差異處
這裏顯示兩個版本的差異處。
下次修改 | 前次修改 | ||
snmp:snmptrap:net-snmp_with_snmpv3trap [2020/08/12 00:04] tony 建立 |
snmp:snmptrap:net-snmp_with_snmpv3trap [2023/06/25 09:48] (目前版本) |
||
---|---|---|---|
行 1: | 行 1: | ||
+ | {{tag>net-snmp snmptrap}} | ||
====== Net-SNMP with SNMPv3 Trap ====== | ====== Net-SNMP with SNMPv3 Trap ====== | ||
+ | ===== Introduction ===== | ||
+ | 記錄在CentOS上設定Net-SNMP能轉發SNMPv3 Trap的方法。 | ||
===== How to? ===== | ===== How to? ===== | ||
+ | 撰寫這篇文章時,CentOS7的Net-SNMP最新版本為5.7.2,並不支援SHA2;CentOS8的Net-SNMP為5.8,支援SHA2,因此以下實驗結果為5.8的版本。其中大部分command來自於reference中,有興趣可以自行查看: | ||
==== /etc/sysconfig/snmptrapd ==== | ==== /etc/sysconfig/snmptrapd ==== | ||
先加debug log: | 先加debug log: | ||
行 21: | 行 25: | ||
authUser log,execute,net NoAuthNoPriv noauth | authUser log,execute,net NoAuthNoPriv noauth | ||
authUser log,execute,net ovirtengine | authUser log,execute,net ovirtengine | ||
+ | |||
+ | forward default 10.146.125.32 | ||
</code> | </code> | ||
+ | Note. 有發現如果opsviewv3設定過SHA,再設定為SHA-224會沒用,要用[[https://blog.xuite.net/aflyfish/blog/86126785-%5B+NetSNMP+%5D+SNMP+v3|snmpusm]]去砍user。 | ||
==== test commands ==== | ==== test commands ==== | ||
<code bash> | <code bash> | ||
snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv3 -a SHA -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv3 -a SHA -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | ||
- | snmptrap -e 0x8000123acd1ab43abbfff000fa -v 3 -u opsviewv4 -a SHA-224 -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 | + | snmptrap -e 0x80001370010a921096 -v 3 -u opsviewv4 -a SHA-224 -A mySecureAuthPassword -x AES -XmySecurePrivPassword -l authPriv localhost 1 0 |
snmptrap -v 3 -n "" -l noAuthNoPriv -u NoAuthNoPriv -e 0x8000000001020606 localhost 0 linkUp.0 | snmptrap -v 3 -n "" -l noAuthNoPriv -u NoAuthNoPriv -e 0x8000000001020606 localhost 0 linkUp.0 | ||
snmptrap -v 3 -n "" -a MD5 -A authpass -l authNoPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | snmptrap -v 3 -n "" -a MD5 -A authpass -l authNoPriv -u ovirtengine -e 0x8000000001020505 localhost 0 linkUp.0 | ||
行 31: | 行 38: | ||
</code> | </code> | ||
結果如下:\\ | 結果如下:\\ | ||
- | {{:snmp:snmptrap:net-snmp_snmptrapv3_result.png|}} | + | {{:snmp:snmptrap:net-snmp_snmptrapv3_result.png|}}\\ |
+ | \\ | ||
+ | 如果要使用更高強度的authPriv像是AES-192或AES-256,必須要自己重編譯net-snmp,可以參考[[https://marc.info/?l=net-snmp-coders&m=152339291016749&w=2|這篇]]。 | ||
===== Reference ===== | ===== Reference ===== | ||
* [[https://www.ovirt.org/develop/release-management/features/infra/engine-snmp3.html|oVirt Engine SNMPv3 Traps]] | * [[https://www.ovirt.org/develop/release-management/features/infra/engine-snmp3.html|oVirt Engine SNMPv3 Traps]] | ||
* [[https://www.opsview.com/resources/how-to/blog/setting-snmpv3-traps|Setting Up SNMPv3 Traps]] | * [[https://www.opsview.com/resources/how-to/blog/setting-snmpv3-traps|Setting Up SNMPv3 Traps]] | ||
* [[http://net-snmp.sourceforge.net/wiki/index.php/Strong_Authentication_or_Encryption|Strong Authentication or Encryption]] | * [[http://net-snmp.sourceforge.net/wiki/index.php/Strong_Authentication_or_Encryption|Strong Authentication or Encryption]] | ||
+ | ===== ===== | ||
+ | ---- | ||
+ | \\ | ||
+ | ~~DISQUS~~ |