Telegraf SNMPv3 - Error wrong digest

Telegraf
1

I’ve never setup an SNMPv3 telegraf .conf file before. Until now I’ve gotten by with using SNMPv2. I’m getting a strange error below saying that I’m using the “wrong digest” I’m not sure what to do get this file working.

[[inputs.snmp]]

sec_name = “myUsername”
auth_protocol = “SHA”
auth_password = “myPassword”
sec_level = “authPriv”
context_name = “”
priv_protocol = “AES”
priv_password = “myPassword”

agents = [ “192.168.1.69” ]
timeout = “10s”
retries = 3
version = 3
interval = “60s”
name = “PaloSNMP”

[[inputs.snmp.field]]
name = “sysHostname”
oid = “SNMPv2-MIB::sysName.0”

[[inputs.snmp.field]]
name = “panChassisType”
oid = “SNMPv2-SMI::enterprises.25461.2.1.2.2.1.0”

[[inputs.snmp.field]]
name = “sysUptime”
oid = “DISMAN-EVENT-MIB::sysUpTimeInstance”

When I test the file using “telegraf --test --debug --config myConfFile.conf” I get the following error message.

[truncated for brevity]
2024-08-06T18:42:07Z D! [agent] Starting service inputs

2024-08-06T18:42:08Z E! [inputs.snmp] Error in plugin: agent 165.234.11.74: wrong digest (auth_protocol, auth_password)

2024-08-06T18:42:08Z D! [agent] Stopping service inputs
2024-08-06T18:42:08Z D! [agent] Input channel closed
2024-08-06T18:42:08Z D! [agent] Stopped Successfully
2024-08-06T18:42:08Z E! [telegraf] Error running agent: input plugins recorded 1 errors

When I use the following snmpwalk command I don’t have any issues. "snmpwalk -v3 -l authPriv -u myUsername -a SHA -A ‘myPassword’ -x AES -X ‘myPassword’ 192.168.1.69 DISMAN-EVENT-MIB::sysUpTimeInstance
Not sure what’s wrong. Any help would be greatly appreciated.

2

Hello @whaleh8er I’m going to defer to @jpowers here. :stuck_out_tongue:

3

hmm I would expect this to mean you have the wrong password or hash settings. However, you said it works with snmpwalk. Does it return a good return code?

What version of telegraf are you using?

Please also use the ``` beofore and after to enclose your logs. It will help render correctly on the forums.

4

I’m running Telegraf ver 1.31.2

Yes, when I run the snmpwalk command I get back exactly what I expect to.

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (964660159) 111 days, 15:36:41.59
5

I got the same errors in my logs since a few months now. Using snmp v3 SHA authpriv AES. Not sure why it happened suddenly, perhaps an update of the net-snmp package? an update of telegraf? Not sure about that because history in my configuration was unknown. I just inherited a broken system.

In my case it turned out to be special characters in the password. Either $ , ! or @

I tried escaping those character in the conf file. Outside the double quotes. For example, preceding with a \ or double quoting the special characters. But to no avail.

Both SHA and AES passwords contained either one of those characters in my config.

snmpget and snwmpwalk at the commandline just worked fine.

I then tested with one of our snmp devices with a password containing no special characters and voila, it worked again!!

We are in the process of changing the passwords at our snmp devices.