I'm using snmptrapd on linux from net-snmp package. I'm trying to make some perl script to handle snmp traps. I'm already have such script and it works with snmp v1, v2c traps and with snmpv3 traps but only when I specify engineID explicitly both in config and in command sending trap. But when I configure cisco router to send me linkDown trap it uses MAC address with some extra bytes as engineID. And I can see trap arrives on interface in wireshark, but snmptrapd does nothing. Is it possible to configure snmptrapd to accept all traps by authenticated users without specifying engineID?
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
createUser -e 0x0102030405 myuser MD5 mypassword DES myotherpassword
createUser -e 0x0102030405 myuser2 MD5 mypassword DES myotherpassword
createUser -e 0x0102030406 myuser2 MD5 mypassword DES myotherpassword
createUser cisco SHA cisco123 DES cisco123
authUser log,execute myuser
authUser log,execute myuser2
authUser log,execute cisco
authCommunity log,execute public
perl do "/usr/local/share/snmp/snmptrapdhandler.pl";
Best Answer
You cannot be authenticated as user for receiving traps if you don't specify the engineID.
See http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications