Date: Fri, 29 Mar 2024 09:04:51 +0000 (UTC) Message-ID: <1031508573.4077.1711703091118@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4076_143217446.1711703091117" ------=_Part_4076_143217446.1711703091117 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
It seems that there is an issue in the SNMP PHP extension in that when w= e attempt to discover a device using SNMPv3 and if there are multiple crede= ntial sets that use the same security name, but different authentication an= d/or privacy settings, and we attempt to query a device using an incorrect = credential set, subsequent attempts to query the device also fail - regardl= ess of those subsequent attempts using the correct settings and credentials= .
We have managed to work around this for Linux - we call out to the shell= and run the credential tests there. This works.
Unfortunately for Windows we cannot do this.
If the below all apply to you, you will be affected.
For those subnet's that include these devices, you should create an indi= vidual device credential set and enable the match_ip confi= g item. Once a device has been discovered, associating a specific credentia= l set enables that credential set to be tested first. Enabling match_ip mea= ns that we will match that device without SNMP and retrieve this credential= set.
We plan to make assigning individual credential sets to devices easier t= o do. We also plan to enable the selection of a subset of credentials for a= given discovery.
Both these features when combined with the above will alleviate most of = the pain.
You could always reconfigure your devices to use the exact same credenti= als.
Or you could add a new SNMPv3 user that is specifically for Open-AudIT a= nd make it identical across all devices.
And don't forget you can always use the Linux version of Open-AudIT, or = the Opmantek VM.
Mark Unwin.