Fatal编程技术网
  • snmp/
  • 将SNMP陷阱从v1转换为v3

将SNMP陷阱从v1转换为v3

snmp

将SNMP陷阱从v1转换为v3,snmp,net-snmp,Snmp,Net Snmp,我正在尝试将snmp v1陷阱转换为v3。我跟踪了讨论,但它是模糊的。 我也看过,但没有成功 更清楚地说:我有一个Centos 6工作站,上面有NetSNMP 5.5。我需要生成v1陷阱,接收它们,将它们转换为v3,然后转发它们 关于第一个指南,这是我迄今为止管理的: 大师: snmpd -Lo --master=agentx --agentXSocket=tcp:192.168.58.64:42000 udp:1161 听着: snmpwalk -v3 -u snmpv3user -A s

我正在尝试将snmp v1陷阱转换为v3。我跟踪了讨论,但它是模糊的。 我也看过,但没有成功

更清楚地说:我有一个Centos 6工作站,上面有NetSNMP 5.5。我需要生成v1陷阱,接收它们,将它们转换为v3,然后转发它们

关于第一个指南,这是我迄今为止管理的:

大师:

snmpd  -Lo --master=agentx --agentXSocket=tcp:192.168.58.64:42000 udp:1161
听着:

snmpwalk -v3 -u snmpv3user -A snmpv3pass -a MD5 -l authnoPriv 192.168.58.64:1161
稍后编辑:

我已经取得了一些进展,我能够作为主控运行snmpd,将snmptrapd作为代理连接到它,然后使v1陷阱机制起作用

我做了以下工作:

    In order to get snmptrapd connected as a subagent to snmpd you need to do the following:

###1  EDIT /etc/hosts.allow and add

snmpd: $(your_ip)
smptrapd: $(your_ip)

this is important because snmptrapd fails silently if rejected
by tcp wrap.

###2 EDIT /etc/snmp/snmpd.conf and add at the bottom of the other
com2sec directives.

com2sec infwnet  $(your_ip)  YOUR-COMMUNITY



add these lines 

group MyROGroup v1         infwnet
group MyROGroup v2c        infwnet
group MyROGroup usm        infwnet

under 

"# Second, map the security names into group names:"

add this view at the bottom of the other views
view all    included  .1                               80  

add this group acces at the bottom of other group access directives

access MyROGroup  ""      any       noauth    exact  all    none   none


add  this line as well:

master agentx

###3 TEST it with this: 

snmpwalk -v1 -c YOUR_COMMUNITY $(your_ip) .


###4 CREATE THE FOLLOWING TRAP TEST EXAMPLE:


touch /usr/share/snmp/mibs/UCD-TRAP-TEST-MIB.txt


###5 COPY PASTE THE TEXT BELOW INTO IT:


 UCD-TRAP-TEST-MIB DEFINITIONS ::= BEGIN
       IMPORTS ucdExperimental FROM UCD-SNMP-MIB;

 demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 }

 demoTrap TRAP-TYPE
       ENTERPRISE demotraps
       VARIABLES { sysLocation }
       DESCRIPTION "An example of an SMIv1 trap"
       ::= 17

 END


###6 EDIT /etc/sysconfig/snmptrapd (not /etc/default/snmptrapd !!)

replace OPTIONS with this:  

OPTIONS="-Lsd -m ALL -M /usr/share/snmp/mibs  -p /var/run/snmptrapd.pid"

###7 TEST IT WITH


snmptrap -v 1 -c public $(your_ip) UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "Just here"
现在我只需要找到一种方法将它们转换为v3,并从远程snmpd读取/接收它们

您需要snmptrapd来侦听和接收陷阱,而不是snmpwalk。我知道,但我不知道如何使用它,我使用snmpwalk来测试连接我相信我应该使用trapsink,但是如何将连接到snmptrapd的snmpd守护进程连接到远程站点上的另一个snmpd?