Hi
Apologies if this has been asked for; a quick search through the mailing list
archive didn't find it.
I've installed net-snmp-5.7.3-4.2.x86_64 on my SLES 12 SP1 system. Because
security is important, I've read up on and (I hope) correctly configured
net-snmp to use SNMPv3 with User-based Security Model. I can't use the
certificate-bases security model because my Cisco Nexus 9000 switches don't
support this (I believe)
Here are my two configuration files:
# cat /etc/snmp/snmp.conf
###########################################################################
#
# snmp.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
# SECTION: Default Authentication Options
#
# This section defines the default authentication
# information. Setting these up properly in your
# ~/.snmp/snmp.conf file will greatly reduce the amount of
# command line arguments you need to type (especially for snmpv3).
# defversion: The default snmp version number to use.
# override: with -v on the command line.
# arguments: 1|2c|3
defversion 3
# defsecurityname: The default snmpv3 security name to use when using snmpv3
# override: with -u on the command line.
# arguments: securityname
defsecurityname alerts
# defsecuritylevel: The default snmpv3 security level to use
# override: with -l on the command line.
# arguments: noAuthNoPriv|authNoPriv|authPriv
defsecuritylevel authPriv
# defauthtype: The default snmpv3 authentication type name to use
# override: with -a on the command line.
# arguments: authtype
defauthtype SHA
# defauthpassphrase: The default snmpv3 authentication pass phrase to use
# Note: It must be at least 8 characters long.
# override: with -A on the command line.
# arguments: passphrase
defauthpassphrase sha-passphrase
# defprivtype: The default snmpv3 privacy (encryption) type name to use
# override: with -x on the command line.
# arguments: privtype
defprivtype AES
# defprivpassphrase: The default snmpv3 privacy pass phrase to use
# Note: It must be at least 8 characters long.
# override: with -X on the command line.
# arguments: passphrase
defprivpassphrase aes-passphrase
#
# cat /etc/snmp/snmptrapd.conf
###########################################################################
#
# snmptrapd.conf
#
# - created by the snmpconf configuration program
#
###########################################################################
# SECTION: Output formatting for traps received.
#
# Output from snmptrapd is formatted according to the
# rules defined by the formatting configuration directives.
# format2: How SNMPv2 and SNMPv3 traps are formatted.
# See the snmptrapd.conf manual page for format string details.
# arguments: formatstring
format2 FORMAT
# The syntax below, while not documented, works around a SNMP bug
#logOption f /var/log/snmptrapd.log
[snmp] logOption f /var/log/snmptrapd.log
###########################################################################
# SECTION: Logging options
#
# Logging options
# donotlogtraps: Prevent traps from being logged
# Useful when you only want to use traphandles
# arguments: (1|yes|true|0|no|false)
# donotlogtraps yes
donotlogtraps no
###########################################################################
# SECTION: Trap Handlers
#
# Here we define what programs are run when a trap is
# received by the trap receiver.
# traphandle: When traps are received, a program can be run.
# When traps are received, the list of configured trap
# handles is consulted and any configured program is run.
# If no handler is found, any handler with "default" as the
# traphandle type is run instead. The information contained
# in trap is passed to the program via standard input (see
# the snmptrapd.conf manual page for details).
#
# arguments: oid|"default" program args
authUser log,execute alerts
# This embedded passphrases must be replaced with something secure
createUser -e 0x800000090300059B27CF00 alerts SHA sha-passphrase AES
aes-passphrase
traphandle default "/usr/bin/perl /usr/bin/traptoemail" "-f root@XXXXXX -s
XXXXXXXX uu...@uu.uuu"
#disableAuthorization yes
ledmf081:~ #
Eventually, I'll want to send traps via email. For now, I'm just trying to see
the traps written to a file.
When I execute the test command:
snmptrap -e 0x800000090300059B27CF00 -v 3 -u alerts -a SHA -A sha-passphrase -x
AES -X aes-passphrase localhost 0 coldStart
The only output I see written to /var/log/snmptrapd.log is:
FORMAT
Every time I repeat my test command, 'FORMAT' gets written to
/var/log/snmptrapd.log.
So, I'm guessing I have some kind of format error. But my configuration files
and test command syntax seem to follow what I see in the Net-SNMP wiki (and
other) pages.
I'd value any thoughts/suggestions.
Thanks!
tl
Terry Lemons
[DellEMC_Logo_Hz_Blue_rgb_10percent] | Core Technologies Division
171 South Street, MS 1/C-6
Hopkinton MA 01748
774 803 2892
terry.lem...@dell.com<mailto:terry.lem...@dell.com>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
