>>>>> On Thu, 2 Sep 2010 10:57:47 -0400, Tim Spires <[email protected]> said:
TS> My hope was by calling snmptrap with the -u options for the security name TS> and perhaps the -l option TS> for security level that snmptrap would use my local USM config tables to TS> extract the security credentials and send TS> the trap PDU out to the host. Nope, snmptrap expects full command line options. However, if you have a running configured agent that is sending the traps you might try our newer "agentxtrap" that actually sends trap *through* the agent and thus will send traps to all your configured notification receivers using whatever protocols the agent was configured with. You'll need a 5.6 pre-release to try this though as it's a brand new (and really cool in my opinion) tool. TS> /usr/sbin/snmptrap -v 3 -u default-SHA-DES -l authPriv -a SHA -A TS> "password" -x DES -X "password" 147.139.4.133:162 "" TS> 1.3.6.1.4.1.1556.16.16.0.1 1.3.6.1.4.1.1556.16.16.2.0 i 1234 TS> Problem is that I dont have access to the credential data via the script, TS> its inside the USM tables inside the snmpd agent. You could always pull the data out of /var/net-snmp/snmpd.conf which is the persistent storage location for the agent's data. But the format of the lines aren't really documented and are mostly in hexadecimal so you'll need to do some digging. TS> Our desire is for the users to configure our agents USM with a TS> secname and credentials to be used for sending secure traps to their TS> monitoring station, and then for the agent to use those credential TS> when sending out traps to targets that have SNMPv3 specified for the TS> snmpTargetParamsMPModel and USM specified for the TS> snmpTargetParamsSecurityModel in the snmpTargetParamsTable. That's a good plan, but my first question would be "why are you sending traps via the snmptrap CLI?" IE, if you're invoking snmptrap from within the agent there are better APIs for sending traps directly within the agent. If you're doing it from cron scirpts or other things, then I'd definitely think about looking into the agentxtrap application mentioned above. TS> What I am trying to avoid is having an enterprise specific table TS> that the user configures with credential very much like the USM TS> table. Seems I should be able to use what already exists. I agree... you shouldn't need anything new. -- Wes Hardaker Please mail all replies to [email protected] ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
