If you use Cisco devices then you have to use a "C" at the end of the privacy protocol because it seems Cisco has specific impelementation.
I use *priv_protocol: AES256C* for Cisco IOS and IOS XE devices running 17.x.y version. Brian Candler schrieb am Mittwoch, 10. Januar 2024 um 12:32:08 UTC+1: > > Please list the SNMP V3 instance configuration in generator.yml. I want > to know where the configuration error is! > > It's in the documentation: > > https://github.com/prometheus/snmp_exporter/blob/main/generator/README.md#file-format > > However, you don't need to compile anything to get started. Just use the > supplied snmp.yml, and edit the section under "auths" so it looks like this: > > auths: > public_v1: > community: public > security_level: noAuthNoPriv > auth_protocol: MD5 > priv_protocol: DES > version: 1 > public_v2: > community: public > security_level: noAuthNoPriv > auth_protocol: MD5 > priv_protocol: DES > version: 2 > > > > > > > > * prod_v3: version: 3 security_level: authPriv username: admin > auth_protocol: SHA password: XXXXXXX priv_protocol: AES > priv_password: YYYYYYY* > > And you're done. > > The next simplest option is to load multiple config files. This means you > can use the existing snmp.yml completely unchanged, and a separate yml file > that has just your auth(s) in it. I use the following: > > *snmp_exporter --config.file=/etc/prometheus/snmp.d/*.yml* > > Then I have /etc/prometheus/snmp.d/auth.yml (which is mine) > and /etc/prometheus/snmp.d/snmp.yml (which is the standard one). > > You only need to use the generator if you want to scrape MIBs other than > the supplied example ones. You can do this by starting with the supplied > generator.yml > <https://github.com/prometheus/snmp_exporter/blob/main/generator/generator.yml> > > and modifying it. But if all you want to do is change the auths, I wouldn't > bother, since the generator essentially just copies the auths from its > input to its output. > > On Wednesday 10 January 2024 at 10:36:09 UTC Awemnhd wrote: > >> I tried using snmp_exporter-0.25.0, using SNMP v3 mode, SHA and AES still >> not successful, and I have to recompile the generator.yml file, otherwise >> using the default snmp.yml file will have no effect! >> >> Please list the SNMP V3 instance configuration in generator.yml. I want >> to know where the configuration error is! >> >> 在2024年1月9日星期二 UTC+8 22:54:36<Brian Candler> 写道: >> >>> > Why is SNMP v3 so difficult to implement? >>> >>> It's not. It's dead easy. Do you have a working snmpwalk command line >>> which talks to your device? Then you just transfer the settings to your >>> snmp_exporter configuration. >>> >>> This has been made easier since snmp_exporter v0.23.0 >>> <https://github.com/prometheus/snmp_exporter/releases/tag/v0.23.0>, >>> because the "modules" which define the OID walking and the "auths" which >>> provide the credentials have been made orthogonal. You can add new auths, >>> without touching modules. You can also put them in separate files. >>> >>> So you end up with e.g. >>> >>> auths: >>> prod_v3: >>> version: 3 >>> security_level: authPriv >>> username: admin >>> auth_protocol: SHA >>> password: XXXXXXX >>> priv_protocol: AES >>> priv_password: YYYYYYY >>> >>> then you call /snmp?target=x.x.x.x&module=if_mib&auth=prod_v3 >>> >>> The default is indeed still public_v2. The only other option would be to >>> have no default, i.e. snmp_exporter would fail unless you provide an >>> explicit set of credentials. >>> >>> Hence I'd definitely recommend moving to snmp_exporter 0.25.0. If you >>> can't do that, then there is a YAML trick you can do to make adding new >>> auths easier: >>> >>> modules: >>> if_mib: *&if_mib* >>> .... etc >>> >>> # Append to end of file >>> >>> *if_mib_prod_v3: <<: *if_mib* >>> version: 3 >>> timeout: 3s >>> retries: 3 >>> auth: >>> security_level: authPriv >>> username: admin >>> auth_protocol: SHA >>> password: XXXXXXXX >>> ... etc >>> >>> This effectively "clones" the if_mib module under a new module >>> "if_mib_prod_v3", and then overrides parts of it. >>> >>> On Tuesday 9 January 2024 at 10:04:57 UTC Awemnhd wrote: >>> >>>> see >>>> https://github.com/prometheus/snmp_exporter/tree/main/generator#file-format >>>> >>>> Tried various ways to achieve some parameter passing >>>> username: >>>> security_level: >>>> password: SHA >>>> auth_protocol: AES >>>> priv_protocol: >>>> priv_password: >>>> >>>> As a result, when the service is started, the default access method is >>>> community: public_v2! >>>> >>>> Why is SNMP v3 so difficult to implement? Why are they all in SNMP V2 >>>> mode? Why? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/2bf9c39a-b2b9-4b08-9105-d32df0fd70aen%40googlegroups.com.
