search

etingof / snmpfwd

SNMP Proxy Forwarder
http://snmplabs.com/snmpfwd/
BSD 2-Clause "Simplified" License
67 stars 18 forks source link

multiple sources with same snmp security name not working #51

Open aganiger opened 4 years ago

aganiger commented 4 years ago

I have configured snmp forwarder for traps with snmp v1 and snmp v2. The configuration is as below (copied related configuration):

program-name: snmpfwd-server

snmp-credentials-group { snmp-transport-domain: 1.3.6.1.6.1.1.100 snmp-bind-address: "10.10.10.253:162" snmp-engine-id: 0x0102030405070809

snmpv2traps { snmp-security-model: 2 snmp-security-name: public snmp-security-level: 1 snmp-community-name: public snmp-credentials-id: snmp-credentials-snmpv2traps } snmpv1traps { snmp-security-model: 1 snmp-security-name: public snmp-security-level: 1 snmp-community-name: public snmp-credentials-id: snmp-credentials-snmpv1traps } }

I noticed that when snmp-security-name is same for both sources, the following error is thrown. Is it not supported?

2020-05-28T01:47:43.42 snmpfwd-server: ERROR Traceback (most recent call last):; 2020-05-28T01:47:43.42 snmpfwd-server: ERROR File "/usr/bin/snmpfwd-server.py", line 981, in ; main(); 2020-05-28T01:47:43.42 snmpfwd-server: ERROR File "/usr/bin/snmpfwd-server.py", line 735, in main; if snmpEngineMap['securityName'][securityModel] == securityModel:; 2020-05-28T01:47:43.42 snmpfwd-server: ERROR KeyError: <Integer value object at 0x7f68618d0d90 subtypeSpec <ConstraintsIntersection object at 0x7f68625e2750 consts <ValueRangeConstraint object at 0x7f68625e2650 consts -2147483648, 2147483647>> tagSet <TagSet object at 0x7f686692eb50 tags 0:0:2> payload [1]>; 2020-05-28T01:47:43.42 snmpfwd-server: INFO process terminated

Please let me know if any other info is needed.

BlessenKurien commented 4 years ago

@aganiger , just curious if you got this working if the "snmp-security-name" was different for v1 and v2 config? I have not got it working even if I configure different "snmp-security-name". From what I can see, the value of "snmp-community-name" is used by the pysnmp 'to determine' which snmp-security-name and hence which SNMP config(v1/v2 etc) to use for the incoming request. If I configure different "snmp-community-name" and then accordingly pass the different/separate community string for v1 and v2 traps, then I can see the the SNMP forwarder server processes the requests and sends them to the client component.

BlessenKurien commented 4 years ago

@etingof , is it possible to configure the same community string i.e same "snmp-community-name" for both SNMP v1 and SNMP v2 config in the same server conf?

In order to try and keep the community string the same - "public", I have tried creating two different sub-sections under the 'snmp-credentials-group', with different 'snmp-transport-domain' and different 'snmp-engine-id' , but if the community string is the same, pysnmp seems to be picking up the security name in a manner that I dont understand. Looking through pysnmp code, it looks like it goes with the 'first match'. I am still trying to understand this. Would you be able to throw some light on this please?