Hi, Thanks for reporting this issue. Feel free to submit a ticket at Apache NiFi Jira<https://issues.apache.org/jira/projects/NIFI/summary> or I'll do it later, and I'll take a look at it next week.
Kind Regards, Lehel ________________________________ From: Olli-Pekka Lamminen <[email protected]> Sent: Friday, January 31, 2025 11:58 To: [email protected] <[email protected]> Subject: Problems with ListenTrapSNMP processor and secure SNMP v3 traps Hi, I'm trying to receive secure SNMP v3 traps with NiFi 2 with no success thus far. I tried the same with NiFi 1 and there I am able to receive the traps. It seems that the ListenTrapSNMP processor (nifi-snmp-nar) does not handle the security levels of SNMP v3 traps properly with NiFi 2. In NiFi 1.x the processor processes all SNMP v3 traps regardless of security level which is not the perfect behaviour but could be deemed somewhat acceptable. Optimally it should only process the traps with the given security level and settings. In NiFi 2.x the processor processes only `noAuthNoPriv` traps and other security levels are not processed at all. This is not acceptable behaviour as secure traps do not get processed. NiFi 1.x functionality tested with apache/nifi container tags: 1.23.2, 1.28.1 NiFi 2.x functionality tested with apache/nifi container tags: 2.0.0, 2.2.0 To reproduce: 1. Add ListenTrapSNMP processor (org.apache.nifi - nifi-snmp-nar) - Set following properties - SNMP Manager Port: 16230 - SNMP Version: v3 - SNMP Security Level: authPriv - USM Users Source: Json Content - USM Users JSON content: [ { "securityName": "snmpuser", "authProtocol": "SHA", "authPassphrase": "authsecret", "privProtocol": "AES128", "privPassphrase": "privsecret" } ] 2. Add LogAttribute processor (org.apache.nifi - nifi-standard-nar) - Use default properties - Set success relationship to terminate 3. Create Connection from ListenTrapSNMP to LogAttribute for all relationships 4. Start processors 5. Send two SNMP traps from command line `snmptrap` (net-snmp) using commands snmptrap -v 3 -n "" \ -e 0x010203040506070809 \ -l noAuthNoPriv -u snmpuser \ localhost:16230 '' \ .1.3.6.1.2.1.192 \ .1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv" snmptrap -v 3 -n "" \ -e 0x010203040506070809 \ -l authPriv -u snmpuser \ -a SHA -A authsecret \ -x AES -X privsecret \ localhost:16230 '' \ .1.3.6.1.2.1.192 \ .1.3.6.1.2.1.192.1.2.1.11 s "authPriv" Expected behaviour: - First trap contents are not logged as security level does not match listener - Second trap contents are logged as FlowFile Properties and show Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' Value: 'authPriv' Actual behaviour in NiFi 1.28.1: - First trap contents are logged as FlowFile Properties and show Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' Value: 'noAuthNoPriv' - Second trap contents are logged as FlowFile Properties and show Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' Value: 'authPriv' Actual behaviour in NiFi 2.2.0: - First trap contents are logged as FlowFile Properties and show Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' Value: 'noAuthNoPriv' - Second trap contents are not logged BR, O-P Lamminen
