NAME

Smokeping::probes::TacacsPlus - a TacacsPlus authentication probe for SmokePing

OVERVIEW

Measures TacacsPlus authentication latency for SmokePing

SYNOPSIS

 *** Probes ***

 +TacacsPlus

 forks = 5
 offset = 50%
 passwordfile = /some/place/secret
 secretfile = /another/place/secret
 step = 300

 # The following variables can be overridden in each target section
 /^influx_.+/ = influx_location = In the basement
 authtype = CHAP
 mininterval = 1
 password = test-password
 pings = 5
 port = 49
 secret = test-secret
 timeout = 5
 username = test-user # mandatory

 # [...]

 *** Targets ***

 probe = TacacsPlus # if this should be the default probe

 # [...]

 + mytarget
 # probe = TacacsPlus # if the default probe is something else
 host = my.host
 /^influx_.+/ = influx_location = In the basement
 authtype = CHAP
 mininterval = 1
 password = test-password
 pings = 5
 port = 49
 secret = test-secret
 timeout = 5
 username = test-user # mandatory

DESCRIPTION

This probe measures TacacsPlus authentication latency for SmokePing.

The username to be tested is specified in either the probe-specific or the target-specific variable `username', with the target-specific one overriding the probe-specific one.

The password can be specified either (in order of precedence, with the latter overriding the former) in the probe-specific variable `password', in an external file or in the target-specific variable `password'. The location of this file is given in the probe-specific variable `passwordfile'. See Smokeping::probes::passwordchecker(3pm) for the format of this file (summary: colon-separated triplets of the form `<host>:<username>:<password>')

The TacacsPlus protocol requires a shared secret between the server and the client. This secret can be specified either (in order of precedence, with the latter overriding the former) in the probe-specific variable `secret', in an external file or in the target-specific variable `secret'. This external file is located by the probe-specific variable `secretfile', and it should contain whitespace-separated pairs of the form `<host> <secret>'. Comments and blank lines are OK.

The default TacacsPlus authentication type is ASCII. PAP and CHAP are also available. See the Authen::TacacsPlus documentation for more information;

The probe tries to be nice to the server and does not send authentication requests more frequently than once every X seconds, where X is the value of the target-specific "min_interval" variable (1 by default).

VARIABLES

Supported probe-specific variables:

forks

Run this many concurrent processes at maximum

Example value: 5

Default value: 5

offset

If you run many probes concurrently you may want to prevent them from hitting your network all at the same time. Using the probe-specific offset parameter you can change the point in time when each probe will be run. Offset is specified in % of total interval, or alternatively as 'random', and the offset from the 'General' section is used if nothing is specified here. Note that this does NOT influence the rrds itself, it is just a matter of when data acquisition is initiated. (This variable is only applicable if the variable 'concurrentprobes' is set in the 'General' section.)

Example value: 50%

passwordfile

Location of the file containing usernames and passwords.

Example value: /some/place/secret

secretfile

A file containing the TacacsPlus shared secrets for the targets. It should contain whitespace-separated pairs of the form `<host> <secret>'. Comments and blank lines are OK.

Example value: /another/place/secret

step

Duration of the base interval that this probe should use, if different from the one specified in the 'Database' section. Note that the step in the RRD files is fixed when they are originally generated, and if you change the step parameter afterwards, you'll have to delete the old RRD files or somehow convert them. (This variable is only applicable if the variable 'concurrentprobes' is set in the 'General' section.)

Example value: 300

Supported target-specific variables:

/^influx_.+/

This is a tag that will be sent to influxdb and has no impact on the probe measurement. The tag name will be sent without the "influx_" prefix, which will be replaced with "tag_" instead. Tags can be used for filtering.

Example value: influx_location = In the basement

authtype

The TacacsPlus Authentication type:ASCII(default), CHAP, PAP

Example value: CHAP

Default value: ASCII

mininterval

The minimum interval between each authentication request sent, in (possibly fractional) seconds.

Default value: 1

password

The password for the user, if not present in the password file.

Example value: test-password

pings

How many pings should be sent to each target, if different from the global value specified in the Database section. Note that the number of pings in the RRD files is fixed when they are originally generated, and if you change this parameter afterwards, you'll have to delete the old RRD files or somehow convert them.

Example value: 5

port

The TacacsPlus port to be used

Example value: 49

Default value: 49

secret

The TacacsPlus shared secret for the target, if not present in the secrets file.

Example value: test-secret

timeout

Timeout in seconds for the TacacsPlus queries.

Default value: 5

username

The username to be tested.

Example value: test-user

This setting is mandatory.

AUTHORS

Gary Mikula <g2ugzm@hotmail.com>

BUGS

Not as yet....