Greetings,
Our trap sink parameters are modified per 2 MIB entries, one for the IP address
and one for the port.
We would like to set the trap sink programmatically on powerup and when we
receive an snmp request.
On powerup and every time we receive a request to change the trap sink IP
address or port, we parse the snmpd.conf file to get the username,
authentication and privacy protocols and passwords. Our snmpd.conf file looks
like this:
# setup authorization
CreateUser myUserName SHA "myAuthenticationPassword" AES " myPrivacyPassword "
rwuser myUserName authPriv
# include Agentx setup
master agentx
authtrapenable 1
And our code to set the trap session on power up, is written in C++ and is as
follows:
bool TrapSession::createSnmpV3TrapSession()
{
std::stringstream connectingString;
netsnmp_session session, *sesp;
memset(&session, 0, sizeof(netsnmp_session));
snmp_sess_init (&session); // Set up defaults
session.version = SNMP_VERSION_3;
// Peer name
std::stringstream connectionString;
connectionString << "udp6:[" << ipV6AddressAsString << "]:" << sinkPort;
session.peername = strdup(connectionString.str().c_str());
// set the SNMPV3 user name
session.securityName = strdup( userName.c_str());
session.securityNameLen = strlen(userName.c_str());
// Security
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
session.securityModel = SNMP_SEC_MODEL_USM;
// Authentication Protocol
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
session.securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol,
USM_AUTH_PROTO_SHA_LEN);
session.securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(const uint8_t *) authenticationPassword.c_str(),
authenticationPassword.length(),
session.securityAuthKey,
&session.securityAuthKeyLen) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating authentication KU for authentication
password: " << authenticationPassword);
return false;
}
// Privacy Protocol
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
session.securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol,
USM_PRIV_PROTO_AES_LEN);
session.securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(const uint8_t *)privacyPassword.c_str(),
privacyPassword.length(),
session.securityPrivKey,
&session.securityPrivKeyLen) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating privacy KU for privacy password: " <<
privacyPassword);
return false;
}
// open the session
sesp = snmp_open(&session);
if (!sesp) {
LOG_ERROR("Unable to open a trap session to: " << session.peername << "
with user: " << userName);
throw std::runtime_error("Unable to open SNMP session!");
return false;
}
add_trap_session(sesp, SNMP_MSG_TRAP2, FALSE, SNMP_VERSION_3);
return true;
}
However, we are getting this error: [SNMP 3] : snmpd: send_trap: USM unknown
security name (no such user exists)
What are we doing wrong?
If we add this line to the snmpd.conf and not use the above-mentioned code, we
have no problem sending traps.
trapsess -v 3 -u myUserName -l authPriv -a SHA -A " myAuthenticationPassword "
-x AES -X " myPrivacyPassword " udp6:[2001:bb::f8]:162
Thanks,
Mostafa
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
