From 2b7224604e38080defdd0a2280900d260692596f Mon Sep 17 00:00:00 2001 From: Isaac Salgueiro Date: Fri, 2 Mar 2018 12:58:21 +0100 Subject: [PATCH 1/2] #1 Add (some) SNMP V3 support Only user security model, and only SHA/DES supported. --- README.md | 28 ++++++++++++++- _meta/beat.yml | 3 +- beater/otilio.go | 15 ++++++-- config/config.go | 17 ++++++--- otilio.snmpv3.yml | 79 +++++++++++++++++++++++++++++++++++++++++ tests/snmpv3/Dockerfile | 7 ++++ tests/snmpv3/README.md | 8 +++++ 7 files changed, 148 insertions(+), 9 deletions(-) create mode 100644 otilio.snmpv3.yml create mode 100644 tests/snmpv3/Dockerfile create mode 100644 tests/snmpv3/README.md diff --git a/README.md b/README.md index 985b725..7caec7f 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ otilio: # SNMP host to query host: "127.0.0.1" - # SMNP version + # SMNP version: 1, 2c or 3 version: 2c # SNMP community @@ -28,6 +28,32 @@ otilio: ``` This will get oids `1.3.6.1.2.1.1.1.0` and `1.3.6.1.2.1.1.3.0` from SNMP server at localhost and store them in `otilio-YYYY.MM.DD` index in Elasticsearch in fields `sysDescr` and `sysUpTime`. +SNMP V3 configuration example + +``` +otilio: + # Defines how often an event is sent to the output + period: 1s + + # SNMP host to query + host: "127.0.0.1" + port: 10161 + + # SMNP version + version: 3 + + # SNMP user security model parameters + # currently only SHA auth and DES encryption supported ¯\_(ツ)_/¯ + user: "theuser" + authpass: "theauthpassword" + privpass: "theprivacyencryptionpassword" + + # oids to query + # (the starting dot is intended) + oids: + - {oid: ".1.3.6.1.2.1.25.1", name: hrSystem} +``` + ## Building Ensure that this folder is at the following location: diff --git a/_meta/beat.yml b/_meta/beat.yml index 220052c..c152f1b 100644 --- a/_meta/beat.yml +++ b/_meta/beat.yml @@ -8,8 +8,9 @@ otilio: # SNMP host to query host: "127.0.0.1" + port: 161 - # SMNP version + # SMNP version: 1, 2c or 3 version: 2c # SNMP community diff --git a/beater/otilio.go b/beater/otilio.go index 6f8fc79..7cb15db 100644 --- a/beater/otilio.go +++ b/beater/otilio.go @@ -73,14 +73,25 @@ func (bt *Otilio) Run(b *beat.Beat) error { case <-ticker.C: // TODO: connect outside the loop with a timeout < bt.config.Period gosnmp.Default.Target = bt.config.Host + gosnmp.Default.Port = bt.config.Port + gosnmp.Default.Community = bt.config.Community + gosnmp.Default.Version = bt.version + if bt.version == gosnmp.Version3 { + gosnmp.Default.SecurityModel = gosnmp.UserSecurityModel + gosnmp.Default.SecurityParameters = &gosnmp.UsmSecurityParameters{ + UserName: bt.config.User, + AuthenticationPassphrase: bt.config.AuthPassword, + PrivacyPassphrase: bt.config.PrivPassword, + AuthenticationProtocol: gosnmp.SHA, + PrivacyProtocol: gosnmp.DES, + } + } err := gosnmp.Default.Connect() if err != nil { logp.Critical("Can't connect to %s: %v", bt.config.Host, err.Error()) return fmt.Errorf("Can't connect to %s", bt.config.Host) } defer gosnmp.Default.Conn.Close() - gosnmp.Default.Community = bt.config.Community - gosnmp.Default.Version = bt.version r, err := gosnmp.Default.Get(bt.oids) if err != nil { logp.Err("Can't get oids %v: %v", bt.config.OIDs, err.Error()) diff --git a/config/config.go b/config/config.go index aeb842c..f0298f7 100644 --- a/config/config.go +++ b/config/config.go @@ -5,17 +5,24 @@ package config import "time" +// Config stores Otilio configuration loaded from .yaml file type Config struct { - Period time.Duration `config:"period"` - Host string `config:"host"` - Community string `config:"community"` - Version string `config:"version"` - OIDs []map[string]string `config:"oids"` + Period time.Duration `config:"period"` + Host string `config:"host"` + Port uint16 `config:"port"` + Community string `config:"community"` + User string `config:"user"` + AuthPassword string `config:"authpass"` + PrivPassword string `config:"privpass"` + Version string `config:"version"` + OIDs []map[string]string `config:"oids"` } +// DefaultConfig default configuration var DefaultConfig = Config{ Period: 1 * time.Second, Host: "127.0.0.1", + Port: 161, Community: "public", Version: "2c", } diff --git a/otilio.snmpv3.yml b/otilio.snmpv3.yml new file mode 100644 index 0000000..e7a9f08 --- /dev/null +++ b/otilio.snmpv3.yml @@ -0,0 +1,79 @@ +################### Otilio Configuration Example ######################### + +############################# Otilio ###################################### + +otilio: + # Defines how often an event is sent to the output + period: 1s + + # SNMP host to query + host: "127.0.0.1" + port: 10161 + + # SMNP version + version: 3 + + # SNMP user security model parameters + user: "theuser" + authpass: "theauthpassword" + privpass: "theprivacyencryptionpassword" + + # oids to query + # (the starting dot is intended) + oids: + - {oid: ".1.3.6.1.2.1.25.1", name: hrSystem} +#================================ General ===================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. +#fields: +# env: staging + +#================================ Outputs ===================================== + +# Configure what outputs to use when sending the data collected by the beat. +# Multiple outputs may be used. + +#-------------------------- Elasticsearch output ------------------------------ +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["localhost:9200"] + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" + +#----------------------------- Logstash output -------------------------------- +#output.logstash: + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Optional SSL. By default is off. + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client Certificate Key + #ssl.key: "/etc/pki/client/cert.key" + +#================================ Logging ===================================== + +# Sets log level. The default log level is info. +# Available log levels are: critical, error, warning, info, debug +#logging.level: debug + +# At debug level, you can selectively enable logging only for some components. +# To enable all selectors use ["*"]. Examples of other selectors are "beat", +# "publish", "service". +#logging.selectors: ["*"] diff --git a/tests/snmpv3/Dockerfile b/tests/snmpv3/Dockerfile new file mode 100644 index 0000000..e8e1acd --- /dev/null +++ b/tests/snmpv3/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.6 +RUN apk add --update net-snmp net-snmp-tools +RUN sed -i 's/agentAddress udp:127.0.0.1:161/agentAddress udp:10161/g' /etc/snmp/snmpd.conf +RUN net-snmp-create-v3-user -ro -A theauthpassword -a SHA -X theprivacyencryptionpassword -x DES theuser +EXPOSE 10161/tcp +RUN rm -rf /var/cache/apk/* +ENTRYPOINT [ "snmpd", "-f" ] diff --git a/tests/snmpv3/README.md b/tests/snmpv3/README.md new file mode 100644 index 0000000..6af1386 --- /dev/null +++ b/tests/snmpv3/README.md @@ -0,0 +1,8 @@ +Use this dockerfile to start a testing SNMP v3 server + +``` +$ docker build . +[...] +Successfully built +$ docker run -p 10161:10161/udp +``` From e2bcf3a06da90d2fa2c493c6c55892c86ec47c4b Mon Sep 17 00:00:00 2001 From: Isaac Salgueiro Date: Fri, 2 Mar 2018 13:01:20 +0100 Subject: [PATCH 2/2] make update --- otilio.full.yml | 3 ++- otilio.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/otilio.full.yml b/otilio.full.yml index 9887469..6aa1c73 100644 --- a/otilio.full.yml +++ b/otilio.full.yml @@ -8,8 +8,9 @@ otilio: # SNMP host to query host: "127.0.0.1" + port: 161 - # SMNP version + # SMNP version: 1, 2c or 3 version: 2c # SNMP community diff --git a/otilio.yml b/otilio.yml index 1cf294e..ada16ca 100644 --- a/otilio.yml +++ b/otilio.yml @@ -8,8 +8,9 @@ otilio: # SNMP host to query host: "127.0.0.1" + port: 161 - # SMNP version + # SMNP version: 1, 2c or 3 version: 2c # SNMP community