{"id":4781,"date":"2023-02-03T18:55:00","date_gmt":"2023-02-04T00:55:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=4781"},"modified":"2023-02-04T12:40:26","modified_gmt":"2023-02-04T18:40:26","slug":"bulk-update-snmp-v3-settings-for-devices-in-librenms","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/bulk-update-snmp-v3-settings-for-devices-in-librenms\/","title":{"rendered":"Bulk Update SNMP v3 Settings for Devices in LibreNMS"},"content":{"rendered":"\n<p>With support for DES being <a href=\"https:\/\/www.incredigeek.com\/home\/invalid-privacy-protocol-specified-after-3x-flag-des\/\">dropped<\/a>, you may be faced with having to upgrade device settings to AES.  In this post we&#8217;ll explore changing the settings in LibreNMS for all Mikrotik devices and then touch on making changes to a group of Mikrotik devices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Upgrading SNMP Settings for Devices in LibreNMS<\/h2>\n\n\n\n<p>In LibreNMS, we can go to Device -> Device Settings (Gear on the right hand side) -> SNMP, to set the SNMP settings for that device.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"669\" src=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3-1024x669.png\" alt=\"\" class=\"wp-image-4792\" srcset=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3-1024x669.png 1024w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3-300x196.png 300w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3-768x502.png 768w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3-459x300.png 459w, https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-3.png 1487w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Since this would get rather boring to change on multiple devices, and these settings are all in a MySQL database, we can skip using the mouse and use a few MySQL commands to update multiple devices at once.<\/p>\n\n\n\n<p>Log into the LibreNMS server over ssh and then connect to the MySQL database<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mysql -u librenms -p librenms<\/pre>\n\n\n\n<p>First we can get a list of all the devices (Mikrotik routers in this example) and show the hostname with the SNMP authentication and cryptography algorithms.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">select hostname,authalgo,cryptoalgo from devices where os=\"routeros\";<\/pre>\n\n\n\n<p>Now if we want to update the cryptography settings for all of our Mikorotik devices, we can do the following.<\/p>\n\n\n\n<pre id=\"block-27e3de5e-aab4-446b-adce-34ffbd656a55\" class=\"wp-block-preformatted\">update devices cryptoalgo set cryptoalgo=\"AES\" &nbsp;where os=\"routeros\";<\/pre>\n\n\n\n<p>This will set all of the devices to use AES for the cryptography algorithm.<\/p>\n\n\n\n<p>We can also change the authentication algorithm to SHA with this<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">update devices authalgo set authalgo=\"SHA\" &nbsp;where os=\"routeros\";<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.incredigeek.com\/home\/wp-content\/uploads\/2023\/02\/image-1.png\" alt=\"\" class=\"wp-image-4784\" width=\"396\" height=\"410\"\/><\/a><figcaption class=\"wp-element-caption\">LibreNMS update device SNMP settings<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bulk updating of Network Devices<\/h2>\n\n\n\n<p>The bottom &#8220;script&#8221; can be used for changing SNMP settings on multiple Mikrotik devices.  <\/p>\n\n\n\n<p>Create a mikrotik.lst file with all the IP addresses of all the devices you need to update.  Can you use the above MySQL commands to get a list from LibreNMS.<\/p>\n\n\n\n<p>Change the following options in the script<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>routerpassword to the Mikrotik password<\/li>\n\n\n\n<li>admin to your username<\/li>\n\n\n\n<li>encryptionpassword to your SNMP encryption password<\/li>\n\n\n\n<li>authpassword to your authentication password<\/li>\n\n\n\n<li>addresses=192.168.0.0\/16 to the list of IP addresses that should be able to access SNMP info on the mikrotik device.  AKA your LibreNMS server.<\/li>\n\n\n\n<li>SNMPname to your SNMP username<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">for ip in `cat mikrotik.lst` \ndo \necho $ip \ntimeout 15 sshpass -p 'routerpassword' ssh -o StrictHostKeyChecking=no admin@${ip} -p1022 '\/snmp community set addresses=192.168.0.0\/16 authentication-protocol=SHA1 authentication-password=authpassword encryption-protocol=AES encryption-password=encryptionpassword security=private read-access=yes write-access=no SNMPname'\ndone<\/pre>\n\n\n\n<p>Copy and paste the above &#8220;code&#8221; in a shell script file.  <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano mikrotik.sh\nchmod +x mikrotik.sh \n.\/mikrotik.sh<\/pre>\n\n\n\n<p>The script should run and update all the SNMP settings on all the devices in mikrotik.lst<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With support for DES being dropped, you may be faced with having to upgrade device settings to AES. In this post we&#8217;ll explore changing the settings in LibreNMS for all Mikrotik devices and then touch on making changes to a &hellip; <a href=\"https:\/\/www.incredigeek.com\/home\/bulk-update-snmp-v3-settings-for-devices-in-librenms\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[352,452],"tags":[1393,1395,353,301,1397,1396,173,133,360,248],"class_list":["post-4781","post","type-post","status-publish","format-standard","hentry","category-librenms","category-mikrotik","tag-aes","tag-almalinux9","tag-librenms","tag-mikrotik","tag-rehl","tag-rehl9","tag-script","tag-snmp-2","tag-snmpv3","tag-update"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=4781"}],"version-history":[{"count":3,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4781\/revisions"}],"predecessor-version":[{"id":4793,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4781\/revisions\/4793"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=4781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=4781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=4781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}