差異處
這裏顯示兩個版本的差異處。
|
snmp:snmptrap:net-snmp_with_snmpv3trap [2020/08/12 00:25] tony [/etc/snmp/snmptrapd.conf] |
snmp:snmptrap:net-snmp_with_snmpv3trap [2023/06/25 09:48] |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | {{tag>net-snmp snmptrap}} | ||
| - | ====== Net-SNMP with SNMPv3 Trap ====== | ||
| - | ===== Introduction ===== | ||
| - | 記錄在CentOS上設定Net-SNMP能轉發SNMPv3 Trap的方法。 | ||
| - | ===== How to? ===== | ||
| - | 撰寫這篇文章時,CentOS7的Net-SNMP最新版本為5.7.2,並不支援SHA2;CentOS8的Net-SNMP為5.8,支援SHA2,因此以下實驗結果為5.8的版本。其中大部分command來自於reference中,有興趣可以自行查看: | ||
| - | ==== /etc/sysconfig/snmptrapd ==== | ||
| - | 先加debug log: | ||
| - | <code bash> | ||
| - | OPTIONS="-Lsd -Lf /var/log/snmptrapd.log" | ||
| - | </code> | ||
| - | 之後可以執行以下cmd去看接收trap結果: | ||
| - | <code bash> | ||
| - | tail -f /var/log/snmptrapd.log | ||
| - | </code> | ||
| - | ==== /etc/snmp/snmptrapd.conf ==== | ||
| - | <code bash> | ||
| - | createUser -e 0x8000123acd1ab43abbfff000fa opsviewv3 SHA mySecureAuthPassword AES mySecurePrivPassword | ||
| - | createUser -e 0x80001370010a921096 opsviewv4 SHA-224 mySecureAuthPassword AES mySecurePrivPassword | ||
| - | authUser log,execute,net opsviewv3 | ||
| - | authUser log,execute,net opsviewv4 | ||
| - | createUser -e 0x8000000001020505 ovirtengine MD5 authpass AES privpass | ||
| - | createUser -e 0x8000000001020606 NoAuthNoPriv | ||
| - | authUser log,execute,net NoAuthNoPriv noauth | ||
| - | authUser log,execute,net ovirtengine | ||
| - | |||
| - | forward default 10.146.125.32 | ||
| - | </code> | ||
| - | Note. 有發現如果opsviewv3設定過SHA,再設定為SHA-224會沒用,要用[[https://blog.xuite.net/aflyfish/blog/86126785-%5B+NetSNMP+%5D+SNMP+v3|snmpusm]]去砍user。 | ||
| - | ==== test commands ==== | ||
| - | <code bash> | ||
| - | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv3 -a SHA -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | ||
| - | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv4 -a SHA-224 -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | ||
| - | snmptrap -v 3 -n "" -l noAuthNoPriv -u NoAuthNoPriv -e 0x8000000001020606 localhost 0 linkUp.0 | ||
| - | snmptrap -v 3 -n "" -a MD5 -A authpass -l authNoPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | ||
| - | snmptrap -v 3 -n "" -a MD5 -A authpass -x AES -X privpass -l authPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | ||
| - | </code> | ||
| - | 結果如下:\\ | ||
| - | {{:snmp:snmptrap:net-snmp_snmptrapv3_result.png|}} | ||
| - | ===== Reference ===== | ||
| - | * [[https://www.ovirt.org/develop/release-management/features/infra/engine-snmp3.html|oVirt Engine SNMPv3 Traps]] | ||
| - | * [[https://www.opsview.com/resources/how-to/blog/setting-snmpv3-traps|Setting Up SNMPv3 Traps]] | ||
| - | * [[http://net-snmp.sourceforge.net/wiki/index.php/Strong_Authentication_or_Encryption|Strong Authentication or Encryption]] | ||
| - | ===== ===== | ||
| - | ---- | ||
| - | \\ | ||
| - | ~~DISQUS~~ | ||
