I'm trying to create a SNMP TRAP/Notify agent in Java using SNMP4J. The traps/notify's are meant to be sent to a remote listener.
I'd like to add support for V2 and V3 traps with authentication.
My setup currently:
Dev machine running the notifier. (192.168.1.61)
VM on debian 9(Stretch) (192.168.1.92) running snmptrapd
My problem described shortly:
I've tried my settings with the following command, confirming it worked:
VM:
sudo snmptrapd -f -Lo -c /usr/share/snmpdtrapd.conf
Dev:
sudo snmptrap -e 0x80001370017f000101 -v 3 -a SHA -A 02m-auth -x DES -X o2m-priv -l authPriv o2m-user 192.168.1.92:162 1 .1.3.6.1.2.1.1.8
On the VM it generates this log message:
2018-10-29 14:42:21 <UNKNOWN> [UDP: [192.168.1.61]:44309->
[192.168.1.92]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::sysORLastChange
Now I've ran the following code, and have confirmed it arrives at the VM(ran the snmptrapd command with -d enabled to see the snmp packet actually arrived)
TransportMapping transportMapping = new DefaultUdpTransportMapping();
Snmp snmp = new Snmp(transportMapping);
OctetString localEngineId = new OctetString(MPv3.createLocalEngineID());
USM usm = new USM(SecurityProtocols.getInstance(), localEngineId, 0);
SecurityModels.getInstance().addSecurityModel(usm);
OctetString securityName = new OctetString("o2m-user");
OID authProtocol = AuthSHA.ID;
OID privProtocol = PrivDES.ID;
OctetString authPassphrase = new OctetString("o2m-auth");
OctetString privPassphrase = new OctetString("o2m-priv");
snmp.getUSM().addUser(securityName, new UsmUser(securityName, authProtocol, authPassphrase, privProtocol, privPassphrase));
UserTarget target = new UserTarget();
target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
target.setSecurityName(securityName);
target.setAddress(new UdpAddress("192.168.1.92" + "/" + 162));
target.setVersion(SnmpConstants.version3);
snmp.listen();
ScopedPDU pdu = new ScopedPDU();
pdu.setType(PDU.TRAP);
pdu.setContextEngineID(localEngineId);
pdu.add(new VariableBinding(SnmpConstants.sysUpTime, new TimeTicks(1)));
pdu.add(new VariableBinding(SnmpConstants.snmpTrapOID, new OID(".1.3.6.1.2.1.1.8")));
System.out.println("Sending V3 trap");
snmp.send(pdu, target);
snmp.close();
The code above doesn't generate any log messages on the snmptrapd server.
I've also tried replacing the MPv3.createLocalEngineId() with the actual engine id, but that didn't seem to help either.
I've Wiresharked both requests(From JAVA and from snmp-trap) and the only difference that I noticed is that they both have a different AuthorativeEngineID.
Java had a generated one as it differs on each request, snmp-trap has a static one.
What am I doing wrong?
With the help of Vicky's question I've actually identified the problem.
I was not setting the correct ID, and forgot to set the ID on two places.
My engine ID on the server side is actually the first 9 bytes of the programs localEngineID created by Mpv3.createLocaleEngineId().
So I've actually just substring'd the ID as following:
OctetString localEngineId = new OctetString(MPv3.createLocalEngineID()).substring(0, 9);
And added the localEngineId in the addUser part as following:
snmp.getUSM().addUser(securityName, localEngineId, new UsmUser(securityName, authProtocol, authPassphrase, privProtocol, privPassphrase));
And for the snmp engine id:
snmp.setLocalEngine(localEngineId.getValue(), 0, 0);
This fixxed my problem and the message is logged on the snmptrapd daemon.