summaryrefslogtreecommitdiff
path: root/data/templates/snmp
AgeCommit message (Collapse)Author
2023-11-06T5702: SNMP add interface-mib max-interfaces-number and prefixViacheslav Hletenko
- Allow to configure only required interface prefixes set service snmp mib interface 'eth' set service snmp mib interface 'bond' include_ifmib_iface_prefix eth bond Sets the interface name prefixes to include in the IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls. A set of space separated interface name prefixes will reduce the CPU load for IF-MIB processing. For example, configuring "include_ifmib_iface_prefix eth dummy lo" will include only interfaces with these prefixes and ignore all others for IF-MIB processing. - Allow to configure maximum interface number set service snmp mib interface-max '100' ifmib_max_num_ifaces NUM Sets the maximum number of interfaces included in IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls (on Linux). Setting a reasonable maximum for the CPU used will reduce the CPU load for IF-MIB processing. For example, configuring "ifmib_max_num_ifaces 500" will include only the first 500 interfaces based on ifindex and ignore all others for IF-MIB processing.
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-08T4857: Fix error when not defining client|network under communityNicolas Fort
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-17snmp: T4902: exclude container storage from monitoringChristian Breunig
Excluded to not spam the log as there is an access restriction to that folder which SNMP user can not access.
2022-12-16T4884: snmpd: add community6 fallbackSander Klein
If no client and network is defined only a `community` config is created. This also adds the `community6` part
2022-11-23T4835: snmpd: Fix copy/paste error in snmpd.confSander Klein
The variable 'client' was accidently used where 'network should have been used. This lead to missing community6 string when an IPv6 network was defined instead of an IPv6 client.
2022-05-01snmp: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-11snmp: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-10-25snmp: T2763: Add protocol TCP for service snmpViacheslav
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav
2021-06-13snmp: T3606: fix unknown notification OIDChristian Poessinger
Commit 945300c6f5 ("snmp: mibs: import from vyatta-cfg-system") imported the MIBs from vyatta-cfg-system and provided them with a symlink to /usr/share/vyos/mibs. The symlink was never installed as the directory already existed. Adjust the MIBDIRS environment variable to load the MIBs from the proper VyOS folder and use no symlink at all.
2021-01-15snmp: T652: enable interface_replace_old option and restart commandChristian Poessinger
- Remove all old ifTable entries with the same ifName as newly appeared interface (with different ifIndex) - this is the case on e.g. ppp interfaces - Add new op-mode command "restart snmp" to restart the daemon
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2020-11-28vyos.template: T2720: fix remaining in-line time_block syntaxChristian Poessinger
Commit a2ac9fac ("vyos.template: T2720: always enable Jinja2 trim_blocks feature") globally enabled the trim_blocks feature. Some templates still used in-line trim_blocks "{%"- or "-%}" which caused miss-placed line endings. This is fixed by removing all in-line trim_block statememnts of Jinja2 templates.
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-04-05snmp: T2230: move inlined templates to dedicated filesChristian Poessinger