From cd81f2fde6129b526b189b4a3b8ea1d1ad4d810f Mon Sep 17 00:00:00 2001 From: Colin Surprenant Date: Wed, 31 Jul 2019 11:39:13 -0400 Subject: [PATCH] support for snmpv3 engine ID --- lib/logstash/inputs/snmp.rb | 5 ++++- lib/logstash/inputs/snmp/clientv3.rb | 5 +++-- spec/inputs/snmp_spec.rb | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/logstash/inputs/snmp.rb b/lib/logstash/inputs/snmp.rb index 09a8d31..66e49ee 100644 --- a/lib/logstash/inputs/snmp.rb +++ b/lib/logstash/inputs/snmp.rb @@ -94,6 +94,9 @@ class LogStash::Inputs::Snmp < LogStash::Inputs::Base # The SNMPv3 security level can be Authentication, No Privacy; Authentication, Privacy; or no Authentication, no Privacy config :security_level, :validate => ["noAuthNoPriv", "authNoPriv", "authPriv"] + # The SNMPv3 optional engine ID + config :engine_id, :validate => :string + BASE_MIB_PATH = ::File.join(__FILE__, "..", "..", "..", "mibs") PROVIDED_MIB_PATHS = [::File.join(BASE_MIB_PATH, "logstash"), ::File.join(BASE_MIB_PATH, "ietf")].map { |path| ::File.expand_path(path) } @@ -152,7 +155,7 @@ def register validate_v3_user! # don't really care if verified for every host auth_pass = @auth_pass.nil? ? nil : @auth_pass.value priv_pass = @priv_pass.nil? ? nil : @priv_pass.value - definition[:client] = LogStash::SnmpClientV3.new(protocol, address, port, retries, timeout, mib, @security_name, @auth_protocol, auth_pass, @priv_protocol, priv_pass, @security_level) + definition[:client] = LogStash::SnmpClientV3.new(protocol, address, port, retries, timeout, mib, @security_name, @auth_protocol, auth_pass, @priv_protocol, priv_pass, @security_level, @engine_id) else definition[:client] = LogStash::SnmpClient.new(protocol, address, port, community, version, retries, timeout, mib) end diff --git a/lib/logstash/inputs/snmp/clientv3.rb b/lib/logstash/inputs/snmp/clientv3.rb index 9b949a0..bf48235 100644 --- a/lib/logstash/inputs/snmp/clientv3.rb +++ b/lib/logstash/inputs/snmp/clientv3.rb @@ -39,7 +39,7 @@ module LogStash class SnmpClientV3 < BaseSnmpClient - def initialize(protocol, address, port, retries, timeout, mib, security_name, auth_protocol, auth_pass, priv_protocol, priv_pass, security_level) + def initialize(protocol, address, port, retries, timeout, mib, security_name, auth_protocol, auth_pass, priv_protocol, priv_pass, security_level, engine_id) super(protocol, address, port, retries, timeout, mib) security_level = parse_security_level(security_level) @@ -48,8 +48,9 @@ def initialize(protocol, address, port, retries, timeout, mib, security_name, au priv_protocol = parse_priv_protocol(priv_protocol) auth_pass = auth_pass.nil? ? nil : OctetString.new(auth_pass) priv_pass = priv_pass.nil? ? nil : OctetString.new(priv_pass) + engine_id = OctetString.new(engine_id.nil? ? MPv3.createLocalEngineID : engine_id) - usm = USM.new(SecurityProtocols.getInstance, OctetString.new(MPv3.createLocalEngineID), 0) + usm = USM.new(SecurityProtocols.getInstance, engine_id, 0) SecurityModels.getInstance.addSecurityModel(usm) @snmp.getUSM.addUser(UsmUser.new(security_name, auth_protocol, auth_pass, priv_protocol, priv_pass)) diff --git a/spec/inputs/snmp_spec.rb b/spec/inputs/snmp_spec.rb index 7d49472..3c14e3f 100644 --- a/spec/inputs/snmp_spec.rb +++ b/spec/inputs/snmp_spec.rb @@ -102,7 +102,8 @@ let(:valid_configs) { [ {"get" => ["1.0"], "hosts" => [{"host" => "udp:127.0.0.1/161", "version" => "3"}], "security_name" => "ciscov3", "auth_protocol" => "sha", "auth_pass" => "myshapass", "priv_protocol" => "aes", "priv_pass" => "myprivpass", "security_level" => "authNoPriv"}, - {"get" => ["1.0"], "hosts" => [{"host" => "udp:127.0.0.1/161", "version" => "3"}], "security_name" => "dellv3", "auth_protocol" => "md5", "auth_pass" => "myshapass", "priv_protocol" => "3des", "priv_pass" => "myprivpass", "security_level" => "authNoPriv"} + {"get" => ["1.0"], "hosts" => [{"host" => "udp:127.0.0.1/161", "version" => "3"}], "security_name" => "dellv3", "auth_protocol" => "md5", "auth_pass" => "myshapass", "priv_protocol" => "3des", "priv_pass" => "myprivpass", "security_level" => "authNoPriv"}, + {"get" => ["1.0"], "hosts" => [{"host" => "udp:127.0.0.1/161", "version" => "3"}], "security_name" => "dellv3", "auth_protocol" => "md5", "auth_pass" => "myshapass", "priv_protocol" => "3des", "priv_pass" => "myprivpass", "security_level" => "authNoPriv", "engine_id" => "some engine"} ] }