IBM Support

SNMP Probe : Setting up your probe to receive SNMP v3 notifications

Technical Blog Post


Abstract

SNMP Probe : Setting up your probe to receive SNMP v3 notifications

Body

SNMPv3 introduces authentication and privacy options which requires additional steps to setup on both the trap sender (device) and receiver (Probe). This entry covers the steps to setup your SNMP Probe.

The probe must be configured to register the specific users credential, authentication type (MD5/SHA/SHA256 or none) and privacy encryptions type ( DES/AES, or none.). So you will have to refer to your device documentation to get these information from your device.

Example device configuration:
user user1 {
- authentication-md5 { authentication-password tr4psMD5;}
- privacy-des { privacy-password tr4psDES;}
}

Steps to setup the probe shown below:

Setting up the Probe

  1. Configuration files.
    1. Setup the ConfPath, PersistentDir and snmpv3ONLY properties in your mttrapd.props file.
      ConfPath : '$OMNIHOME/var/snmpv3'
      PersistentDir : '$OMNIHOME/var/'
      snmpv3ONLY : 1
    2. If exists, backup the non-persistent configuration file
      mv $OMNIHOME/var/snmpv3/mttrapd.conf $OMNIHOME/var/snmpv3/mttrapd.conf.bak
    3. Backup the persistent configuration file.
      mv $OMNIHOME/var/mttrapd.conf $OMNIHOME/var/mttrapd.conf.bak
  2. Probe Properties
    1. You will need to setup the ReuseEngineBoots  and UsmUserBase according to your requirement. I am using default ( UsmUserBase : 2 and UsmUserBase :1 ). This defines the start-up behavior of the probe when reading the configuration files above. Refer to "Defining the Startup Behavior section" in the Probe reference guide, SNMP v3 Support section for more info.
  3. Add users into the non-persistent configuration file using the automatic detection facility
    1. Edit the $OMNIHOME/var/snmpv3/mttrapd.conf
    2. Using the user info that you collected from the EX device , you will then need to add the users using the following command: createUser -e engineId username authtype password privtype privpassword

      For example :  For user1 above
      createUser -e <engineID> user1 MD5 authPassword DES privPassword
      where <engineID> is the engine ID of the device.

      For testing purpose, I use the command below with engineID= 0x0102030405  
      createUser -e 0x0102030405 user1 MD5 tr4psMD5 DES tr4psDES
       
    3. Save the $OMNIHOME/var/snmpv3/mttrapd.conf file.
      Note : You will need to add all users that you wish the probe to listen if a SNMPv3 trap is sent by the user.
  4. Download NcKL. I recommend you to use Netcool Knowledge Library 4.1 (NcKL) rules file as it has a set of rules for Juniper MIBs. Edit the snmptrap.rules, search for the vendor name (eg: ibm, cisco,juniper) , and enable the rules by uncommenting the $include lines.
  5. Set the rulesfile property in mttrapd.props to the snmptrap.rules file from NcKL.
  6. (OPTIONAL) Enable the probe to capture the traps received in a Raw Capture file. To do this set the RawCapture property to 1 . You can replay the RawCapture file using a Standard Input probe for debugging later.
  7. Start the Probe


Sending Traps using Net SNMP

  1. Send the trap with the above same user credentials. I use the Net SNMP probe to send a coldStart trap to verify.
    snmptrap -e 0x0102030405 -v3 -u user1 -a MD5 -A tr4psMD5 -x DES -X tr4psDES -l authPriv <targethost>:<port> "" .1.3.6.1.6.3.1.1.5.1


You should see the SNMP trap being processed . Voila !

2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] ReqId:     1239411021
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] securityLevel:     authPriv
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] contextEngineID:   0x800007e5806cd1512852b3ea14
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] contextName:
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] securityEngineID:  0x0102030405
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] securityName:      user1
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] IPaddress: 9.180.209.45
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] PeerIPaddress:     9.180.209.45
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] ReceivedPort:      3100
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] ReceivedTime:      1387522580
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] Protocol:  UDP
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] SNMP_Version:      3
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] UpTime:    283509752
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] Uptime:    19:31:37.52
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] .1.3.6.1.2.1.1.3.0:        (283509752) 32 days, 19:31:37.52
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] notify:    .1.3.6.1.6.3.1.1.5.1
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] .1.3.6.1.6.3.1.1.4.1.0:    .1.3.6.1.6.3.1.1.5.1
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] EventCount:        1
2013-12-20T06:56:20: Debug: D-UNK-000-000: [Event Processor] Processing alert {0 remaining}


References : http://publib.boulder.ibm.com/infocenter/tivihelp/v8r1/topic/com.ibm.netcool_OMNIbus.doc/probes/snmp/snmp/wip/reference/snmp_support_v3_r.html
 

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]

UID

ibm11082157

Page Feedback