Hello,
I am currently trying to use icinga2 to monitor the interface of a device.
The host is declared like this:
object Host “FortiGate-FWF” {
import “fortigate”vars.snmp_v2 = false
vars.snmp_v3 = true
vars.snmp_login = “toto”
vars.snmp_password = “password”
vars.snmp_v3_use_privpass = true
vars.snmp_privpass = “password”
vars.snmp_v3_use_authprotocol = true
vars.snmp_authprotocol = “sha,aes”address = “10.0.0.254”
vars.os = “Linux”vars.interfaces = [“wan1”, “lan” ]
}
The service to monitor the interface is declared like this:
apply Service “FortiGate-Interface-” for (interface in host.vars.interfaces) {
import “generic-service”vars.snmp_v2 = false
vars.snmp_v3 = true// Define interface variables.
vars.snmp_interface_perf = “true”
vars.snmp_interface_bits_bytes = “true”
vars.snmp_interface_megabytes = “true”
vars.snmp_interface_noregexp = “true”
vars.snmp_warncrit_percent = “true”
// Set warning and crits to 100 to disable.
vars.snmp_warn = “100,100”
vars.snmp_crit = “100,100”
check_command = “snmp-interface”vars.snmp_interface = interface
vars.snmp_interface_label = interface
vars.snmp_timeout = 60assign where host.address && host.vars.interfaces
}
The service starts and when I go to the icinga2web, I have the following error message
Can’t mix snmp v1,2c,3 protocols!
So I have enabled the debug mode to check the command:
[2019-10-22 10:16:40 +0200] notice/Process: PID 18330 (‘/usr/lib64/nagios/plugins/check_snmp_int.pl’ ‘-d’ ‘300’ ‘-x’ ‘password’ ‘-w’ ‘100,100’ ‘-t’ ‘60’ ‘-r’ ‘-n’ ‘wan1’ ‘-l’ ‘toto’ ‘-k’ ‘-f’ ‘-e’ ‘–label’ ‘wan1’ ‘-c’ ‘100,100’ ‘-Y’ ‘-X’ ‘password’ ‘-M’ ‘-L’ ‘sha,aes’ ‘-H’ ‘10.0.0.254’ ‘-C’ ‘public’ ‘-B’) terminated with exit code 3
I saw that icinga still trying to pass a community (‘-C’ ‘public’) even that I am using snmpv3.
When I launch the command without quotes and ‘-C’ ‘public’, it is working.
./check_snmp_int.pl -d 300 -x password -w 100,100 -t 60 -r -n wan1 -l toto -k -f -e --label wan1 -c 100,100 -Y -X password -M -L sha,aes -H 10.0.0.254 -B
wan1:UP (in=0.0Mbps/out=0.1Mbps):1 UP: OK | ‘wan1_in_bps’=36759;100000000;100000000;0;1000000000 ‘wan1_out_bps’=70392;100000000;100000000;0;1000000000 ‘wan1_in_error’=0c ‘wan1_in_discard’=0c ‘wan1_out_error’=0c ‘wan1_out_discard’=0c
So my question is how can I remove the community?
I tried to set one blank, to disable snmpv2 but it is not working.
Thank you for your help!
Thomas