问题
When I want to create a SNMPv3 user on the NMS, there need to input an engine ID which is an identifier string from SNMP Agent server for each user, so I input an casual id. For example:
createUser -e "0x80001370017f000101" "mytrapuser1" SHA "user1authpass" AES "user1encypass"
authUser log,execute,net mytrapuser1
And I can successfully send the trap from Agent server to NMS using below command:
snmptrap -v 3 -a SHA -A user1authpass -x AES -X user1encypass -l authPriv -u mytrapuser1 -e 0x80001370017f000101 {NMS-server-ip} 39 12.0.4.0
Now, everything looks ok.
But when I want to use java SNMP4j to send trap with the created user mytrapuser1 on Agent server, I don't know how to specify the request's engine id as 0x80001370017f000101, that caused the trap is sent failed on agent or the requested engine ID cannot be matched on the NMS.
My Questions:
1. Should I set a specified engine ID for SNMP4j to send a trap?
2. If #1 is not, how can I get an Agent server's engine id in advance, then I can use it to create user on NMS server?
3. If there are anything I understand wrong or use mistakes?
Is there anyone could help me, thanks very much.
回答1:
Okay so lets see.
How I've seen it setup is the following:
The application creates an engine ID that it uses to send out traps. This engine ID corresponds with the application, and can be used as an identifier for your application.
So to answer question #1, I believe you should indeed set a specific engine id. Which also answers question #2.
As for the workflow I believe it to be like this:
- Your application is given an engine id.
- The NMS creates a user with the engine id that you have defined in your application.
- I would suggest making the engine id configurable, so that it can be changed easily without having to recompile the whole project.
- Your application send a trap to the NMS, which will verify that the authentication, encryption and engine id match the user on the NMS.
- The trap is processed on the NMS
来源:https://stackoverflow.com/questions/53077818/how-to-set-a-specified-engine-id-for-snmp4j-to-send-v3-trap