Difference between revisions of "Snmptrap"

/tmp/snmptrapd.conf

createUser -e 0x8000000001020304 traptest SHA mypassword AES mypassword
authuser log traptest

snmptrapd -f -C -c /tmp/snmptrapd.conf -Le

snmptrap -v 3 -n "" -a SHA -A mypassword -x AES -X mypassword -l authPriv -u traptest -e 0x8000000001020304 127.0.0.1 0 iso.3.6.1.6.3.1.1.5.2

You must use engineids

https://networkengineering.stackexchange.com/questions/32310/how-to-receive-snmp-v3-traps-without-specific-enginedid
You cannot be authenticated as user for receiving traps if you don't specify the engineID.
See http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications

Get engineid for -e option 0x8000000001020304

tshark -V -i eth0 -f "host 10.x.x.x" -d tcp.port==162,snmp | grep -i msgAuthoritativeEngineID

Get via snmp poll

auth_secret=<mysecret>
data_secret=<mysecret>
ip_file="ips.txt"
# md5/des alt

for ipv4 in $(cat ${ip_file}); do
  snmp_engineid=$(snmpwalk -v 3 -u monitor_ro -l authPriv -A ${auth_secret} -a sha -x aes -X ${data_secret} ${ipv4} 1.3.6.1.6.3.10.2.1.1.0 | awk -F: '{print tolower($2)}' | tr -d "[:blank:]")
  echo "${ipv4}|${snmp_engineid}"
  echo "createUser -e ${snmp_engineid} monitor_ro SHA \"${auth_secret}\" AES \"${data_secret}\" # ${ipv4}" >> add_to_snmptrapd.conf.out
done