SNMPv3 trap is not working

[vgupta-mickey]

1. I am trying to build an SNMP agent which will send the SNMv3 traps.

2. I am using the following code as a reference:
   https://github.com/gosnmp/gosnmp/tree/master/examples/trapsend_v3 and using authPriv as security level.

3. I passed all the necessary parameters - username, authProtocol (MD5), authPassword, privprotocol(DES), privPassword, and setting the EngineID. I am confused with the EngineID setting.
   My SNMP server is configured with the following engine ID (0x80001f8880315de44d53ce8394).
   /etc/snmp/snmptrapd.conf
   createUser -e 0x80001f8880315de44d53ce8394 username password DES password
   authuser log username

4. I am coding EngineID in the SNMP go program as
   SecurityParameters: &g.UsmSecurityParameters{UserName: "snmpv3_objectscale_md5_des",
   AuthoritativeEngineID: "0x80001f8880315de44d53ce8394",
   AuthenticationProtocol: g.MD5,
   AuthenticationPassphrase: "password",
   PrivacyProtocol: g.DES,
   PrivacyPassphrase: "password",
   },

5. resullt: I can see the packet is received by the server (TCPDUMP), the actual Trap is not seen. I am suspecting that I am not encoding the EngineID right in the code. Please help.

6. if I use the linux utility snmptrap, I can see that my server is receiving the traps.
   snmptrap -d -v 3 -e 0x80001f8880315de44d53ce8394 -a MD5 -A password -x DES -X password -l authPriv -u username IP:162 pdus...

[Leviou]

用一下1.25.0版本试一试

[amir-shachar]

I am facing the same issue.
it is sending and i've verified all of the security details!

[dips2178]

Same here. SNMPV3 trap is not received properly when I use gosnmp. Same is received properly via snmptrap command

In snmpdtrapd.conf, I have :

createUser -e 800007e5801d3b1026d245ca3a deepa SHA512 password AES password
authUser log,execute deepa

While sending the snmpv3 trap, I have it like this -

p := &g.UsmSecurityParameters{
UserName: user,
AuthoritativeEngineBoots: 1,
AuthoritativeEngineTime: 1,
AuthoritativeEngineID: string([]byte{0x80, 0x00, 0x07, 0xe5, 0x80, 0x1d, 0x3b, 0x10, 0x26, 0xd2, 0x45, 0xca, 0x3a}),
AuthenticationProtocol: authProto,
AuthenticationPassphrase: authphrase,
PrivacyProtocol: privProto,
PrivacyPassphrase: privacyphrase,}

On tcpdump, I can see the following -

15:22:19.118858 IP localhost.52099 > localhost.snmp-trap: F=apr U="deepa" [!scoped PDU]ae_1a_a3_b8_40_be_81_dd_77_10_dd_a6_d3_0b_c0_42_33_cb_0d_40_c9_ce_ea_82_94_60_ad_f3_a4_18_f5_bc_d7_4e_e2_c8_e7_b0_9d_19_8c_d7_8b_be_12_8e_6b_6c_f9_64_6a_b6_8a_a2_c7_70_42_03_ec_35_d4_5a_a9_7b_cf
15:22:19.120612 IP localhost.snmp-trap > localhost.52099: F= U="deepa" E=_80_00_1f_88_80_11_69_ea_3a_13_a3_dc_61_00_00_00_00 C="" Report(28) S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=1

[kmstern]

When you say "the actual Trap is not seen", how do you know that ?
One has to configure the snmp trap destinations - the default is to localhost so may be logged if configured in the local snmptrapd.conf.
for example, in snmptrapd.conf:
authUser log,execute,net user_tt
# localtime YYYY-MM-DD HH:MM:SS
format2 %.4y-%.2m-%.2l %.2h:%.2j:%.2k %v\n

Here is a good reference to configure a trap destination: http://www.net-snmp.org/docs/mibs/SNMP-TARGET-MIB.txt

it's complicated, unfortunately, but thankfully only has to be setup once, typically.
And yes, per another question here, you DO need to configure the engineID for all users on the RECEIVING end using the engineID of the SENDER for SNMPv3 traps.

Here is an example script which sets up a trap destination ( at 192.168.131.8 port 10162 )
( the default trap port is 162 - I was using another port for test purposes )

So when a trap is sent locally ( usually by an agent using 'send_v3trap' API ), the remote node is send the trap.
It's up to the trap destination (sink) to know what to do about it (often runs a script and/or logs the data ).

#!/bin/bash
AGENT="udp:localhost:10161"
ARGS="-v 3 -l authPriv -u user_tt -a SHA-256 -A ttpassword -x AES -X ttprivpass"
ARGS+=" -M /usr/share/snmp/mibs"

TABLETAG="foo"
if [ $# -ge 1 ]; then
  TABLETAG="$1"
fi
TAG="mytag"
TAGTEST="internal0"

#ROOT=/home/unix3/kmstern/workspace/WAM/Time_transfer_manager

#SNMPSET=snmpwalk
#SNMPSET="snmpset.sh $ROOT"
SNMPSET="snmpset ${ARGS}"

# snmpTargetAddr table

${SNMPSET} ${AGENT} snmpTargetAddrRowStatus.\'${TABLETAG}\' = destroy
${SNMPSET} ${AGENT} snmpTargetAddrRowStatus.\'${TABLETAG}\' = createAndWait
# 127.0.0.1 port 162
#${SNMPSET} ${AGENT} snmpTargetAddrTAddress.\'${TABLETAG}\' x "7F 00 00 01 00 A2"
# 192.168.131.8 port 10162
${SNMPSET} ${AGENT} snmpTargetAddrTAddress.\'${TABLETAG}\' x "C0 A8 83 06 27 B2"
# netsnmpUDPDomain
${SNMPSET} ${AGENT} snmpTargetAddrTDomain.\'${TABLETAG}\' o 1.3.6.1.6.1.1
${SNMPSET} ${AGENT} snmpTargetAddrTagList.\'${TABLETAG}\' s "${TAG}" # this selects the Notify table row
${SNMPSET} ${AGENT} snmpTargetAddrParams.\'${TABLETAG}\' s "${TABLETAG}" # this selects the TargetParams table row
${SNMPSET} ${AGENT} snmpTargetAddrRowStatus.\'${TABLETAG}\' = active

# snmpTargetParams table

${SNMPSET} ${AGENT} snmpTargetParamsRowStatus.\'${TABLETAG}\' = destroy
${SNMPSET} ${AGENT} snmpTargetParamsRowStatus.\'${TABLETAG}\' = createAndWait
# 3 = snmpV3
${SNMPSET} ${AGENT} snmpTargetParamsMPModel.\'${TABLETAG}\' i 3
# 3 = USM
${SNMPSET} ${AGENT} snmpTargetParamsSecurityModel.\'${TABLETAG}\' i 3
${SNMPSET} ${AGENT} snmpTargetParamsSecurityName.\'${TABLETAG}\' s "user_tt"  # security name, e.g. USM entry
# 3 = authPriv
${SNMPSET} ${AGENT} snmpTargetParamsSecurityLevel.\'${TABLETAG}\' i 3
${SNMPSET} ${AGENT} snmpTargetParamsRowStatus.\'${TABLETAG}\' = active

# snmpNotify table
#TABLETAG=${TAGTEST}
${SNMPSET} ${AGENT} snmpNotifyRowStatus.\'${TABLETAG}\' = destroy
${SNMPSET} ${AGENT} snmpNotifyRowStatus.\'${TABLETAG}\' = createAndWait
${SNMPSET} ${AGENT} snmpNotifyTag.\'${TABLETAG}\' s "${TAG}"
${SNMPSET} ${AGENT} snmpNotifyType.\'${TABLETAG}\' i 1 # 1=trap, 2=inform
${SNMPSET} ${AGENT} snmpNotifyRowStatus.\'${TABLETAG}\' = active

[jingc1413]

same issue, any ideas?
use below command works:
1, cat snmptrapd.conf
authCommunity log,execute,net public
createUser -e 123456789 user SHA pass AES pass
authuser log user
2, snmptrapd -f -d -m +ALL -Leo -On -C -c ./snmptrapd.conf udp:9888
3, snmptrap -v 3 -l authPriv -u user -a SHA -A "pass" -x AES -X "pass" -e 123456789 127.0.0.1:9888 "" 1.3.6.1.4.1.19046.11.1.158.5.1.24 s "hello world"

use gosnmp to send trap-v3 not works.......