Ad Widget

**markfree** · 30-07-2021, 17:24

In one of my SNMPv3 setup, I've left "context name" blank since it was not available in my monitored host. After that, Zabbix was able to access the SNMP agent.
Do your firewalls use "context name"?

**Tgordo3** · 31-07-2021, 05:16

Thank you so much for that response! That worked like a charm on zabbix version 5. There were other steps that were probably not necessary but being patient is definitely required. After removing the "context name", I had to unlink the template from the palo alto device. I then had to totally delete the items in the template and then delete the template itself. Once I recreated them and some graphs to show the data, it took some time before the graphs started to populate. I guess zabbix had to finish discovering all of the interfaces. Either way, it is working now on zabbix version 5 and I may try something similar on zabbix version 3. Thanks again!

**Tgordo3** · 05-08-2021, 21:57

I have had no luck with monitoring the Palo Alto firewalls with zabbix version 3. I used similar settings for the items and template as I used in zabbix version 5. I keep getting this message on the status of the item.
...
Cannot connect to "fwname:161": Authentication failure (incorrect password, community or key)
...

The SNMP status indicator in the webui shows as green for the device. However, I cannot collect any data on any of the items. Graphs show "no data" as well.

Maybe zabbix version 5 can handle passphrases with '$' and '%' and zabbix version 3 cannot.

**Tgordo3** · 06-08-2021, 18:54

Hello all,

What does it mean when there are 2 devices listed in an error message? This is on an "item" setup via template and it fails to collect SNMP data.

Cannot connect to "somedevicename:161": Authentication failure (incorrect password, community or key) (anotherdevicename:161)

I have checked for unique "Engine ID's".
The second device in the parenthesis does not show up ever time. Not even sure it is always the same device.

**markfree** · 07-08-2021, 04:10

Could you elaborate more on this issue?
Where exactly did you get this error message? Is it from WebUI or server log?
Are those devices listed in the error message both SNMP v3? Do they have the same authentication configuration?

Have you tested querying your hosts using "snmpget" with the same authentication values from your host interface?

Have you checked SNMP documentation? There might be some information that helps you out.

**Tgordo3** · 08-08-2021, 19:00

Thank you Mark for your interest.
I actually see the message in the zabbix_server.log and the zabbix webui. See screenshot below.

I have used the same authentication configuration as I have used on zabbix version 5 where it works fine. "snmpget" works fine from the command line as well. I have to escape a dollar sign and a percent sign in the command line. I have tried that in zabbix as well with no success.

Thanks again for your response.

**markfree** · 09-08-2021, 04:24

I feel like you left me with more questions than answers.
I was curious when you said there were "2 listed devices in an error message". The image you provided does not show 2 devices, though.

The error message indicates a possible error with authentication data.
So, you have special characters in your passphrase, right?
SNMPv3 authentication data works in Zabbix 5 and the same data does not for Zabbix 3, right?
What version of Zabbix 3 are you using, anyway?

In Zabbix 3, are you using macros for your passphrase or typing them directly?
It seems Zabbix 3 implements SNMPv3 configuration at item level, where Zabbix 5 implements at host level.
Are you following Zabbix 3 SNMP documentation?

**Tgordo3** · 09-08-2021, 05:57

Sorry,
The screenshot before didn't have the second hostname in it. Here is a screenshot with the 2 hosts in the error message.

Agreed. There is some kind of error with authentication. There are special characters in the passphrase. I use a dollar sign and a percent sign. I need to use both special characters if possible. This setup works in zabbix 5. I am using zabbix version 3.0.31 when the setup fails.

I have tried to use macros for the passphrase and typing it in directly. Nothing seems to make a difference. I am following the Zabbix 3 SNMP documentation. It asks that I enter the passphrase on each item as you have stated. Thanks again for helping me with my zabbix version 3 issue.

**markfree** · 10-08-2021, 01:52

Are you using a "context name" or leaving it blank?
Do your authentication and privacy protocols match the host's?
For testing purpose, if you change the passphrase to something that does not include special characters, does it works in Zabbix 3?

**Tgordo3** · 16-08-2021, 18:58

Thank you mark for all of your advice. After testing in my lab on some similar Palo Alto firewalls, I did confirm a few things.
I changed the passphrase in my case to be all alphnumeric and left the "context name" blank. This seemed to work on zabbix 3 and my lab firewalls.
I will move this config over to my production systems to verify they work there. No special characters allowed I guess. Thanks again.

Ad Widget

Zabbix Monitoring PA-7050 via SNMP v3

Zabbix Monitoring PA-7050 via SNMP v3

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment