SNMP: Difference between revisions
(SNMP trap receiver tutorial) |
|||
Line 1: | Line 1: | ||
SNMP can be used to obtain some basic statistics of the status of the Allegro Network Multimeter. | SNMP can be used in two ways: to obtain some basic statistics of the status of the Allegro Network Multimeter or to get informed about incidents via SNMP traps. | ||
== Query information via SNMP == | |||
SNMP support can be enabled in the menu "Settings -> Remote access & export -> SNMP". | SNMP support can be enabled in the menu "Settings -> Remote access & export -> SNMP". | ||
== Configuration settings == | === Configuration settings === | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 24: | Line 26: | ||
|} | |} | ||
== Supported attributes == | === Supported attributes === | ||
* hostname (1.3.6.1.2.1.1.5.0) | * hostname (1.3.6.1.2.1.1.5.0) | ||
Line 33: | Line 35: | ||
* storage (1.3.6.1.2.1.25.2.3.1.3) | * storage (1.3.6.1.2.1.25.2.3.1.3) | ||
== Supported transport methods == | === Supported transport methods === | ||
The SNMP access uses UDP on port 161. If SNMPv3 is enabled, it uses the User-Based Security Model (USM) for authentication and ecryption. In this mode, only "authPriv" is supported. | The SNMP access uses UDP on port 161. If SNMPv3 is enabled, it uses the User-Based Security Model (USM) for authentication and ecryption. In this mode, only "authPriv" is supported. | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 83: | Line 85: | ||
|no | |no | ||
|} | |} | ||
== SNMP trap == | |||
The Allegro Network Multimeter can be configured to use SNMP traps as [[Incidents#Channel_configuration|incident channel]]. | |||
=== Testing reception and proper decoding of SNMP traps === | |||
Sending SNMP traps may be tricky for several reasons. Since SNMP traps are sent as UDP packets, the sender does not get informed of successful transfer. Furthermore, the settings of the sender and receiver must match, so that the trap will be accepted and can be decoded. Finally, the trap receiver should be able to process the Management Information Base (MIB) to interpret the sent attributes. | |||
A reference installation is described here to test basic SNMP trap transfer and processing. | |||
==== SNMP V3 traps ==== | |||
* The setup uses a Docker image of Debian stable, create and start a container with exposed UDP ports 161 and 162:<br> | |||
::<nowiki>docker run -it --name "snmp_trap_receiver_test" -p 161:161/udp -p 162:162/udp debian:stable</nowiki> | |||
* Some of the required packages are in the non-free repository, so edit <q>/etc/apt/sources.list</q> to contain the following entries: | |||
::<nowiki>deb http://deb.debian.org/debian stable main non-free</nowiki> | |||
::<nowiki>deb http://deb.debian.org/debian-security stable-security main non-free</nowiki> | |||
::<nowiki>deb http://deb.debian.org/debian stable-updates main non-free</nowiki> | |||
* Install the following packages: | |||
::<nowiki>apt-get update</nowiki> | |||
::<nowiki>apt-get install snmp-mibs-downloader snmptrapd</nowiki> | |||
* From outside the container, copy the MIB file into the Docker container: | |||
::<nowiki>docker cp ALLEGRO-NETWORK-MULTIMETER-MIB.txt snmp_trap_receiver_test:/usr/share/snmp/mibs/ | |||
</nowiki> | |||
* Configure access control in <q>/etc/snmp/snmptrapd.conf</q>: | |||
::<nowiki>#</nowiki> | |||
::<nowiki># EXAMPLE-trap.conf:</nowiki> | |||
::<nowiki># An example configuration file for configuring the Net-SNMP snmptrapd agent.</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki>###############################################################################</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki># This file is intended to only be an example.</nowiki> | |||
::<nowiki># When the snmptrapd agent starts up, this is where it will look for it.</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki># All lines beginning with a '#' are comments and are intended for you</nowiki> | |||
::<nowiki># to read. All other lines are configuration commands for the agent.</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki># PLEASE: read the snmptrapd.conf(5) manual page as well!</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki>#authCommunity log,execute,net private</nowiki> | |||
::<nowiki>#authCommunity log,execute,net public</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki>## send mail when get any events</nowiki> | |||
::<nowiki>#traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org</nowiki> | |||
::<nowiki>#</nowiki> | |||
::<nowiki>## send mail when get linkDown</nowiki> | |||
::<nowiki>#traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org</nowiki> | |||
::<br> | |||
::<nowiki>## user definition to test snmptrapd:</nowiki> | |||
::<nowiki>createUser -e 0x8000000001020304 homeoffice SHA "foobarfoo" AES "foobarbaz"</nowiki> | |||
::<nowiki>authUser log,execute,net homeoffice</nowiki> | |||
* Start listening for incomin SNMP traps: | |||
::<nowiki>/usr/sbin/snmptrapd -A -Le -p /run/snmptrapd.pid -f -d -m ALLEGRO-NETWORK-MULTIMETER-MIB</nowiki> | |||
---- | |||
* Configure an SNMP trap incident channel in the Allegro Network Multimeter: | |||
** navigate to: Generic > Incidents | |||
** select tab: <q>Configuration of notification channels</q> | |||
** Add channel: | |||
*** select Type: SNMP trap | |||
*** SNMP trap settings: | |||
**** Version: SNMPv3 | |||
**** Trap receiver hostname/IP: the host of your docker container running Debian with snmptrapd | |||
**** Authentication protocol: SHA | |||
**** Authentication password: foobarfoo | |||
**** Privacy protocol: AES | |||
**** Privacy password: foobarbaz | |||
**** Security name: homeoffice | |||
**** Security level: authPriv | |||
**** Engine ID: 0x8000000001020304 | |||
* Configure an incident rule in the Allegro Network Multimeter, which uses the configured channel: | |||
** select tab: <q>Configuration of incident rules</q> | |||
* Trigger an incident, it will be decoded and shown in the Docker container |
Revision as of 18:41, 28 March 2023
SNMP can be used in two ways: to obtain some basic statistics of the status of the Allegro Network Multimeter or to get informed about incidents via SNMP traps.
Query information via SNMP
SNMP support can be enabled in the menu "Settings -> Remote access & export -> SNMP".
Configuration settings
Configuration value | Available options | Notes |
---|---|---|
Enabled | off on for SNMPv1 support |
In firmware < 3.0 |
SNMP service | disabled SNMPv1 SNMPv2c SNMPv3 |
In firmware >= 3.0 |
Community | The community string used by SNMPv1/v2c. Default value or empty is "public". | |
User name | The SNMPv3 user name | In firmware >= 3.0 |
User password | The SNMPv3 password for authentication and encryption | In firmware >= 3.0 |
Authentication method | SHA SHA-256 SHA-512 |
In firmware >= 3.0 |
Encryption method | AES | In firmware >= 3.0 |
Supported attributes
- hostname (1.3.6.1.2.1.1.5.0)
- uptime (1.3.6.1.2.1.25.1.1.0)
- interfaces (1.3.6.1.2.1.2.1.0, 1.3.6.1.2.1.3.0, 1.3.6.1.2.1.4.0)
- temperature (1.3.6.1.4.1.2021.13.16.2.1.2.1 -.7)
- ICMP (1.3.6.1.2.1.5)
- storage (1.3.6.1.2.1.25.2.3.1.3)
Supported transport methods
The SNMP access uses UDP on port 161. If SNMPv3 is enabled, it uses the User-Based Security Model (USM) for authentication and ecryption. In this mode, only "authPriv" is supported.
SNMP version | Protocol and port | Security |
---|---|---|
v1/v2c | UDP 161 | none |
v3 | UDP 161 | USM authPriv |
Feature set | SNMP v1 | SNMP v3 |
---|---|---|
plain access | yes | no |
authentication | no | mandatory (SHA, SHA-256, SHA-512) |
encryption | no | mandatory (AES) |
USM | no | yes |
via TLS | no | no |
via DTLS | no | no |
via SSH | no | no |
SNMP trap
The Allegro Network Multimeter can be configured to use SNMP traps as incident channel.
Testing reception and proper decoding of SNMP traps
Sending SNMP traps may be tricky for several reasons. Since SNMP traps are sent as UDP packets, the sender does not get informed of successful transfer. Furthermore, the settings of the sender and receiver must match, so that the trap will be accepted and can be decoded. Finally, the trap receiver should be able to process the Management Information Base (MIB) to interpret the sent attributes.
A reference installation is described here to test basic SNMP trap transfer and processing.
SNMP V3 traps
- The setup uses a Docker image of Debian stable, create and start a container with exposed UDP ports 161 and 162:
- docker run -it --name "snmp_trap_receiver_test" -p 161:161/udp -p 162:162/udp debian:stable
- Some of the required packages are in the non-free repository, so edit
/etc/apt/sources.list
to contain the following entries:
- deb http://deb.debian.org/debian stable main non-free
- deb http://deb.debian.org/debian-security stable-security main non-free
- deb http://deb.debian.org/debian stable-updates main non-free
- Install the following packages:
- apt-get update
- apt-get install snmp-mibs-downloader snmptrapd
- From outside the container, copy the MIB file into the Docker container:
- docker cp ALLEGRO-NETWORK-MULTIMETER-MIB.txt snmp_trap_receiver_test:/usr/share/snmp/mibs/
- Configure access control in
/etc/snmp/snmptrapd.conf
:
- #
- # EXAMPLE-trap.conf:
- # An example configuration file for configuring the Net-SNMP snmptrapd agent.
- #
- ###############################################################################
- #
- # This file is intended to only be an example.
- # When the snmptrapd agent starts up, this is where it will look for it.
- #
- # All lines beginning with a '#' are comments and are intended for you
- # to read. All other lines are configuration commands for the agent.
- #
- # PLEASE: read the snmptrapd.conf(5) manual page as well!
- #
- #authCommunity log,execute,net private
- #authCommunity log,execute,net public
- #
- ## send mail when get any events
- #traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org
- #
- ## send mail when get linkDown
- #traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org
- ## user definition to test snmptrapd:
- createUser -e 0x8000000001020304 homeoffice SHA "foobarfoo" AES "foobarbaz"
- authUser log,execute,net homeoffice
- Start listening for incomin SNMP traps:
- /usr/sbin/snmptrapd -A -Le -p /run/snmptrapd.pid -f -d -m ALLEGRO-NETWORK-MULTIMETER-MIB
- Configure an SNMP trap incident channel in the Allegro Network Multimeter:
- navigate to: Generic > Incidents
- select tab:
Configuration of notification channels
- Add channel:
- select Type: SNMP trap
- SNMP trap settings:
- Version: SNMPv3
- Trap receiver hostname/IP: the host of your docker container running Debian with snmptrapd
- Authentication protocol: SHA
- Authentication password: foobarfoo
- Privacy protocol: AES
- Privacy password: foobarbaz
- Security name: homeoffice
- Security level: authPriv
- Engine ID: 0x8000000001020304
- Configure an incident rule in the Allegro Network Multimeter, which uses the configured channel:
- select tab:
Configuration of incident rules
- select tab:
- Trigger an incident, it will be decoded and shown in the Docker container