Bulk Update SNMP v3 Settings for Devices in LibreNMS

With support for DES being dropped, you may be faced with having to upgrade device settings to AES. In this post we’ll explore changing the settings in LibreNMS for all Mikrotik devices and then touch on making changes to a group of Mikrotik devices.

Upgrading SNMP Settings for Devices in LibreNMS

In LibreNMS, we can go to Device -> Device Settings (Gear on the right hand side) -> SNMP, to set the SNMP settings for that device.

Since this would get rather boring to change on multiple devices, and these settings are all in a MySQL database, we can skip using the mouse and use a few MySQL commands to update multiple devices at once.

Log into the LibreNMS server over ssh and then connect to the MySQL database

mysql -u librenms -p librenms

First we can get a list of all the devices (Mikrotik routers in this example) and show the hostname with the SNMP authentication and cryptography algorithms.

select hostname,authalgo,cryptoalgo from devices where os="routeros";

Now if we want to update the cryptography settings for all of our Mikorotik devices, we can do the following.

update devices cryptoalgo set cryptoalgo="AES"  where os="routeros";

This will set all of the devices to use AES for the cryptography algorithm.

We can also change the authentication algorithm to SHA with this

update devices authalgo set authalgo="SHA"  where os="routeros";
LibreNMS update device SNMP settings

Bulk updating of Network Devices

The bottom “script” can be used for changing SNMP settings on multiple Mikrotik devices.

Create a mikrotik.lst file with all the IP addresses of all the devices you need to update. Can you use the above MySQL commands to get a list from LibreNMS.

Change the following options in the script

  • routerpassword to the Mikrotik password
  • admin to your username
  • encryptionpassword to your SNMP encryption password
  • authpassword to your authentication password
  • addresses= to the list of IP addresses that should be able to access SNMP info on the mikrotik device. AKA your LibreNMS server.
  • SNMPname to your SNMP username
for ip in `cat mikrotik.lst` 
echo $ip 
timeout 15 sshpass -p 'routerpassword' ssh -o StrictHostKeyChecking=no admin@${ip} -p1022 '/snmp community set addresses= authentication-protocol=SHA1 authentication-password=authpassword encryption-protocol=AES encryption-password=encryptionpassword security=private read-access=yes write-access=no SNMPname'

Copy and paste the above “code” in a shell script file.

nano mikrotik.sh
chmod +x mikrotik.sh 

The script should run and update all the SNMP settings on all the devices in mikrotik.lst

Invalid privacy protocol specified after -3x flag: DES

With REHL 9 and AlmaLinux 9 and presumably other RedHat derivative, DES is no longer available for net-snmp communication. DES or Data Encryption Standard is an old encryption standard and has been superseded by AES.

So when you try running snmpwalk with “-x DES” option, you get the following error

Invalid privacy protocol specified after -3x flag: DES

  Version:  5.9.1

To fix the issue, you’ll need to upgrade your devices to AES.



Installing Basic Linux tools on AlmaLinux 9 (tar, wget, htop)

The local team wizard Mark, ran into some issues while trying to setup a system with AlmaLinux 9. Tar wasn’t installed! What?! No worries. We can solve this by just installing tar with dnf. While we are at it, lets install some other helpful utilities.

sudo dnf install -y tar wget htop

Tada! We are back in business.

CentOS – This system is not registered with an entitlement server. You can use subscription-manager to register.

If you are getting the following response when trying to use the yum or dnf command,

This system is not registered with an entitlement server. You can use subscription-manager to register.

Try editing the subscription-manager.conf file, and disable it by changing enable=1 to enable=0

sudo nano /etc/yum/pluginconf.d/subscription-manager.conf

After you may run

yum clean

That should take care of the problem.



Find UniFi Network Cloud Inform URL

What is the format for the UniFi Network Cloud inform URL?

The format for the UniFi inform URL should be similar to the following


Now Where is the UniFi Cloud Inform Link?

The inform URL is supposed to be on the cloud console page. However, it appears that it doesn’t show the link if you are not Owner.

Web Development Tools to the rescue!

On the UniFi console page, click on “About this Console”

Open up the Web Tools, Click on the Network tab, make sure that you have the Domain column enabled.

Refresh the page.

Look for the Domain that matches the UniFi Cloud URL format.

Example: a38927b1-23aa-e95d-94b4-8394abce9302.unifi-hosting.ui.com

You can confirm this is the correct URL by browsing to it directly. It should redirect to your cloud instance.

Extra tip: If you are migrating from a UniFi Console (CloudKey, UDM, DreamMachine) to UniFi Cloud, you can restore a backup of your CloudKey (Or other console) and then use the Host Inform Override option (from CloudKey) to tell all the devices on the network to connect to the cloud instance. May need to reboot or force provision.


Enable or Install Group Policy Editor on Windows 10/11 Home

Normally you can’t run the Group Policy Editor on Windows Home editions. But there is a way to enable it.

First, open up a Command Prompt (Not Terminal) as Administrator

Open Command Prompt as Administrator

Now copy and paste each of the commands.

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")
FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

Now we can launch Group Policy Editor by typing in the following

Group Policy Editor on Windows Home

More details can be found at the following sites



Disable Telemetry on Windows 10/11

If you are on Windows Home, you will need to enable the Group Policy Editor
Enable Group Policy Editor on Windows 10 or 11

Open up gpedit.msc

Computer Configuration -> Windows Components -> Data Collection and Preview Builds -> Allow Diagnostic Data

Windows Group Policy Editor – Disable Telemetry

Double click on Allow Diagnostic Data to bring up the window. Set it to Enabled, and then under Options, set Diagnostic data off

Hit Apply and your good to go.

Peertube – Change Video Settings/Channels from Command Line

Since Peertube uses a Postgres database, we can log in and manually do bulk changes to videos. Things like updating a channel ID, Category, or Privacy can all be easily changed and it is easy to do bulk changes.

Access the Database

Login as the peertube user via ssh

ssh peertube@peertube-ip

Connect to postgres

psql peertube_prod

View videos

select * from video;

There is a bit much information, lets clean it up a bit

select name,category,id,"channelId" from video;

View all the channels. The id field is the channelId that is used in the above video table.

select id,name from "videoChannel";

Change video channel

update video set "channelId" = 100 where id = 123;

Replace 100 with the actual channelId and 123 with the id of the video. Can use the above commands to find that info.

Change Privacy Settings

The privacy settings are what determine if a video is Public, Private etc.

The following command can update the privacy setting for a video

update video set privacy = 3 where id = 101;

There are 4 privacy settings. Change 3 to one of the following.

1 = Public
2 = Unlisted
3 = Private
4 = Internal

Change 101 to the video id you want to change.

You can change the privacy settings for all videos in a channel with something like the following

update video set privacy = 4 where "channelId" = 100;

What is 802.11R (Fast Roaming, Fast Transition, FT PSK)

Fast BSS Transition is a method for a device to seamlessly move between Basic Service Set (BSS) AKA a Wireless AP’s, inside of an Extended Service Set (ESS) AKA, WLAN deployment.

This can help prevent Voip calls from dropping while someone is walking across campus or between buildings.

FT PSK is a Password option for Cisco equipment.

Some more resources for learning more.


