Introduction
When you configure a gateway as an SNMP Trap receiver, the device-generated traps are sent to the gateway and processed according to the configuration defined when you created the SNMP trap monitor.
For SNMP v2 traps, the gateway can interpret the Trap OIDs because the message is not encrypted. For SNMPv3 traps, the OIDs are encrypted, and the gateway needs to know the encryption credentials to decode the traps.
Default SNMPv3 Credentials
By default, gateway understands and processes the SNMP v3 Traps if the remote devices use the same credentials pre-defined in the gateway.
If you want to know the list of pre-defined credentials in the gateway, then reach OpsRamp Support Team.
Adding Custom SNMPv3 Credentials
If you prefer not to use the default credentials, you can define your own gateway credentials using Base64 encoding.
Formatting the Custom Credentials
- Define your custom SNMP v3 credentials in the following format:
{securityname}###{authProto}###{authPassPhrase}###{privProto}###{privPassphrase}
Example: user6###MD5###abcdef@123###DES###ghijkl@456
- If any of the fields mentioned below are empty or not needed, use
NONE
for the field value:- authProto
- authPassPhrase
- privProto
- privPassphrase
Below is the format to be followed in the trap configuration file for SNMP protocols:
Snmp Privacy Protocol | Configuration format |
---|---|
DES | DES |
DES3 | DES3 |
AES | AES |
AES128 | AES-128 |
AES192 | AES-192 |
AES256 | AES-256 |
AES192C | AES-192-C |
AES256C | AES-256-C |
Snmp Auth Protocol | Configuration format |
---|---|
SHA | SHA |
SHA224 | SHA224 |
SHA256 | SHA256 |
SHA384 | SHA384 |
SHA512 | SHA512 |
MD5 | MD5 |
Example:
SNMP v3 credentials are AuthPriv then:
snmpusername###MD5###snmpuserauthstring###DES###snmpprivstring
SNMP v3 credentials are AuthNoPriv then:
snmpusername###MD5###snmpuserauthstring###NONE###NONE
SNMP v3 credentials are NoAuthNoPriv then:
snmpusername###NONE###NONE###NONE###NONE
As another example, a device with the following SNMP v3 credentials:
Use the following custom credential format:
user6###MD5###abcdef@123###DES###ghijkl@456
Username: user6
Auth: MD5
Authorization password: abcdef@123
Privacy: DES
Privacy password: ghijkl@456
Encoding the Credentials
After formatting the credentials, convert them to Base64 encoding using a tool of your choice.
Example:
Formatted credentials: user6###MD5###abcdef@123###DES###ghijkl@456
Encoded as: dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==
.
Configure the Classic Gateway with the Credentials
You can specify multiple SNMP v3 credentials in the gateway configuration file, each on a new line.
- Log in to the gateway using the
ruser
account. - Open the
/opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfg
file for editing. - Copy and paste the Base64-encoded credentials into the file.
Note: Refer Adding Custom SNMPv3 Credentials on how to configure SNMP V3 credentials in Base64 encoded format. - Save the file and restart the vprobe service using below command:
service vprobe restart
Your gateway is now set up to process SNMP v3 traps using the configured credentials.
Configure the NextGen Gateway with the Credentials
Follow these steps to configure SNMP v3 trap credentials in the NextGen gateway:
- Create a yaml file and pass the
snmp_v3
credentials in a below format.
Example:snmp_trap_v3_credentials: |-
snmp_trap_v3_credentials: |- base64EncodedCredkey1 base64EncodedCredkey2 base64EncodedCredkey3
Note
Ensure that there are two spaces under the “snmp_trap_v3_credentials” and then pass the keys after those spaces, as the spaces are necessary for YAML indentation.helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version <current_helm_chart_version> -f <YamlFileName> -n <NAMESPACE> --reuse-values
FAQs
Does OpsRamp generate repeat alerts if the same trap (with the same state) is received?
By default, OpsRamp does not generate repeat alerts for the same trap with the same severity within 30 minutes. There is an option at OpsRamp’s side where you can enhance trap definition to exclude this 30-min logic in case of valid use cases.
When will OpsRamp exclude/drop any trap with no alerts?
Yes. OpsRamp will exclude/drop traps with no alerts, in 2 cases:
Case 1 - If the trap is in the OpsRamp Global exclude list, then it will not generate any alert.
Case 2 - Client-level Exclude: If a customer has a trap monitor created in UI
(setup → monitoring → SNMP Traps Configuration) to exclude any specific set of trap(s).How are trap severities mapped in OpsRamp?
Actual trap severity OpsRamp severity Fatal, critical, major, degrade, error, fault, notoperational, shutdown, etc. Critical Minor, warning, degrade Warning Ok, info, debug Ok