差異處
這裏顯示兩個版本的差異處。
snmp:snmptrap:net-snmp_with_snmpv3trap [2020/08/12 00:24] tony [/etc/snmp/snmptrapd.conf] |
snmp:snmptrap:net-snmp_with_snmpv3trap [2023/06/25 09:48] |
||
---|---|---|---|
行 1: | 行 1: | ||
- | {{tag>net-snmp snmptrap}} | ||
- | ====== Net-SNMP with SNMPv3 Trap ====== | ||
- | ===== Introduction ===== | ||
- | 記錄在CentOS上設定Net-SNMP能轉發SNMPv3 Trap的方法。 | ||
- | ===== How to? ===== | ||
- | 撰寫這篇文章時,CentOS7的Net-SNMP最新版本為5.7.2,並不支援SHA2;CentOS8的Net-SNMP為5.8,支援SHA2,因此以下實驗結果為5.8的版本。其中大部分command來自於reference中,有興趣可以自行查看: | ||
- | ==== /etc/sysconfig/snmptrapd ==== | ||
- | 先加debug log: | ||
- | <code bash> | ||
- | OPTIONS="-Lsd -Lf /var/log/snmptrapd.log" | ||
- | </code> | ||
- | 之後可以執行以下cmd去看接收trap結果: | ||
- | <code bash> | ||
- | tail -f /var/log/snmptrapd.log | ||
- | </code> | ||
- | ==== /etc/snmp/snmptrapd.conf ==== | ||
- | <code bash> | ||
- | createUser -e 0x8000123acd1ab43abbfff000fa opsviewv3 SHA mySecureAuthPassword AES mySecurePrivPassword | ||
- | createUser -e 0x80001370010a921096 opsviewv4 SHA-224 mySecureAuthPassword AES mySecurePrivPassword | ||
- | authUser log,execute,net opsviewv3 | ||
- | authUser log,execute,net opsviewv4 | ||
- | createUser -e 0x8000000001020505 ovirtengine MD5 authpass AES privpass | ||
- | createUser -e 0x8000000001020606 NoAuthNoPriv | ||
- | authUser log,execute,net NoAuthNoPriv noauth | ||
- | authUser log,execute,net ovirtengine | ||
- | |||
- | forward default 10.146.125.32 | ||
- | </code> | ||
- | Note. 有發現如果opsviewv3設定過SHA,再設定為SHA-224會沒用,要用[[https://manned.org/snmpusm/d5f1f00e|snmpusm]]去砍user。 | ||
- | ==== test commands ==== | ||
- | <code bash> | ||
- | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv3 -a SHA -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | ||
- | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv4 -a SHA-224 -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | ||
- | snmptrap -v 3 -n "" -l noAuthNoPriv -u NoAuthNoPriv -e 0x8000000001020606 localhost 0 linkUp.0 | ||
- | snmptrap -v 3 -n "" -a MD5 -A authpass -l authNoPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | ||
- | snmptrap -v 3 -n "" -a MD5 -A authpass -x AES -X privpass -l authPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | ||
- | </code> | ||
- | 結果如下:\\ | ||
- | {{:snmp:snmptrap:net-snmp_snmptrapv3_result.png|}} | ||
- | ===== Reference ===== | ||
- | * [[https://www.ovirt.org/develop/release-management/features/infra/engine-snmp3.html|oVirt Engine SNMPv3 Traps]] | ||
- | * [[https://www.opsview.com/resources/how-to/blog/setting-snmpv3-traps|Setting Up SNMPv3 Traps]] | ||
- | * [[http://net-snmp.sourceforge.net/wiki/index.php/Strong_Authentication_or_Encryption|Strong Authentication or Encryption]] | ||
- | ===== ===== | ||
- | ---- | ||
- | \\ | ||
- | ~~DISQUS~~ |