Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Traps: Allow Traps v2 and V3

https://support.nagios.com/forum/viewtopic.php?t=58309

Page 1 of 1

Traps: Allow Traps v2 and V3

Posted: Fri Apr 24, 2020 7:36 am
by FCC_Nagios_Support
Hello,

Is possible to permit incomming V3 Traps and V2 Traps at the same time and with a configuration that allows both?

Many Thanks in advance.
KR
Fernando MiƱa Encinas

Re: Traps: Allow Traps v2 and V3

Posted: Fri Apr 24, 2020 11:25 am
by ssax
Yes, the should both work in the same config but you need to keep this in your /etc/snmp/snmptrapd.conf:

Code: Select all

disableAuthorization yes

Re: Traps: Allow Traps v2 and V3

Posted: Sat Apr 25, 2020 4:53 am
by FCC_Nagios_Support
Many thanks. RUNS!

Re: Traps: Allow Traps v2 and V3

Posted: Sun Apr 26, 2020 12:26 am
by FCC_Nagios_Support
Hello Again!

I am absolute beginner in Snmp V3. I have been testing in my laboratory and I would like to know if engineID is mandatory. I tried and seems yes. What I tested was adding several bind lines in this way:

disableAuthorization yes
createUser -e 0x0102030405 user_one
authUser log,execute user_one noauth
createUser -e 0x0102030406 user_two
authUser log,execute user_one noauth
traphandle default /usr/sbin/snmptthandler


And match "engineID user" with each the trap. Is it OK? Runs!
I have to manage Traps comming from HP Tape Libraries. The engineID is unique word identifier for each device? or there is one for manufacturer or family?


Many Thanks in advance.
KR.

Re: Traps: Allow Traps v2 and V3

Posted: Mon Apr 27, 2020 1:09 pm
by ssax
It will be unique to the device (or agent that sends it).
SNMPv3 mandates that the message is rejected unless the SNMPv3 user sending the trap already exists in the user database. Sounds simple enough, right? Except for one small problem: the user database in a SNMPv3 application is actually referenced by a combination of the user's name (called a "security Name") and an identifier for the given SNMP application you're talking to (called an "engineID"). Normally when you use the rest of the SNMP applications (snmpget, snmpwalk, ...) the application "discovers" the remote engineID for you and then inserts the username, engineID and passwords into the user database based on this remote engineID. Makes things all nice and simple when talking to a remote agent.
Taken from here:

Code: Select all

http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited