[SNMP4J] SNMP4J V3 Traps with specified Engine ID
Frank Fock
fock at agentpp.com
Wed Jan 7 21:24:50 CET 2015
Hi Imene,
> On 07 Jan 2015, at 16:04, Boussour, Imene (6076618) <imene.boussour at bell.ca> wrote:
>
> Hi Frank,
>
> Thank you for your prompt response.
> So, The local engine ID created by the following call should be enough:
> USM usm = new USM(SecurityProtocols.getInstance().addDefaultProtocols(), new OctetString(MPv3.createLocalEngineID()), 0);
>
Yes, although you should create your own local engine ID using your IANA enterprise ID.#
> The ContextName on the Trap receiver is Optional (it's a SCOM server).
> So if we specify this property, we need to set the context name of the ScopedPDU object by: pdu.setContextName(new OctetString("contextName"));
Correct.
> Otherwise, we don't need to add the last statement, is there a default value for the context Name on the ScopedPDU?
>
The default context is the empty context “”.
> How about the ConextEngineID, if we don't set it's value (pdu.setContextEngineID(...)) it will take the localEngineID value created by the previous MPv3.createLocalEngineID() call, is that correct?
Yes, if there is no context engine ID provided, the security engine ID is used instead.
Best regards,
Frank
>
> Thanks,
> Imene.
>
>
> -----Original Message-----
> From: Frank Fock [mailto:fock at agentpp.com]
> Sent: Tuesday, January 06, 2015 6:31 PM
> To: Boussour, Imene (6076618)
> Cc: snmp4j at agentpp.org
> Subject: Re: [SNMP4J] SNMP4J V3 Traps with specified Engine ID
>
> Hi Imene,
>
> Your understanding of SNMPv3 trap sending is not correct.
> SNMPv3 notifications (traps) are sent from a command responder entity and are therefore authoritative. That means, the sender (which is the command responder entity) uses its own security engine ID within the notification PDU.
>
> The receiver (= command generator) then uses the security engine ID provided in the notification PDU to authentication/decrypt the notification.
>
> Therefore your setup should work already, except that you have not set the context name of the ScopedPDU object yet.
>
> Best regards
> Frank
>
>> On 06 Jan 2015, at 21:26, Boussour, Imene (6076618) <imene.boussour at bell.ca> wrote:
>>
>> Hello List,
>>
>> I am trying to send SNMP V3 Traps to a remote server (using a Trap monitor software on windows) from my Java application, I use SNMP4j stack API.
>> My questions is around the engine ID, on the Trap receiver application we need to create an SNMP V3 account with, username, auth protocol... but also a Context Name.
>> On the SNMP4j side, there is multiple areas where we can define of set the engineID:
>> 1 - USM usm = new
>> USM(SecurityProtocols.getInstance().addDefaultProtocols(), new
>> OctetString(MPv3.createLocalEngineID()), 0);
>> 2- snmp.getUSM().addUser(mSecurityName,
>> OctetString.fromHexString("80:00:13:70:c0:a8:01:0d"), new
>> UsmUser(mSecurityName, mAuthProtocol, , mPrivProtocol,
>> mPrivPassphrase));
>> 3- UsmUser(mSecurityName, mAuthProtocol, , mPrivProtocol,
>> mPrivPassphrase),
>> OctetString.fromHexString("80:00:13:70:c0:a8:01:0d"));
>> 4-
>> pdu.setContextEngineID(OctetString.fromHexString("80:00:13:70:c0:a8:01
>> :0d"));
>>
>> For context Name , I only found this:
>> pdu.setContextName(new OctetString("contextName"));
>>
>>
>> The SNMP4J createlocalEngineId method creates a random number, Can this work?
>> My understanding of SNMP trap V3, is that the Engine ID should match on the sender and receiver. So, when we specify a custom engine ID on SNMP4J, which one should we use?
>>
>> And here is the Code I am using to send Traps:
>>
>> // ltargetAddress represents the host and port we plan to communicate with
>> // in the format: host/port
>> Address ltargetAddress = GenericAddress.parse
>> (mTransportType + ":" + mRemoteAddress + "/" + mRemotePort);
>>
>> TransportMapping<?> transport;
>> if (ltargetAddress instanceof UdpAddress) {
>> transport = new DefaultUdpTransportMapping();
>> } else {
>> transport = new DefaultTcpTransportMapping();
>> }
>>
>> //Create SNMP Session
>> Snmp snmp = new Snmp(transport);
>>
>> USM usm = new USM(SecurityProtocols.getInstance()
>> .addDefaultProtocols(), new OctetString(
>> MPv3.createLocalEngineID()), 0);
>>
>>
>> SecurityProtocols.getInstance().addPrivacyProtocol(new PrivAES192());
>>
>>
>> SecurityModels.getInstance().addSecurityModel(usm);
>>
>> //transport.listen();
>>
>> //Setting the security protocols
>> snmp.getUSM().addUser(
>> mSecurityName,
>> new UsmUser(mSecurityName, mAuthProtocol,
>> mAuthPassphrase, mPrivProtocol,
>> mPrivPassphrase));
>>
>>
>> // Create Target
>> UserTarget target = new UserTarget();
>> target.setAddress(ltargetAddress);
>> target.setRetries(1);
>> target.setTimeout(11500);
>> target.setVersion(SnmpConstants.version3);
>> target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
>> target.setSecurityName(mSecurityName);
>>
>> // Create PDU for V3
>> ScopedPDU pdu = new ScopedPDU();
>> pdu.setType(ScopedPDU.TRAP);
>>
>> // Adding OIDs
>> pdu.add(new VariableBinding(SnmpConstants.sysUpTime,
>> new OctetString(new Date().toString())));
>>
>> pdu.add(new VariableBinding(SnmpConstants.snmpTrapOID,
>>
>> SnmpConstants.linkDown));
>>
>> pdu.add(new VariableBinding(new OID(mOID), new
>> OctetString(pMessage)));
>>
>> pdu.add(new
>> VariableBinding(SnmpConstants.snmpTrapAddress,
>>
>> new IpAddress(mRemoteAddress)));
>>
>> //Send the PDU
>> snmp.listen();
>> snmp.send(pdu, target);
>> snmp.close();
>>
>> Thanks,
>> Imene
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> https://oosnmp.net/mailman/listinfo/snmp4j
>
More information about the SNMP4J
mailing list