input: snmp_trap: only one v3 config can be used

[mark-chandler]

Relevant telegraf.conf

# Telegraf Configuration

# Global tags can be specified here in key="value" format.
[global_tags]

# Configuration for telegraf agent
[agent]
  interval = "10s"
  round_interval = true
  metric_batch_size = 1000
  metric_buffer_limit = 10000
  collection_jitter = "0s"
  flush_interval = "10s"
  flush_jitter = "0s"
  precision = "0s"

  ## Log at debug level.
  # debug = false
  debug = true
  ## Log only error level messages.
  # quiet = false

  ## Override default hostname, if empty use os.Hostname()
  hostname = ""
  ## If set to true, do no set the "host" tag in the telegraf agent.
  omit_hostname = false


#   snmp_translator = "netsnmp"
  snmp_translator = "gosmi"

###############################################################################
#                            OUTPUT PLUGINS                                   #
###############################################################################

# Send telegraf metrics to file(s)
[[outputs.file]]
  ## Files to write to, "stdout" is a specially handled file.
  files = ["stdout", "/tmp/metrics.out"]

  ## Data format to output.
  data_format = "json"

###############################################################################
#                            INPUT PLUGINS                                    #
###############################################################################


# Receive SNMP traps
[[inputs.snmp_trap]]
#
    service_address = "udp://:1162"
#
# Path to mib files
# Used by the gosmi translator.
# To add paths when translating with netsnmp, use the MIBDIRS environment variable
    path = ["/usr/share/snmp/mibs"]
#
# Snmp version
# version = "3"
    version = "2c"

[[inputs.snmp_trap]]
    alias = "#1"
#
    service_address = "udp://:10162"
# service_address = "udp://:162"
#
    path = ["/usr/share/snmp/mibs"]
#
# Snmp version
    version = "3"
# SNMPv3 authentication and encryption options.
#
# Security Name.
    sec_name = "sourcenumber1"
# Authentication protocol; one of "MD5", "SHA" or "".
    auth_protocol = "SHA"
# Authentication password.
    auth_password = "sourcenumber1"
# Security Level; one of "noAuthNoPriv", "authNoPriv", or "authPriv".
    sec_level = "authPriv"
# Privacy protocol used for encrypted messages; one of "DES", "AES", "AES192", "AES192C", "AES256", "AES256C" or "".
    priv_protocol = "AES256"
# Privacy password used for encrypted messages.
    priv_password = "SourceNumber1"
    [inputs.snmp_trap.tags]
        test_tag = "10162"


[[inputs.snmp_trap]]
    alias = "#2"
#
    service_address = "udp://:10262"
# service_address = "udp://:162"
#
    path = ["/usr/share/snmp/mibs"]
#
# Snmp version
    version = "3"
# SNMPv3 authentication and encryption options.
#
# Security Name.
    sec_name = "sourcenumber2"
# Authentication protocol; one of "MD5", "SHA" or "".
    auth_protocol = "SHA"
# Authentication password.
    auth_password = "sourcenumber2"
# Security Level; one of "noAuthNoPriv", "authNoPriv", or "authPriv".
    sec_level = "authPriv"
# Privacy protocol used for encrypted messages; one of "DES", "AES", "AES192", "AES192C", "AES256", "AES256C" or "".
    priv_protocol = "AES256"
# Privacy password used for encrypted messages.
    priv_password = "SourceNumber2"
    [inputs.snmp_trap.tags]
        test_tag = "10262"


[[inputs.snmp_trap]]
    alias = "#3"
#
    service_address = "udp://:10362"
# service_address = "udp://:162"
#
    path = ["/usr/share/snmp/mibs"]
#
# Snmp version
    version = "3"
# SNMPv3 authentication and encryption options.
#
# Security Name.
    sec_name = "sourcenumber3"
# Authentication protocol; one of "MD5", "SHA" or "".
    auth_protocol = "SHA"
# Authentication password.
    auth_password = "sourcenumber3"
# Security Level; one of "noAuthNoPriv", "authNoPriv", or "authPriv".
    sec_level = "authPriv"
# Privacy protocol used for encrypted messages; one of "DES", "AES", "AES192", "AES192C", "AES256", "AES256C" or "".
    priv_protocol = "AES256"
# Privacy password used for encrypted messages.
    priv_password = "SourceNumber3"
    [inputs.snmp_trap.tags]
        test_tag = "10362"

Logs from Telegraf

[mark_chandler@mist container]$ sh start.sh
2023-06-09T05:24:34Z I! Loading config: /etc/telegraf/telegraf.conf
2023-06-09T05:24:34Z W! DeprecationWarning: Option "timeout" of plugin "inputs.snmp_trap" deprecated since version 1.20.0 and will be removed in 2.0.0: unused option
2023-06-09T05:24:34Z W! DeprecationWarning: Option "timeout" of plugin "inputs.snmp_trap" deprecated since version 1.20.0 and will be removed in 2.0.0: unused option
2023-06-09T05:24:34Z W! DeprecationWarning: Option "timeout" of plugin "inputs.snmp_trap" deprecated since version 1.20.0 and will be removed in 2.0.0: unused option
2023-06-09T05:24:34Z W! DeprecationWarning: Option "timeout" of plugin "inputs.snmp_trap" deprecated since version 1.20.0 and will be removed in 2.0.0: unused option
2023-06-09T05:24:34Z I! Starting Telegraf 1.26.3
2023-06-09T05:24:34Z I! Available plugins: 235 inputs, 9 aggregators, 27 processors, 22 parsers, 57 outputs, 2 secret-stores
2023-06-09T05:24:34Z I! Loaded inputs: snmp_trap (4x)
2023-06-09T05:24:34Z I! Loaded aggregators: 
2023-06-09T05:24:34Z I! Loaded processors: 
2023-06-09T05:24:34Z I! Loaded secretstores: 
2023-06-09T05:24:34Z I! Loaded outputs: file
2023-06-09T05:24:34Z I! Tags enabled: host=9ec50f7cb67a
2023-06-09T05:24:34Z W! Deprecated inputs: 0 and 4 options
2023-06-09T05:24:34Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:"9ec50f7cb67a", Flush Interval:10s
2023-06-09T05:24:34Z D! [agent] Initializing plugins
2023-06-09T05:24:35Z D! [agent] Connecting outputs
2023-06-09T05:24:35Z D! [agent] Attempting connection to [outputs.file]
2023-06-09T05:24:35Z D! [agent] Successfully connected to outputs.file
2023-06-09T05:24:35Z D! [agent] Starting service inputs
2023-06-09T05:24:35Z I! [inputs.snmp_trap] Listening on udp://:1162
2023-06-09T05:24:35Z I! [inputs.snmp_trap::#1] Listening on udp://:10162
2023-06-09T05:24:35Z I! [inputs.snmp_trap::#2] Listening on udp://:10262
2023-06-09T05:24:35Z I! [inputs.snmp_trap::#3] Listening on udp://:10362
2023-06-09T05:24:45Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
2023-06-09T05:24:55Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
2023-06-09T05:25:05Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
2023-06-09T05:25:15Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
2023-06-09T05:25:25Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
{"fields":{"sysUpTimeInstance":43},"name":"snmp_trap","tags":{"engine_id":"80001f8880a6fb2d08cdb7826400000000","host":"9ec50f7cb67a","mib":"SNMPv2-MIB","name":"coldStart.0","oid":".1.3.6.1.6.3.1.1.5.1.0","source":"10.0.2.100","test_tag":"10362","version":"3"},"timestamp":1686288333}
2023-06-09T05:25:35Z D! [outputs.file] Wrote batch of 1 metrics in 272.191µs
2023-06-09T05:25:35Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
2023-06-09T05:25:45Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics
{"fields":{"sysUpTimeInstance":43},"name":"snmp_trap","tags":{"engine_id":"80001f888051028175deb7826400000000","host":"9ec50f7cb67a","mib":"SNMPv2-MIB","name":"coldStart.0","oid":".1.3.6.1.6.3.1.1.5.1.0","source":"10.0.2.100","test_tag":"10162","version":"3"},"timestamp":1686288350}
{"fields":{"sysUpTimeInstance":43},"name":"snmp_trap","tags":{"engine_id":"80001f88803cb1206ae2b7826400000000","host":"9ec50f7cb67a","mib":"SNMPv2-MIB","name":"coldStart.0","oid":".1.3.6.1.6.3.1.1.5.1.0","source":"10.0.2.100","test_tag":"10262","version":"3"},"timestamp":1686288354}
2023-06-09T05:25:55Z D! [outputs.file] Wrote batch of 2 metrics in 236.234µs
2023-06-09T05:25:55Z D! [outputs.file] Buffer fullness: 0 / 10000 metrics

System info

Telegraf 1.26.3, Fedora Linux 38, Podman 4.5.1

Docker

podman run
-p 1162:1162/udp
-p 10162:10162/udp
-p 10262:10262/udp
-p 10362:10362/udp
--expose=1162,10162,10262,10362
-u "telegraf"
-v $PWD/etc/telegraf:/etc/telegraf:Z
-v /usr/share/snmp/mibs:/usr/share/snmp/mibs:ro
-v $PWD/tmp:/tmp:Z
telegraf
telegraf --config /etc/telegraf/telegraf.conf

Steps to reproduce

1. Use the podman command to start Telegraf
2. Send SNMPv3 traps to the listening ports using the following commands
   $ snmptrap -v 3 -u "sourcenumber1" -a SHA -A "sourcenumber1" -l authPriv -x AES256 -X "SourceNumber1" localhost:10162 41 coldStart.0
   $ snmptrap -v 3 -u "sourcenumber2" -a SHA -A "sourcenumber2" -l authPriv -x AES256 -X "SourceNumber2" localhost:10262 42 coldStart.0
   $ snmptrap -v 3 -u "sourcenumber3" -a SHA -A "sourcenumber3" -l authPriv -x AES256 -X "SourceNumber3" localhost:10262 43 coldStart.0
   $ snmptrap -v 3 -u "sourcenumber3" -a SHA -A "sourcenumber3" -l authPriv -x AES256 -X "SourceNumber3" localhost:10162 43 coldStart.0
   $ snmptrap -v 3 -u "sourcenumber3" -a SHA -A "sourcenumber3" -l authPriv -x AES256 -X "SourceNumber3" localhost:10262 43 coldStart.0

Expected behavior

Three traps should be received, one for each SNMPv3 input defined.

Actual behavior

All the SNMPv3 inputs will accept traps with the credentials for the last SNMPv3 input.
But any other SNMPv3 input will not accept traps with their credentials.
So, listeners 1, 2, 3 will accept traps with credentials for 3, but not 1 or 2.

Additional info

Wondering if this maybe related to gosnmp/gosnmp#302
Discussed at https://influxcommunity.slack.com/archives/CH99HUH8V/p1685961051007439

[powersj]

Hi,

Thanks for the issue. It does look to be related to the upstream issue. However, I am a little concerned that issue has not had any updates in 2+ years. Would you might asking if there is any PR or work that was completed to resolve that issue?

Thanks

[Hipska]

Not really sure the referenced issue is really relevant here. As in this case we are talking about initiating multiple trap listeners. It seems that it actually isn't really supported to launch 3 separate ones in the same application..

[mark-chandler]

Changing the snmp_trap.go code as per below, then using the latest code from gosnmp, seems to resolve the problem.

107c107,110
< 	s.listener.Params = gosnmp.Default
---
>  	var defaults gosnmp.GoSNMP
>  	defaults = *gosnmp.Default
>  	s.listener.Params = &defaults
> 

[Hipska]

@mark-chandler okay great! Can you put this in a PR? Then you will get full credit of fixing this bug..