Feature Request: Telegraf: SNMPv3 Full Support

[dapryor]

References influxdata/telegraf#8530

Background:
The underlying net-snmp tools used for telegraf snmp plugins do not support SNMPv3 privProtocols AES192, AES192C, AES256, and AES256C through the base install.
These options can be enabled for net-snmp tools with a manual build from source.

Proposal:
Provide full SNMPv3 privProtocol support for the telegraf docker image by adding the manual build of net-snmp with the --enable-blumenthal flag.

[reimda]

Hi @dapryor! Now that influxdata/telegraf#8541 is merged telegraf should support the privProtocols you mentioned. This issue asks to add the net-snmp tools built from source with the --enable-blumenthal flag to the telegraf docker image. Telegraf doesn't use those tools to send or receive SNMPv3. Why would you like the docker image to include them? The docker image doesn't include similar tools for other input plugins so I'm trying to understand why this is needed.

[dapryor]

Hey @reimda. Thanks so much for your response.

To my knowledge and according to the telegraf snmp plugin, the underlying tool used for communication is net-snmp.

Anecdotally, I was unable to use SNMPv3 with the more secure algorithms until I custom built a telegraf image with the compiled-from-source net-snmp tools.

If I am mistaken, I would honestly be happy that this change would not be needed :)

Please let me know if there is a better way for me to achieve this.

Thanks!

[reimda]

Telegraf's snmp plugins use the gosnmp library to send and receive snmp. I don't think gosnmp depends on net-snmp.

The plugins do also use the programs 'snmptable' and 'snmptranslate' from net-snmp to look up oids from mib files. That's mentioned in the snmp plugin readme and I'm guessing it led you to think net-snmp is used for sending and receiving too.

snmptable and snmptranslate are installed in the docker images. The debian based image installs the snmp package and the alpine based image installs net-snmp-tools.

There may be something else that is preventing the new v3 privProtocols from working in the docker images. When you use the docker images what errors are you getting?

[dapryor]

Seems you're right! I think I was under the wrong impression with the README. Then I got too hung up on making the calls work with the snmp tools.

Thanks a ton @reimda!
Do you have any insight on when the next version of Telegraf with my changes will go live? Until then, I have built the latest Telegraf and will just put it in my docker container when I start it.

[reimda]

Telegraf's release schedule is to make feature releases every three months (in March, June, Sept, and Dec) and in the other months bugfix releases every three weeks.

influxdata/telegraf#8541 is a bugfix so I expect it to go out in the next bugfix release, planned for two weeks from today (Jan 27). Since it's merged to master, it's also already in the nightly builds. They tend to be fairly stable. https://github.com/influxdata/telegraf#nightly-builds

Thanks again for your help adding the privProtocols!

If the docker images make sense now and don't need changes for SNMP v3, let's close this issue.