Linux – How to receive snmp v3 traps without specific enginedID

linuxnet-snmpsnmpsnmpv3

I'm using snmptrapd on linux from net-snmp package. I'm trying to make some perl script to handle snmp traps. I'm already have such script and it works with snmp v1, v2c traps and with snmpv3 traps but only when I specify engineID explicitly both in config and in command sending trap. But when I configure cisco router to send me linkDown trap it uses MAC address with some extra bytes as engineID. And I can see trap arrives on interface in wireshark, but snmptrapd does nothing. Is it possible to configure snmptrapd to accept all traps by authenticated users without specifying engineID?

Here is my snmptrapd.conf

# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
createUser -e 0x0102030405 myuser MD5 mypassword DES myotherpassword
createUser -e 0x0102030405 myuser2 MD5 mypassword DES myotherpassword
createUser -e 0x0102030406 myuser2 MD5 mypassword DES myotherpassword
createUser cisco SHA cisco123 DES cisco123
authUser log,execute myuser
authUser log,execute myuser2
authUser log,execute cisco
authCommunity   log,execute public
perl do "/usr/local/share/snmp/snmptrapdhandler.pl";

I'm using Fedora 21 linux,

$ uname -a
Linux 4.1.13-100.fc21.x86_64 #1 SMP Tue Nov 10 13:13:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

and net-snmp version is net-snmp-5.7.2-23.fc21.x86_64

Best Answer

It took a long time to figure this out to be able to use snmptrapd without needing the engineID. This works with a brand new Cisco Nexus switch (nx-os) and hoping this will help someone else:

format2 %V\n% Agent Address: %A \n Agent Hostname: %B \n Date: %H - %J - %K - %L - %M - %Y \n Enterprise OID: %N \n Trap Type: %W \n Trap Sub-Type: %q \n Community/Infosec Context: %P \n Uptime: %T \n Description: %W \n PDU Attribute/Value Pair Array:\n%v \n -------------- \n

/etc/snmp/snmptrapd.conf:

traphandle default /etc/snmp/send_to_email_script # make sure it is executable
traphandle default /etc/snmp/snmp-traphandle_script # can be any program
doNotLogTraps no
authUser log,execute,net ${snmp_user} # username variable
createUser ${snmp_user} MD5 ${snmp_auth} AES-128 ${snmp_auth}

Example user could be:

# createUser networkmonitor MD5 cisco1234! AES-128 cisco1234!

On cisco switch make sure this user exists with same username/password and priv/auth. Also add snmp host (which is the how you send the trap to snmptrapd):

# snmp-server host ip_address traps version 3 priv networkmonitor

Make sure ip_address is not switch ip, but the snmptrapd receiver's ip

Related Solutions

Solution to route/proxy SNMP Traps (or Netflow, generic UDP, etc) for network monitoring

A co-worker just showed me samplicator. This tool looks to be just about a perfect solution what I was looking for. From the tool's website:

This simple program listens for UDP datagrams on a network port, and sends copies of these datagrams on to a set of destinations. Optionally, it can perform sampling, i.e. rather than forwarding every packet, forward only 1 in N. Another option is that it can "spoof" the IP source address, so that the copies appear to come from the original source, rather than the relay. Currently only supports IPv4.

It can been used to distribute e.g. Netflow packets, SNMP traps (but not informs), or Syslog messages to multiple receivers.

Linux – How to sort du -h output by size

As of GNU coreutils 7.5 released in August 2009, sort allows a -h parameter, which allows numeric suffixes of the kind produced by du -h:

du -hs * | sort -h

If you are using a sort that does not support -h, you can install GNU Coreutils. E.g. on an older Mac OS X:

brew install coreutils
du -hs * | gsort -h

From sort manual:

-h, --human-numeric-sort compare human readable numbers (e.g., 2K 1G)

Best Answer

Related Solutions

Solution to route/proxy SNMP Traps (or Netflow, generic UDP, etc) for network monitoring

Linux – How to sort du -h output by size

Related Topic