Traps configuration
Traps configuration is stored in the traps-config.yaml file. This file has the following sections:
communities:
2c:
- public
usernameSecrets: []
communities: communities used for version1and2cof the snmp. The default one ispublic.usernameSecrets: names of the secrets configured in docker used forsnmpv3traps.
Example of the configuration¶
communities:
2c:
- public
usernameSecrets:
- my_secret
Prerequisites for SNMPv3 Configuration¶
Create the SNMPv3 Secret in Docker¶
Before using SNMPv3, you must create the required secret within Docker. For detailed instructions, refer to SNMPv3 secrets.
Configure the Security Engine ID¶
In SNMPv3, every trap receiver must know the Security Engine ID of each sending device in advance. The receiver uses this ID together with the USM username, auth key, and priv key to authenticate incoming traps. Without the correct engine ID pre-registered, pysnmp rejects the trap before it even checks credentials.
Please follow the guidelines in the Traps Section of the .env File Configuration for instructions on setting this value manually.
Engine ID Discovery¶
If you are managing a large amount of traps agents it is possible to enable engine id discovery mode. The Engine ID Discovery feature automatically extracts the engine ID from each incoming SNMPv3 raw datagram and dynamically registers it with the SNMP engine, so the trap can be authenticated on the fly. The engine ID is only registered if the username matches a known user and stored in database.
This feature can be enabled by setting in .env:
DISCOVER_ENGINE_ID=true
Info
It is recommended to enable this feature only during the initial setup of the traps receiver. Once the engine IDs for all required devices in the network have been collected, disable the feature to prevent unwanted engine ID registration and to improve trap processing efficiency by eliminating the overhead of extracting the engine ID from every incoming message.