > SNMPv2-MIB::sysORID.9 = OID: SNMPv2-SMI::enterprises.9.7.43 > SNMPv2-MIB::sysORID.10 = OID: SNMPv2-SMI::enterprises.9.7.37 > > ----------------------------------------------------------------------------------- > ?????????????????????????????????????????????????????????????????? > -So everything seems to work, except I am unable to get any event > notifications. Why am I not getting Event Notifications [Question] > ?????????????????????????????????????????????????????????????????? > > -If I setup my router to do a "debug snmp packets" and "debug snmp > requests", I see Zenoss polling every 5 minutes. However, If I do > something to generate traps, it appears that only V2 traps are being > generated. For example, if I unplug a network cable the debug on > the router gives me the following: > > Mar 13 2009 15:28:14.279 MDT: %LINEPROTO-5-UPDOWN: Line protocol on > Interface FastEthernet0/0/0, changed state to down > MBCUT-SNMPTest03# > Mar 13 2009 15:28:14.283 MDT: SNMP: Queuing packet to 10.20.1.160 > Mar 13 2009 15:28:14.283 MDT: SNMP: V2 Trap, reqid 13, errstat 0, > erridx 0 > sysUpTime.0 = 1063612 > snmpTrapOID.0 = snmpTraps.3 > ifIndex.3 = 3 > ifAdminStatus.3 = 1 > ifOperStatus.3 = 2 > ifDescr.3 = FastEthernet0/0/0 > ifType.3 = 6 > lifEntry.20.3 = down > Mar 13 2009 15:28:14.535 MDT: SNMP: Packet sent via UDP to 10.20.1.160 > > -Notice that it gives me "SNMP: V2 Trap". Also, notice that the > SNMPWalk -v3 above gives me "SNMPv2-MIB". > -I don't receive an event for the interface being down. > > -If I make a change to my router configuration: > > no snmp-server host 10.20.1.160 traps version 3 priv ROuser > snmp-server host 10.20.1.160 version 2c ROuser > > -Then do a Model Device, Zenoss recognizes the device. > -If I unplug a network cable, I get Events using "version 2c". > -I also get events using "version 1". > > ????????????????????????????????????????????????????????????????????? > -What am I doing wrong? [Question] > -Is there something that I have misconfigured on my router? [Question] > -Are there SNMPv3-MIBs? [Question] > -Which snmpd.conf file(s) need to be configured? [Question] > -How do I configure the snmpd.conf file? [Question] > ?????????????????????????????????????????????????????????????????? > > -I have tried to include a remote engineID, but then I am unable to > do an SNMPWalk. The only engineID I have been able to find in > Zenoss is in /var/net-snmp/snmpd.conf under > "oldEngineID=0x80001f888014c63e6a2078ad49". > -I have reinstalled net-snmp and I still cannot find net-snmp-config. > -I have tried to run different variants of "snmpusm -v 3 -u ROuser - > l authPriv -a SHA -A ROauthpassword -E 80001f888014c63e6a2078ad49 -e > 80001f888014c63e6a2078ad49 -x DES -X ROprivpassword" and it doesn't > seem to like the syntax. > -I have added following to /etc/snmp/snmpd.conf, /opt/zenoss/etc/ > snmpd.conf, and /var/net-snmp/snmpd.conf with and without the > engineID: > > engineID 0x80001f888014c63e6a2078ad49 > defSecurityLevel authPriv > defSecurityName ROuser > defAuthType SHA > defAuthPassphrase ROauthpassword > defPrivType DES > defPrivPassphrase ROprivpassword > defVersion 3 > > -I have added the following to /var/net-snmp/snmpd.conf with and > without the engineID: > > createuser -e 0x80001f888014c63e6a2078ad49 ROuser SHA ROauthpassword > DES ROprivpassword > > -After restarting snmpd the oldEngineID value has changed. > > -I have completely uninstalled and re-installed Zenoss. Please help. > > > > > -------------------- m2f -------------------- > > Read this topic online here: > http://forums.zenoss.com/viewtopic.php?p=32649#32649 > > -------------------- m2f -------------------- > > > > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
