Zenoss Core has initial support for SNMPv3 data collection.
The following new zProperties control the authentication and privacy of these requests:
-
zSnmpAuthType: use either "MD5" or "SHA" signatures to authenticate SNMP requests
-
zSnmpAuthPassword: the shared private key used for authentication. Must be at least 8 characters long.
-
zSnmpPrivType: either "DES" or "AES" cryptographic algorithms.
-
zSnmpPrivKey: the shared private key used for encrypting SNMP requests. Must be at least 8 characters long.
-
zSnmpSecurityName: the Security Name (user) to use when making SNMPv3 requests.
If zSnmpPrivType and zSnmpPrivPassword are set, the message is sent with privacy and authentication. If only the zSnmpAuthType and zSnmpAuthPassword are set, the message is sent with Authentication but no Privacy. If neither the Priv or Auth values are set, the message is sent with no authentication or privacy. It is an error to set the PrivType and PrivPassword without also setting an AuthType and AuthPassword.
SNMPv3 encryption using the AES (Advanced Encryption Standard) algorithm is supported only if the host platform net-snmp library supports it.
At the time of this writing, RedHat 5 does not, Ubuntu 7.10 does not, but OpenSuSE 10.2 and the Zenoss Appliance do.
You can determine if your platform supports AES with the following test:
$ snmpwalk -x AES 2>&1 | head -1
If the response is:
"Invalid privacy protocol specified after -x flag: AES"
then your platform does *not* support AES encryption for SNMPv3.
If the response is:
"No hostname specified."
Then your platform *does* support AES.
SNMPv3 Traps are not supported by Zenoss in version 2.1.1.