Introduction

When you configure a gateway as an SNMP Trap receiver, the device-generated traps are sent to the gateway and processed according to the configuration defined when you created the SNMP trap monitor.

For SNMP v2 traps, the gateway can interpret the Trap OIDs because the message is not encrypted. For SNMPv3 traps, the OIDs are encrypted, and the gateway needs to know the encryption credentials to decode the traps.

Default SNMPv3 Credentials

By default, gateway understands and processes the SNMP v3 Traps if the remote devices use the same credentials pre-defined in the gateway.
If you want to know the list of pre-defined credentials in the gateway, then reach OpsRamp Support Team.

Adding Custom SNMPv3 Credentials

If you prefer not to use the default credentials, you can define your own gateway credentials using Base64 encoding.

Formatting the Custom Credentials

  1. Define your custom SNMP v3 credentials in the following format:
{securityname}###{authProto}###{authPassPhrase}###{privProto}###{privPassphrase}

Example: user6###MD5###abcdef@123###DES###ghijkl@456
  1. If any of the fields mentioned below are empty or not needed, use NONE for the field value:
    • authProto
    • authPassPhrase
    • privProto
    • privPassphrase

Below is the format to be followed in the trap configuration file for SNMP protocols:

Snmp Privacy ProtocolConfiguration format
DESDES
DES3DES3
AESAES
AES128AES-128
AES192AES-192
AES256AES-256
AES192CAES-192-C
AES256CAES-256-C
Snmp Auth ProtocolConfiguration format
SHASHA
SHA224SHA224
SHA256SHA256
SHA384SHA384
SHA512SHA512
MD5MD5

Example:

  • SNMP v3 credentials are AuthPriv then:

    snmpusername###MD5###snmpuserauthstring###DES###snmpprivstring

  • SNMP v3 credentials are AuthNoPriv then:

    snmpusername###MD5###snmpuserauthstring###NONE###NONE

  • SNMP v3 credentials are NoAuthNoPriv then:

    snmpusername###NONE###NONE###NONE###NONE

As another example, a device with the following SNMP v3 credentials:

  • Use the following custom credential format:

    user6###MD5###abcdef@123###DES###ghijkl@456

Username: user6
Auth:  MD5
Authorization password: abcdef@123
Privacy: DES
Privacy password: ghijkl@456

Encoding the Credentials

After formatting the credentials, convert them to Base64 encoding using a tool of your choice.

Example:
Formatted credentials: user6###MD5###abcdef@123###DES###ghijkl@456
Encoded as: dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==.

Configure the Classic Gateway with the Credentials

You can specify multiple SNMP v3 credentials in the gateway configuration file, each on a new line.

  1. Log in to the gateway using the ruser account.
  2. Open the /opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfg file for editing.
  3. Copy and paste the Base64-encoded credentials into the file.
    Note: Refer Adding Custom SNMPv3 Credentials on how to configure SNMP V3 credentials in Base64 encoded format.
  4. Save the file and restart the vprobe service using below command:
    service vprobe restart

Your gateway is now set up to process SNMP v3 traps using the configured credentials.

Configure the NextGen Gateway with the Credentials

Follow these steps to configure SNMP v3 trap credentials in the NextGen gateway:

  1. Create a yaml file and pass the snmp_v3 credentials in a below format.
    snmp_trap_v3_credentials: |-
      
    Example:
    snmp_trap_v3_credentials: |-
      base64EncodedCredkey1
      base64EncodedCredkey2
      base64EncodedCredkey3

2. Update the NextGen gateway helm chart using the following command:
helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version <current_helm_chart_version> -f <YamlFileName> -n <NAMESPACE> --reuse-values



FAQs


  1. Does OpsRamp generate repeat alerts if the same trap (with the same state) is received?

    By default, OpsRamp does not generate repeat alerts for the same trap with the same severity within 30 minutes. There is an option at OpsRamp’s side where you can enhance trap definition to exclude this 30-min logic in case of valid use cases.

  2. When will OpsRamp exclude/drop any trap with no alerts?

    Yes. OpsRamp will exclude/drop traps with no alerts, in 2 cases:

    Case 1 - If the trap is in the OpsRamp Global exclude list, then it will not generate any alert.
    Case 2 - Client-level Exclude: If a customer has a trap monitor created in UI
    (setup → monitoring → SNMP Traps Configuration) to exclude any specific set of trap(s).

  3. How are trap severities mapped in OpsRamp?

    Actual trap severityOpsRamp severity
    Fatal, critical, major, degrade, error, fault, notoperational, shutdown, etc.Critical
    Minor, warning, degradeWarning
    Ok, info, debugOk