Enrichment using NETIF_SNMP_ACCESS not working?

ElastiFlow Community
1

How is NETIF_SNMP_ACCESS supposed to work with NetObserv Flow? Where can I find documentation for the file format and options?

I set the following but never see any SNMP queries from the collector:

EF_PROCESSOR_ENRICH_NETIF_SNMP_ACCESS_ENABLE: "true"
EF_PROCESSOR_ENRICH_NETIF_SNMP_ACCESS_PATH: /etc/elastiflow/settings/snmp_access.yml
EF_PROCESSOR_ENRICH_NETIF_SNMP_ACCESS_REFRESH_RATE: 15

/etc/elastiflow/settings/snmp_access.yml contains:

10.0.0.1:
    enabled: true
    port: 161
    retries: 2
    timeout: 5
    version: 3
    v3_credential:
      username: 'mysnmpusername'
      authentication_protocol: 'sha'
      authentication_passphrase: 'secret_passphrase'
      privacy_protocol: 'aes'
      privacy_passphrase: 'privacy_passphrase'

If I configure the section below then SNMP queries work but I have multiple devices with different SNMPv3 credentials which is one of the reasons I want to use the “ACCESS” method.

This works but only for hosts which share SNMP settings:

EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES: snmpusername
EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE: "true"
EF_PROCESSOR_ENRICH_NETIF_SNMP_PORT: 161
EF_PROCESSOR_ENRICH_NETIF_SNMP_RETRIES: 2
EF_PROCESSOR_ENRICH_NETIF_SNMP_TIMEOUT: 5
EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_AUTHENTICATION_PASSPHRASE: "secret_authphrase"
EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_AUTHENTICATION_PROTOCOL: SHA
EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_PRIVACY_PASSPHRASE: "secret_passphrase"
EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_PRIVACY_PROTOCOL: AES
EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_USERNAME: "snmpusername"
EF_PROCESSOR_ENRICH_NETIF_SNMP_VERSION: 3

Post was edited to fix code formatting.

2

The default snmp_access.yml contains some examples. Please note that this is YAML format, so indents/spacing must follow specific rules. It’s hard to tell from the text you show above if your snmp_access.yml is formatted properly. Here are the examples from the default file that shows the proper formatting in a code block.

# default:
#   enabled: true
#   port: 161
#   version: 1
#   community: 'sith'
#   retries: 1
#   timeout: 2

# 192.0.2.1:
#   poll_ip: 192.0.2.251
#   port: 6161
#   version: 1
#   community: 'jedi'

# 192.0.2.10-192.0.2.19:
#   retries: 2
#   timeout: 3

# 192.0.2.201:
#   enabled: false

# 192.0.2.128/26:
#   version: 3
#   v3_credential:
#     username: 'darth_vader'
#     authentication_protocol: 'noauth'
#     privacy_protocol: 'nopriv'
3

The post took all the spacing out. Let’s try again.
The default snmp_access.yml file was appended with:

10.0.0.1:
    enabled: true
    port: 161
    retries: 2
    timeout: 5
    version: 3
    v3_credential:
      username: 'mysnmpusername'
      authentication_protocol: 'sha'
      authentication_passphrase: 'hidden'
      privacy_protocol: 'aes'
      privacy_passphrase: 'hidden'

The examples do not include authentication_passphrase or privacy_passphrase so I am making an assumption that they are supported parameters. Maybe that’s part of my problem but if so how should they be defined?

5

Here is an example fro a lab system that is working:

192.168.96.1:
  version: 3
  v3_credential:
    username: 'myusernme'
    authentication_protocol: sha
    authentication_passphrase: qwertyuiop
    privacy_protocol: aes
    privacy_passphrase: poiuytrewq
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.