September 11, 2014

SNMP v3 trap and engineID

When sending an SNMP v3 trap from the sender to the trap receiver, the authoritative engineID is the trap sender's engine ID.   Below is a method to remotely discover the engine ID of  the remote SNMP sender (likely SNMP agent):

use the net-snmp snmpwalk command, and add the command option: "-Dsnmp_sess_open" and do a snmpget v3 with your credentials, and you should get something like this:

snmp_sess_open:   probe found engineID:  80001f888016fb784553d902ac
. = Gauge32: 0

The agent's engineID is right there: 80001f888016fb784553d902ac

You can also try "-Dlcd_get_enginetime", which gives you local engineID

On the other note, I have written the SNMP trap receiver that can detect the incoming engineID automatically. Check it out at github:

On a local Linux machine running snmpd, you can find out its engine ID by:

cat /var/net-snmp/snmpd.conf

If you have any SNMP v3 user configured, you should see one or more lines like this:

usmUser 1 3 0x80001f888016fb784553d902ac 0x68636d2e736e6d70763300 0x......

EngineID is the 4th element: 0x80001f888016fb784553d902ac 

No comments:

Post a Comment