NeophyteDisabling SNMPv1/v2c - Only use v3
We have a group of devices which are configured with SNMPv3. The properties set against these devices in LM are only v3 - there are no SNMP community details configured against, or inherited by the devices.
The devices have been successfully discovered and metrics are being collected yet periodically (approx every 3hrs), we're seeing failed v1 and v2c connection attempts in the device logs, with those attempts coming from the collectors.
I am told by support that this is expected behaviour, despite the product documentation stating:
LogicMonitor attempts SNMP communication initially with version 3, then 2c, and finally version 1. The highest responding version is set for this value, and any attempts to edit it will automatically revert.
I am also told there is currently no way to disable the use of v1/v2c. It strikes me that this is something that should it be possible to set at a collector level so am considering raising feedback, however I wanted to check whether anyone in the community has implemented any sort of ingenious method to enable only SNMP v3 collection/discovery, or if we just need to convince our security team to accept that the device logs are going to contain regular failed attempts from the collectors?
Hey Matt_Taylor
It's possible that what you are seeing is part of the autoprops process that the collector does. The thing that is a bit odd is that it's typically a once a day thing, unless something triggers active discovery on a device either manually or via some programmatic update. There is a configuration change that can be made to the collector to stop this process for testing v2c or v1, that would be adding this line into your collector configuration:
autoprops.detectors.ignore.snmp.versions=v1,v2c
We have an internal ticket open to have this added to our support documentation on this page here:
https://www.logicmonitor.com/support/agent-conf-collector-settings#h-autoproperties-settings
