Snmptrap
Jump to navigation
Jump to search
/tmp/snmptrapd.conf
createUser -e 0x8000000001020304 traptest SHA mypassword AES mypassword authuser log traptest
snmptrapd -f -C -c /tmp/snmptrapd.conf -Le
/etc/snmp/snmptrad.conf
authCommunity log,execute,net public authuser log monitor_ro [snmp] logOption f /var/log/snmptrap/all_snmptrap.log perl do "/usr/local/bin/zabbix_trap_receiver.pl"; # an example of a parser not v3
snmptrap -v 3 -n "" -a SHA -A mypassword -x AES -X mypassword -l authPriv -u traptest -e 0x8000000001020304 127.0.0.1 0 iso.3.6.1.6.3.1.1.5.2 snmptrap -v 2c -c "public" 127.0.0.1 0 1.3.6.1.4.1.2.3 1.3.6.1.6.1.4.1.2.3.1.1.1.1.1 s "This is a Test"
You must use engineids
https://networkengineering.stackexchange.com/questions/32310/how-to-receive-snmp-v3-traps-without-specific-enginedid You cannot be authenticated as user for receiving traps if you don't specify the engineID. See http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications
Get engineid for -e option 0x8000000001020304
tshark -V -i eth0 -f "host 10.x.x.x" -d tcp.port==162,snmp | grep -i msgAuthoritativeEngineID
Get via snmp poll
auth_secret=<mysecret>
data_secret=<mysecret>
ip_file="ips.txt"
# md5/des alt
for ipv4 in $(cat ${ip_file}); do
snmp_engineid=$(snmpwalk -v 3 -u monitor_ro -l authPriv -A ${auth_secret} -a sha -x aes -X ${data_secret} ${ipv4} 1.3.6.1.6.3.10.2.1.1.0 | awk -F: '{print tolower($2)}' | tr -d "[:blank:]")
echo "${ipv4}|${snmp_engineid}"
echo "createUser -e ${snmp_engineid} monitor_ro SHA \"${auth_secret}\" AES \"${data_secret}\" # ${ipv4}" >> add_to_snmptrapd.conf.out
done