1Smokeping_probes_TacacsPlus(3) SmokePing Smokeping_probes_TacacsPlus(3)
2
3
4
6 Smokeping::probes::TacacsPlus - a TacacsPlus authentication probe for
7 SmokePing
8
10 Measures TacacsPlus authentication latency for SmokePing
11
13 *** Probes ***
14
15 +TacacsPlus
16
17 forks = 5
18 offset = 50%
19 passwordfile = /some/place/secret
20 secretfile = /another/place/secret
21 step = 300
22
23 # The following variables can be overridden in each target section
24 /^influx_.+/ = influx_location = In the basement
25 authtype = CHAP
26 mininterval = 1
27 password = test-password
28 pings = 5
29 port = 49
30 secret = test-secret
31 timeout = 5
32 username = test-user # mandatory
33
34 # [...]
35
36 *** Targets ***
37
38 probe = TacacsPlus # if this should be the default probe
39
40 # [...]
41
42 + mytarget
43 # probe = TacacsPlus # if the default probe is something else
44 host = my.host
45 /^influx_.+/ = influx_location = In the basement
46 authtype = CHAP
47 mininterval = 1
48 password = test-password
49 pings = 5
50 port = 49
51 secret = test-secret
52 timeout = 5
53 username = test-user # mandatory
54
56 This probe measures TacacsPlus authentication latency for SmokePing.
57
58 The username to be tested is specified in either the probe-specific or
59 the target-specific variable `username', with the target-specific one
60 overriding the probe-specific one.
61
62 The password can be specified either (in order of precedence, with the
63 latter overriding the former) in the probe-specific variable
64 `password', in an external file or in the target-specific variable
65 `password'. The location of this file is given in the probe-specific
66 variable `passwordfile'. See Smokeping::probes::passwordchecker(3pm)
67 for the format of this file (summary: colon-separated triplets of the
68 form `<host>:<username>:<password>')
69
70 The TacacsPlus protocol requires a shared secret between the server and
71 the client. This secret can be specified either (in order of
72 precedence, with the latter overriding the former) in the probe-
73 specific variable `secret', in an external file or in the target-
74 specific variable `secret'. This external file is located by the
75 probe-specific variable `secretfile', and it should contain whitespace-
76 separated pairs of the form `<host> <secret>'. Comments and blank lines
77 are OK.
78
79 The default TacacsPlus authentication type is ASCII. PAP and CHAP are
80 also available. See the Authen::TacacsPlus documentation for more
81 information;
82
83 The probe tries to be nice to the server and does not send
84 authentication requests more frequently than once every X seconds,
85 where X is the value of the target-specific "min_interval" variable (1
86 by default).
87
89 Supported probe-specific variables:
90
91 forks
92 Run this many concurrent processes at maximum
93
94 Example value: 5
95
96 Default value: 5
97
98 offset
99 If you run many probes concurrently you may want to prevent them
100 from hitting your network all at the same time. Using the probe-
101 specific offset parameter you can change the point in time when
102 each probe will be run. Offset is specified in % of total interval,
103 or alternatively as 'random', and the offset from the 'General'
104 section is used if nothing is specified here. Note that this does
105 NOT influence the rrds itself, it is just a matter of when data
106 acquisition is initiated. (This variable is only applicable if the
107 variable 'concurrentprobes' is set in the 'General' section.)
108
109 Example value: 50%
110
111 passwordfile
112 Location of the file containing usernames and passwords.
113
114 Example value: /some/place/secret
115
116 secretfile
117 A file containing the TacacsPlus shared secrets for the targets. It
118 should contain whitespace-separated pairs of the form `<host>
119 <secret>'. Comments and blank lines are OK.
120
121 Example value: /another/place/secret
122
123 step
124 Duration of the base interval that this probe should use, if
125 different from the one specified in the 'Database' section. Note
126 that the step in the RRD files is fixed when they are originally
127 generated, and if you change the step parameter afterwards, you'll
128 have to delete the old RRD files or somehow convert them. (This
129 variable is only applicable if the variable 'concurrentprobes' is
130 set in the 'General' section.)
131
132 Example value: 300
133
134 Supported target-specific variables:
135
136 /^influx_.+/
137 This is a tag that will be sent to influxdb and has no impact on
138 the probe measurement. The tag name will be sent without the
139 "influx_" prefix, which will be replaced with "tag_" instead. Tags
140 can be used for filtering.
141
142 Example value: influx_location = In the basement
143
144 authtype
145 The TacacsPlus Authentication type:ASCII(default), CHAP, PAP
146
147 Example value: CHAP
148
149 Default value: ASCII
150
151 mininterval
152 The minimum interval between each authentication request sent, in
153 (possibly fractional) seconds.
154
155 Default value: 1
156
157 password
158 The password for the user, if not present in the password file.
159
160 Example value: test-password
161
162 pings
163 How many pings should be sent to each target, if different from the
164 global value specified in the Database section. Note that the
165 number of pings in the RRD files is fixed when they are originally
166 generated, and if you change this parameter afterwards, you'll have
167 to delete the old RRD files or somehow convert them.
168
169 Example value: 5
170
171 port
172 The TacacsPlus port to be used
173
174 Example value: 49
175
176 Default value: 49
177
178 secret
179 The TacacsPlus shared secret for the target, if not present in the
180 secrets file.
181
182 Example value: test-secret
183
184 timeout
185 Timeout in seconds for the TacacsPlus queries.
186
187 Default value: 5
188
189 username
190 The username to be tested.
191
192 Example value: test-user
193
194 This setting is mandatory.
195
197 Gary Mikula <g2ugzm@hotmail.com>
198
200 Not as yet....
201
202
203
2042.8.2 2022-01-22 Smokeping_probes_TacacsPlus(3)