Hi, This issue can now be tracked as NIFI-14231 <https://issues.apache.org/jira/browse/NIFI-14231>.
Thanks, O-P On Fri, 31 Jan 2025 at 13:50, Lehel Boér <[email protected]> wrote: > Hi, > > Thanks for reporting this issue. Feel free to submit a ticket at Apache > NiFi Jira <https://issues.apache.org/jira/projects/NIFI/summary> or I'll > do it later, > and I'll take a look at it next week. > > Kind Regards, > Lehel > ------------------------------ > *From:* Olli-Pekka Lamminen <[email protected]> > *Sent:* Friday, January 31, 2025 11:58 > *To:* [email protected] <[email protected]> > *Subject:* Problems with ListenTrapSNMP processor and secure SNMP v3 traps > > Hi, > > I'm trying to receive secure SNMP v3 traps with NiFi 2 with no success > thus far. I tried the same with NiFi 1 and there I am able to receive the > traps. It seems that the ListenTrapSNMP processor (nifi-snmp-nar) does not > handle the security levels of SNMP v3 traps properly with NiFi 2. > > In NiFi 1.x the processor processes all SNMP v3 traps regardless of > security level which is not the perfect behaviour but could be deemed > somewhat acceptable. Optimally it should only process the traps with the > given security level and settings. > > In NiFi 2.x the processor processes only `noAuthNoPriv` traps and other > security levels are not processed at all. This is not acceptable behaviour > as secure traps do not get processed. > > NiFi 1.x functionality tested with apache/nifi container tags: 1.23.2, > 1.28.1 > NiFi 2.x functionality tested with apache/nifi container tags: 2.0.0, 2.2.0 > > > To reproduce: > 1. Add ListenTrapSNMP processor (org.apache.nifi - nifi-snmp-nar) > - Set following properties > - SNMP Manager Port: 16230 > - SNMP Version: v3 > - SNMP Security Level: authPriv > - USM Users Source: Json Content > - USM Users JSON content: > > [ > { > "securityName": "snmpuser", > "authProtocol": "SHA", > "authPassphrase": "authsecret", > "privProtocol": "AES128", > "privPassphrase": "privsecret" > } > ] > > 2. Add LogAttribute processor (org.apache.nifi - nifi-standard-nar) > - Use default properties > - Set success relationship to terminate > 3. Create Connection from ListenTrapSNMP to LogAttribute for all > relationships > 4. Start processors > 5. Send two SNMP traps from command line `snmptrap` (net-snmp) using > commands > > snmptrap -v 3 -n "" \ > -e 0x010203040506070809 \ > -l noAuthNoPriv -u snmpuser \ > localhost:16230 '' \ > .1.3.6.1.2.1.192 \ > .1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv" > > snmptrap -v 3 -n "" \ > -e 0x010203040506070809 \ > -l authPriv -u snmpuser \ > -a SHA -A authsecret \ > -x AES -X privsecret \ > localhost:16230 '' \ > .1.3.6.1.2.1.192 \ > .1.3.6.1.2.1.192.1.2.1.11 s "authPriv" > > > Expected behaviour: > - First trap contents are not logged as security level does not match > listener > - Second trap contents are logged as FlowFile Properties and show > Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' > Value: 'authPriv' > > > Actual behaviour in NiFi 1.28.1: > - First trap contents are logged as FlowFile Properties and show > Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' > Value: 'noAuthNoPriv' > - Second trap contents are logged as FlowFile Properties and show > Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' > Value: 'authPriv' > > > Actual behaviour in NiFi 2.2.0: > - First trap contents are logged as FlowFile Properties and show > Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4' > Value: 'noAuthNoPriv' > - Second trap contents are not logged > > > BR, > O-P Lamminen > >
