diff --git a/020.sql b/020.sql new file mode 100644 index 0000000000..e228401d19 --- /dev/null +++ b/020.sql @@ -0,0 +1,6 @@ +ALTER TABLE `devices` ADD `authlevel` ENUM("noAuthNoPriv", "authNoPriv", "authPriv") NULL DEFAULT NULL AFTER `community`; +ALTER TABLE `devices` ADD `authname` VARCHAR(64) NULL DEFAULT NULL AFTER `authlevel`; +ALTER TABLE `devices` ADD `authpass` VARCHAR(64) NULL DEFAULT NULL AFTER `authname`; +ALTER TABLE `devices` ADD `authalgo` ENUM("MD5", "SHA1") NULL DEFAULT NULL AFTER `authpass`; +ALTER TABLE `devices` ADD `cryptopass` VARCHAR(64) NULL DEFAULT NULL AFTER `authalgo`; +ALTER TABLE `devices` ADD `cryptoalgo` ENUM("AES", "DES") NULL DEFAULT NULL AFTER `cryptopass`; diff --git a/addhost.php b/addhost.php index 07a3117771..a6b7385a19 100755 --- a/addhost.php +++ b/addhost.php @@ -20,33 +20,153 @@ include("config.php"); include("includes/definitions.inc.php"); include("includes/functions.php"); -if (isset($argv[1]) && $argv[1]) +if (!empty($argv[1])) { $host = strtolower($argv[1]); $community = $argv[2]; $snmpver = strtolower($argv[3]); - if (is_numeric($argv[4])) - { - $port = $argv[4]; - } - else - { - $port = 161; - } + $port = 161; + $transport = 'udp'; - if (@!$argv[5]) + if ($snmpver === "v3") { - $transport = 'udp'; - } - else - { - $transport = $argv[5]; - } + $seclevel = $community; - if ($community) + // These values are the same as in defaults.inc.php + $v3 = array( + 'authlevel' => "noAuthNoPriv", + 'authname' => "observium", + 'authpass' => "", + 'authalgo' => "MD5", + 'cryptopass' => "", + 'cryptoalgo' => "AES" + ); + + if ($seclevel === "nanp" or $seclevel === "any" or $seclevel === "noAuthNoPriv") + { + $v3['authlevel'] = "noAuthNoPriv"; + $v3args = array_slice($argv, 4); + + while ($arg = array_shift($v3args)) + { + // parse all remaining args + if (is_numeric($arg)) + { + $port = $arg; + } + elseif (preg_match ('/^(' . implode("|",$config['snmp']['transports']) . ')$/', $arg)) + { + $transport = $arg; + } + else + { + // should add a sanity check of chars allowed in user + $user = $arg; + } + + } + + if ($seclevel === "nanp") + { array_push($config['snmp']['v3'], $v3); } + + $device_id = addHost($host, $snmpver, $port, $transport); + + } + elseif ($seclevel === "anp" or $seclevel === "authNoPriv") + { + + $v3['authlevel'] = "authNoPriv"; + $v3args = array_slice($argv, 4); + $v3['authname'] = array_shift($v3args); + $v3['authpass'] = array_shift($v3args); + + while ($arg = array_shift($v3args)) + { + // parse all remaining args + if (is_numeric($arg)) + { + $port = $arg; + } + elseif (preg_match ('/^(' . implode("|",$config['snmp']['transports']) . ')$/i', $arg)) + { + $transport = $arg; + } + elseif (preg_match ('/^(sha1|md5)$/i', $arg)) + { + $v3['authalgo'] = $arg; + } + } + + array_push($config['snmp']['v3'], $v3); + $device_id = addHost($host, $snmpver, $port, $transport); + + } + elseif ($seclevel === "ap" or $seclevel === "authPriv") + { + $v3['authlevel'] = "authPriv"; + $v3args = array_slice($argv, 4); + $v3['authname'] = array_shift($v3args); + $v3['authpass'] = array_shift($v3args); + $v3['cryptopass'] = array_shift($v3args); + + while ($arg = array_shift($v3args)) + { + // parse all remaining args + if (is_numeric($arg)) + { + $port = $arg; + } + elseif (preg_match ('/^(' . implode("|",$config['snmp']['transports']) . ')$/i', $arg)) + { + $transport = $arg; + } + elseif (preg_match ('/^(sha1|md5)$/i', $arg)) + { + $v3['authalgo'] = $arg; + } + elseif (preg_match ('/^(aes|des)$/i', $arg)) + { + $v3['cryptoalgo'] = $arg; + } + } + + array_push($config['snmp']['v3'], $v3); + $device_id = addHost($host, $snmpver, $port, $transport); + + } + else + { + // Error or do nothing ? + } + } + else // v1 or v2c { - $config['snmp']['community'] = array($community); + $v2args = array_slice($argv, 2); + + while ($arg = array_shift($v2args)) + { + // parse all remaining args + if (is_numeric($arg)) + { + $port = $arg; + } + elseif (preg_match ('/(' . implode("|",$config['snmp']['transports']) . ')/i', $arg)) + { + $transport = $arg; + } + elseif (preg_match ('/^(v1|v2c)$/i', $arg)) + { + $snmpver = $arg; + } + } + + if ($community) + { + $config['snmp']['community'] = array($community); + } + + $device_id = addHost($host, $snmpver, $port, $transport); } if ($snmpver) @@ -55,7 +175,7 @@ if (isset($argv[1]) && $argv[1]) } else { - $snmpversions = array('v2c','v1'); + $snmpversions = array('v2c', 'v3', 'v1'); } while (!$device_id && count($snmpversions)) @@ -68,16 +188,20 @@ if (isset($argv[1]) && $argv[1]) { $device = device_by_id_cache($device_id); echo("Added device ".$device['hostname']." (".$device_id.")\n"); + exit; } -} else { - print Console_Color::convert(" +} + +print Console_Color::convert(" Observium v".$config['version']." Add Host Tool -Usage: ./addhost.php <%Whostname%n> [community] [v1|v2c] [port] [" . join("|",$config['snmp']['transports']) . "] - +Usage (SNMPv1/2c): ./addhost.php <%Whostname%n> [community] [v1|v2c] [port] [" . implode("|",$config['snmp']['transports']) . "] +Usage (SNMPv3) : Config Defaults : ./addhost.php <%Whostname%n> any v3 [user] [port] [" . implode("|",$config['snmp']['transports']) . "] + No Auth, No Priv : ./addhost.php <%Whostname%n> nanp v3 [user] [port] [" . implode("|",$config['snmp']['transports']) . "] + Auth, No Priv : ./addhost.php <%Whostname%n> anp v3 [md5|sha1] [port] [" . implode("|",$config['snmp']['transports']) . "] + Auth, Priv : ./addhost.php <%Whostname%n> ap v3 [md5|sha1] [aes|dsa] [port] [" . implode("|",$config['snmp']['transports']) . "] %rRemember to run discovery for the host afterwards.%n "); -} ?> diff --git a/html/includes/functions.inc.php b/html/includes/functions.inc.php index 5c49935e92..8b0688e2a1 100644 --- a/html/includes/functions.inc.php +++ b/html/includes/functions.inc.php @@ -140,7 +140,7 @@ function overlib_link($url, $text, $contents, $class) global $config; $contents = str_replace("\"", "\'", $contents); - $output = ""; $output .= $text.""; diff --git a/html/includes/graphs/device/agent.inc.php b/html/includes/graphs/device/agent.inc.php index c930b09017..da8a233a8e 100644 --- a/html/includes/graphs/device/agent.inc.php +++ b/html/includes/graphs/device/agent.inc.php @@ -13,8 +13,8 @@ if (is_file($agent_rrd)) $ds = "time"; -$colour_area = "CDEB8B"; -$colour_line = "006600"; +$colour_area = "EEEEEE"; +$colour_line = "36393D"; $colour_area_max = "FFEE99"; diff --git a/html/pages/addhost.inc.php b/html/pages/addhost.inc.php index 63b9a811a5..3dfa6f5ef5 100644 --- a/html/pages/addhost.inc.php +++ b/html/pages/addhost.inc.php @@ -15,14 +15,39 @@ if ($_POST['hostname']) { $hostname = mres($_POST['hostname']); - if ($_POST['community']) + if ($_POST['snmpver'] === "v2c" or $_POST['snmpver'] === "v1") { - $config['snmp']['community'] = array($_POST['community']); - } + if ($_POST['community']) + { + $config['snmp']['community'] = array($_POST['community']); + } - $snmpver = mres($_POST['snmpver']); - if ($_POST['port']) { $port = mres($_POST['port']); } else { $port = "161"; } - print_message("Adding host $hostname communit" . (count($config['snmp']['community']) == 1 ? "y" : "ies") . " " . implode(', ',$config['snmp']['community']) . " port $port"); + $snmpver = mres($_POST['snmpver']); + if ($_POST['port']) { $port = mres($_POST['port']); } else { $port = "161"; } + print_message("Adding host $hostname communit" . (count($config['snmp']['community']) == 1 ? "y" : "ies") . " " . implode(', ',$config['snmp']['community']) . " port $port"); + } + elseif ($_POST['snmpver'] === "v3") + { + $v3 = array ( + 'authlevel' => mres($_POST['authlevel']), + 'authname' => mres($_POST['authname']), + 'authpass' => mres($_POST['authpass']), + 'authalgo' => mres($_POST['authalgo']), + 'cryptopass' => mres($_POST['cryptopass']), + 'cryptoalgo' => mres($_POST['cryptoalgo']), + ); + + array_push($config['snmp']['v3'], $v3); + + $snmpver = "v3"; + + if ($_POST['port']) { $port = mres($_POST['port']); } else { $port = "161"; } + print_message("Adding SNMPv3 host $hostname port $port"); + } + else + { + print_error("Unsupported SNMP Version. There was a dropdown menu, how did you reach this error ?"); + } $result = addHost($hostname, $snmpver, $port); if ($result) { @@ -45,9 +70,6 @@ $pagetitle[] = "Add host"; Hostname - - Community - SNMP Version @@ -55,10 +77,61 @@ $pagetitle[] = "Add host";  Port + + SNMPv1/2c Configuration + + + Community + + + + SNMPv3 Configuration + + + Auth Level + + + + + + Auth User Name + + + + Auth Password + + + + Auth Algorithm + + + + + + Crypto Password + + + + Crypto Algorithm + + + + diff --git a/html/pages/device/edit/snmp.inc.php b/html/pages/device/edit/snmp.inc.php index f0c893cefd..4f9d2d93df 100644 --- a/html/pages/device/edit/snmp.inc.php +++ b/html/pages/device/edit/snmp.inc.php @@ -9,11 +9,28 @@ if ($_POST['editing']) $port = mres($_POST['port']); $timeout = mres($_POST['timeout']); $retries = mres($_POST['retries']); + $v3 = array ( + 'authlevel' => mres($_POST['authlevel']), + 'authname' => mres($_POST['authname']), + 'authpass' => mres($_POST['authpass']), + 'authalgo' => mres($_POST['authalgo']), + 'cryptopass' => mres($_POST['cryptopass']), + 'cryptoalgo' => mres($_POST['cryptoalgo']) + ); - #FIXME needs more sanity checking! and better feedback - $update = array('community' => $_POST['community'], 'snmpver' => $_POST['snmpver'], 'port' => $_POST['port']); - if ($_POST['timeout']) { $update['timeout'] = $_POST['timeout']; } else { $update['timeout'] = array('NULL'); } - if ($_POST['retries']) { $update['retries'] = $_POST['retries']; } else { $update['retries'] = array('NULL'); } + #FIXME needs better feedback + $update = array( + 'community' => $community, + 'snmpver' => $snmpver, + 'port' => $port + ); + + if ($_POST['timeout']) { $update['timeout'] = $timeout; } + else { $update['timeout'] = array('NULL'); } + if ($_POST['retries']) { $update['retries'] = $retries; } + else { $update['retries'] = array('NULL'); } + + $update = array_merge($update, $v3); $rows_updated = dbUpdate($update, 'devices', '`device_id` = ?',array($device['device_id'])); @@ -47,23 +64,75 @@ echo("
- - + +
+
- - + + + + + + +
+ +
+ + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + - - "); diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php index 6ac9b21242..141add7208 100644 --- a/includes/defaults.inc.php +++ b/includes/defaults.inc.php @@ -111,9 +111,22 @@ $config['ports_page_default'] = "details"; ## eg "details" or "basic" ### SNMP Settings - Timeouts/Retries disabled as default #$config['snmp']['timeout'] = 1; # timeout in seconds #$config['snmp']['retries'] = 5; # how many times to retry the query -$config['snmp']['community'][0] = "public"; # Communities to try during adding hosts and discovery $config['snmp']['transports'] = array('udp', 'udp6', 'tcp', 'tcp6'); +$config['snmp']['version'] = "v2c"; # Default version to use + +# SNMPv1/2c default settings +$config['snmp']['community'][0] = "public"; # Communities to try during adding hosts and discovery + +# SNMPv3 default settings +# The array can be expanded to give another set of parameters +$config['snmp']['v3'][0]['authlevel'] = "noAuthNoPriv"; # noAuthNoPriv | authNoPriv | authPriv +$config['snmp']['v3'][0]['authname'] = "observium"; # User Name (required even for noAuthNoPriv) +$config['snmp']['v3'][0]['authpass'] = ""; # Auth Passphrase +$config['snmp']['v3'][0]['authalgo'] = "MD5"; # MD5 | SHA1 +$config['snmp']['v3'][0]['cryptopass'] = ""; # Privacy (Encryption) Passphrase +$config['snmp']['v3'][0]['cryptoalgo'] = "AES"; # AES | DES + ### RRD Format Settings ### These should not normally be changed ### Though one could conceivably increase or decrease the size of each RRA if one had performance problems diff --git a/includes/functions.php b/includes/functions.php index 4b5a007c2b..f94650c50c 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -191,7 +191,7 @@ function delete_device($id) return $ret; } -function addHost($host, $snmpver = 'v2c', $port = '161', $transport = 'udp') +function addHost($host, $snmpver, $port = '161', $transport = 'udp') { global $config; @@ -206,25 +206,76 @@ function addHost($host, $snmpver = 'v2c', $port = '161', $transport = 'udp') if (isPingable($host)) { $added = 0; - /// try each community from config - foreach ($config['snmp']['community'] as $community) + + if (empty($snmpver)) { - $device = deviceArray($host, $community, $snmpver, $port, $transport); - if (isSNMPable($device)) + // Try SNMPv2c + $snmpver = 'v2c'; + if (!addHost($host, $snmpver)) { - print_message("Trying community $community"); - $snmphost = snmp_get($device, "sysName.0", "-Oqv", "SNMPv2-MIB"); - if ($snmphost == "" || ($snmphost && ($snmphost == $host || $hostshort = $host))) + //Try SNMPv3 + $snmpver = 'v3'; + if (!addHost($host, $snmpver)) { - $device_id = createHost ($host, $community, $snmpver, $port, $transport); - return $device_id; - } else { - print_error("Given hostname does not match SNMP-read hostname ($snmphost)!"); + // Try SNMPv1 + $snmpver = 'v1'; + if (!addHost($host, $snmpver)) + { + return 0; + } } - } else { - print_error("No reply on community $community using $snmpver"); } } + + if ($snmpver === "v3") + { + // Try each set of parameters from config + foreach ($config['snmp']['v3'] as $v3) + { + $device = deviceArray($host, NULL, $snmpver, $port, $transport, $v3); + print_message("Trying v3 parameters " . $v3['authname'] . "/" . $v3['authlevel'] . " ... "); + if (isSNMPable($device)) + { + $snmphost = snmp_get($device, "sysName.0", "-Oqv", "SNMPv2-MIB"); + if (empty($snmphost) or ($snmphost == $host || $hostshort = $host)) + { + $device_id = createHost ($host, NULL, $snmpver, $port, $transport, $v3); + return $device_id; + } else { + print_error("Given hostname does not match SNMP-read hostname ($snmphost)!"); + } + } else { + print_error("No reply on credentials " . $v3['authname'] . "/" . $v3['authlevel'] . " using $snmpver"); + } + } + } + elseif ($snmpver === "v2c" or $snmpver === "v1") + { + /// try each community from config + foreach ($config['snmp']['community'] as $community) + { + $device = deviceArray($host, $community, $snmpver, $port, $transport, NULL); + print_message("Trying community $community ..."); + if (isSNMPable($device)) + { + $snmphost = snmp_get($device, "sysName.0", "-Oqv", "SNMPv2-MIB"); + if ($snmphost == "" || ($snmphost && ($snmphost == $host || $hostshort = $host))) + { + $device_id = createHost ($host, $community, $snmpver, $port, $transport); + return $device_id; + } else { + print_error("Given hostname does not match SNMP-read hostname ($snmphost)!"); + } + } else { + print_error("No reply on community $community using $snmpver"); + } + } + } + else + { + print_error("Unsupported SNMP Version \"$snmpver\"."); + } + if (!$device_id) { /// Failed SNMP @@ -238,7 +289,9 @@ function addHost($host, $snmpver = 'v2c', $port = '161', $transport = 'udp') print_error("Could not resolve $host"); } } else { /// found in database - print_error("Already got host $host"); } + print_error("Already got host $host"); + } + return 0; } function scanUDP($host, $port, $timeout) @@ -257,15 +310,28 @@ function scanUDP($host, $port, $timeout) } else { fclose($handle); return 0; } } -function deviceArray($host, $community, $snmpver, $port = 161, $transport = 'udp') +function deviceArray($host, $community, $snmpver, $port = 161, $transport = 'udp', $v3) { $device = array(); $device['hostname'] = $host; $device['port'] = $port; - $device['community'] = $community; - $device['snmpver'] = $snmpver; $device['transport'] = $transport; + $device['snmpver'] = $snmpver; + if ($snmpver === "v2c" or $snmpver === "v1") + { + $device['community'] = $community; + } + elseif ($snmpver === "v3") + { + $device['authlevel'] = $v3['authlevel']; + $device['authname'] = $v3['authname']; + $device['authpass'] = $v3['authpass']; + $device['authalgo'] = $v3['authalgo']; + $device['cryptopass'] = $v3['cryptopass']; + $device['cryptoalgo'] = $v3['cryptoalgo']; + } + return $device; } @@ -358,7 +424,7 @@ function utime() return $sec + $usec; } -function createHost($host, $community, $snmpver, $port = 161, $transport = 'udp') +function createHost($host, $community = NULL, $snmpver, $port = 161, $transport = 'udp', $v3 = array()) { $host = trim(strtolower($host)); @@ -368,7 +434,10 @@ function createHost($host, $community, $snmpver, $port = 161, $transport = 'udp' 'port' => $port, 'transport' => $transport, 'status' => '1', - 'snmpver' => $snmpver); + 'snmpver' => $snmpver + ); + + $device = array_merge($device, $v3); $device['os'] = getHostOS($device); diff --git a/includes/snmp.inc.php b/includes/snmp.inc.php index 49cb8e2995..bc54d3a85c 100644 --- a/includes/snmp.inc.php +++ b/includes/snmp.inc.php @@ -1,5 +1,8 @@ /dev/null"; } $data = trim(external_exec($cmd)); $runtime_stats['snmpget']++; foreach (explode("\n", $data) as $entry) { - list($oid,$value) = explode("=", $entry); - $oid = trim($oid); $value = trim($value); - list($oid, $index) = explode(".", $oid); - if (!strstr($value, "at this OID") && isset($oid) && isset($index)) - { - $array[$index][$oid] = $value; - } + $array[$index][$oid] = $value; } + return $array; } @@ -87,20 +88,24 @@ function snmp_get($device, $oid, $options = NULL, $mib = NULL, $mibdir = NULL) echo("Please report this to the Observium team."); } - $cmd = $config['snmpget'] . " -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $config['snmpget']; + $cmd .= snmp_gen_auth ($device); if ($options) { $cmd .= " " . $options; } if ($mib) { $cmd .= " -m " . $mib; } - if ($mibdir) { $cmd .= " -M " . $mibdir; } else { $cmd .= " -M ".$config['mibdir']; } + if ($mibdir) { $cmd .= " -M " . $mibdir; } + else { $cmd .= " -M ".$config['mibdir']; } if (isset($timeout)) { $cmd .= " -t " . $timeout; } if (isset($retries)) { $cmd .= " -r " . $retries; } - - $cmd .= " ".$device['transport'].":".$device['hostname'].":".$device['port']." ".$oid; + $cmd .= " " . $device['transport'].":".$device['hostname'].":".$device['port']; + $cmd .= " " . $oid; + if (!$debug) { $cmd .= " 2>/dev/null"; } $data = trim(external_exec($cmd)); $runtime_stats['snmpget']++; - if (is_string($data) && (preg_match("/No Such Instance/i", $data) || preg_match("/No Such Object/i", $data) || preg_match("/No more variables left/i", $data))) + + if (is_string($data) && (preg_match("/(No Such Instance|No Such Object|No more variables left|Authentication failure)/i", $data))) { return false; } @@ -139,8 +144,11 @@ function snmp_walk($device, $oid, $options = NULL, $mib = NULL, $mibdir = NULL) { $snmpcommand = $config['snmpbulkwalk']; } + + $cmd = $snmpcommand; + + $cmd .= snmp_gen_auth ($device); - $cmd = $snmpcommand . " -" . $device['snmpver'] . " -c " . $device['community'] . " "; if ($options) { $cmd .= " $options "; } if ($mib) { $cmd .= " -m $mib"; } if ($mibdir) { $cmd .= " -M " . $mibdir; } else { $cmd .= " -M ".$config['mibdir']; } @@ -200,7 +208,10 @@ function snmpwalk_cache_cip($device, $oid, $array, $mib = 0) $snmpcommand = $config['snmpbulkwalk']; } - $cmd = $snmpcommand . " -O snQ -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $snmpcommand; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O snQ"; if ($mib) { $cmd .= " -m $mib"; } $cmd .= " -M ".$config['install_dir']."/mibs"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } @@ -266,8 +277,11 @@ function snmp_cache_ifIndex($device) $snmpcommand = $config['snmpbulkwalk']; } - $cmd = $snmpcommand . " -O Qs -" . $device['snmpver'] . " -c " . $device['community'] . " "; - $cmd .= " -M ".$config['install_dir']."/mibs"; + $cmd = $snmpcommand; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O Qs"; + $cmd .= " -M " . $config['install_dir']."/mibs"; $cmd .= " -m IF-MIB ifIndex"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } @@ -408,7 +422,11 @@ function snmpwalk_cache_twopart_oid($device, $oid, $array, $mib = 0) { $snmpcommand = $config['snmpbulkwalk']; } - $cmd = $snmpcommand . " -O QUs -" . $device['snmpver'] . " -c " . $device['community'] . " "; + + $cmd = $snmpcommand; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O QUs"; $cmd .= " -M ".$config['install_dir']."/mibs"; if ($mib) { $cmd .= " -m $mib"; } if (isset($timeout)) { $cmd .= " -t " . $timeout; } @@ -465,7 +483,10 @@ function snmpwalk_cache_threepart_oid($device, $oid, $array, $mib = 0) $snmpcommand = $config['snmpbulkwalk']; } - $cmd = $snmpcommand . " -O QUs -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $snmpcommand; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O QUs"; $cmd .= " -M ".$config['install_dir']."/mibs"; if ($mib) { $cmd .= " -m $mib"; } if (isset($timeout)) { $cmd .= " -t " . $timeout; } @@ -522,7 +543,10 @@ function snmp_cache_slotport_oid($oid, $device, $array, $mib = 0) $snmpcommand = $config['snmpbulkwalk']; } - $cmd = $snmpcommand . " -O QUs -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $snmpcommand; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O QUs"; if ($mib) { $cmd .= " -m $mib"; } $cmd .= " -M ".$config['install_dir']."/mibs"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } @@ -581,7 +605,10 @@ function snmp_cache_port_oids($oids, $port, $device, $array, $mib=0) $string .= " $oid.$port"; } - $cmd = $config['snmpget'] . " -O vq -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $config['snmpget']; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -O vq"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } if (isset($retries)) { $cmd .= " -r " . $retries; } $cmd .= " -M ".$config['install_dir']."/mibs"; @@ -627,7 +654,10 @@ function snmp_cache_portIfIndex($device, $array) $device['transport'] = "udp"; } - $cmd = $config['snmpwalk'] . " -CI -m CISCO-STACK-MIB -O q -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $config['snmpwalk']; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -CI -m CISCO-STACK-MIB -O q"; $cmd .= " -M ".$config['install_dir']."/mibs"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } if (isset($retries)) { $cmd .= " -r " . $retries; } @@ -671,7 +701,10 @@ function snmp_cache_portName($device, $array) $device['transport'] = "udp"; } - $cmd = $config['snmpwalk'] . " -CI -m CISCO-STACK-MIB -O Qs -" . $device['snmpver'] . " -c " . $device['community'] . " "; + $cmd = $config['snmpwalk']; + $cmd .= snmp_gen_auth ($device); + + $cmd .= " -CI -m CISCO-STACK-MIB -O Qs"; $cmd .= " -M ".$config['install_dir']."/mibs"; if (isset($timeout)) { $cmd .= " -t " . $timeout; } if (isset($retries)) { $cmd .= " -r " . $retries; } @@ -696,4 +729,53 @@ function snmp_cache_portName($device, $array) return $array; } +function snmp_gen_auth (&$device) +{ + global $debug; + + $cmd = ""; + + if ($device['snmpver'] === "v3") + { + $cmd = " -v3 -n \"\" -l " . $device['authlevel']; + + if ($device['authlevel'] === "noAuthNoPriv") + { + // We have to provide a username anyway (see Net-SNMP doc) + $cmd .= " -u observium"; + } + elseif ($device['authlevel'] === "authNoPriv") + { + $cmd .= " -a " . $device['authalgo']; + $cmd .= " -A \"" . $device['authpass'] . "\""; + $cmd .= " -u " . $device['authname']; + } + elseif ($device['authlevel'] === "authPriv") + { + $cmd .= " -a " . $device['authalgo']; + $cmd .= " -A \"" . $device['authpass'] . "\""; + $cmd .= " -u " . $device['authname']; + $cmd .= " -x " . $device['cryptoalgo']; + $cmd .= " -X \"" . $device['cryptopass'] . "\""; + } + else + { + if ($debug) { print "DEBUG: " . $device['snmpver'] ." : Unsupported SNMPv3 AuthLevel (wtf have you done ?)\n"; } + } + } + elseif ($device['snmpver'] === "v2c" or $device['snmpver'] === "v1") + { + $cmd = " -" . $device['snmpver']; + $cmd .= " -c " . $device['community']; + } + else + { + if ($debug) { print "DEBUG: " . $device['snmpver'] ." : Unsupported SNMP Version (wtf have you done ?)\n"; } + } + + if ($debug) { print "DEBUG: SNMP Auth options = $cmd\n"; } + + return $cmd; +} + ?>
SNMP Community
 +
SNMP Version
 +
SNMP Version
SNMPv1/v2c Configuration
SNMP Community
 +
SNMPv3 Configuration
Auth Level
 +
SNMP Port
 +
Auth User Name
Auth Password
Auth Algorithm
 +
Crypto Password
Crypto Algorithm
 + +
SNMP Connectivity
SNMP Transport
 @@ -79,15 +148,20 @@ foreach ($config['snmp']['transports'] as $transport) echo("
SNMP Port
 +
SNMP Timeout
  +   (milli)seconds
SNMP Retries
 +