blob: 5c81aafee2e482f0cb8b6495e9a616aa3902fcbd [file] [log] [blame]
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
Configuration
=============
**trapd** configuration is controlled via a single JSON 'transaction'.
This transaction can be:
- a reply from Config Binding Services
- a locally hosted JSON file
The format of this message is described in the SNMPTRAP package, under:
.. code-block:: bash
<base install dir>/spec/snmptrap-collector-component-spec.json
There will also be a template JSON file with example/default values found at:
.. code-block:: bash
<base install dir>/etc/snmptrapd.json
If you are going to use a local file, the env variable below must be defined before SNMPTRAP runs. There is a default value set in the SNMPTRAP startup script (bin/snmptrapd.sh):
.. code-block:: bash
export CBS_SIM_JSON=../etc/snmptrapd.json
In either scenario, the format of the config message/transaction *is the same*. An example is described below.
JSON CONFIGURATION EXPLAINED
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Variables of interest (e.g. variables that should be inspected/modified for a specific runtime environment) are listed below for convenience. The entire file is provided later in this page for reference.
Potential Config Changes in your environment
""""""""""""""""""""""""""""""""""""""""""""
.. code-block:: bash
in protocols section:
"ipv4_interface": "0.0.0.0", # IPv4 address of interface to listen on - "0.0.0.0" == "all"
"ipv4_port": 6162, # UDP port to listen for IPv4 traps on (6162 used in docker environments when forwarding has been enabled)
"ipv6_interface": "::1", # IPv6 address of interface to listen on - "::1" == "all"
"ipv6_port": 6162 # UDP port to listen for IPv6 traps on (6162 used in docker environments when forwarding has been enabled)
in cache section:
"dns_cache_ttl_seconds": 60 # number of seconds trapd will cache IP-to-DNS-name values before checking for update
in files section:
"minimum_severity_to_log": 2 # minimum message level to log; 0 recommended for debugging, 3+ recommended for runtime/production
in snmpv3_config section:
(see detailed snmpv3_config discussion below)
snmpv3_config
"""""""""""""
SNMPv3 added significant authorization and privacy capabilities to the SNMP standard. As it relates to traps, this means providing the proper privacy, authorization, engine and user criteria for each agent that would like to send traps to a particular trapd instance.
This is done by adding blocks of valid configuration data to the "snmpv3_config" section of the JSON config/transaction. These blocks are recurring sets of:
.. code-block:: json
{
"user": "<userId>",
"engineId": "<engineId>",
"<authProtocol>": "<authorizationKeyValue>",
"<privProtocol>": "<privacyKeyValue>"
}
Valid values for authProtocol in JSON configuration:
.. code-block:: bash
usmHMACMD5AuthProtocol
usmHMACSHAAuthProtocol
usmHMAC128SHA224AuthProtocol
usmHMAC192SHA256AuthProtocol
usmHMAC256SHA384AuthProtocol
usmHMAC384SHA512AuthProtocol
usmNoAuthProtocol
Valid values for privProtocol in JSON configuration:
.. code-block:: bash
usm3DESEDEPrivProtocol
usmAesCfb128Protocol
usmAesCfb192Protocol
usmAesBlumenthalCfb192Protocol
usmAesCfb256Protocol
usmAesBlumenthalCfb256Protocol
usmDESPrivProtocol
usmNoPrivProtocol
User and engineId values are left up to the administrator, and must conform to SNMPv3 specifications as explained at `https://tools.ietf.org/html/rfc3414` .
Sample JSON configuration
"""""""""""""""""""""""""
The format of the JSON configuration that drives all behavior of SNMPTRAP is probably best described using an example:
.. code-block:: json
{
"snmptrapd": {
"version": "1.4.0",
"title": "ONAP SNMP Trap Receiver"
},
"protocols": {
"transport": "udp",
"ipv4_interface": "0.0.0.0",
"ipv4_port": 6162,
"ipv6_interface": "::1",
"ipv6_port": 6162
},
"cache": {
"dns_cache_ttl_seconds": 60
},
"publisher": {
"http_timeout_milliseconds": 1500,
"http_retries": 3,
"http_milliseconds_between_retries": 750,
"http_primary_publisher": "true",
"http_peer_publisher": "unavailable",
"max_traps_between_publishes": 10,
"max_milliseconds_between_publishes": 10000
},
"streams_publishes": {
"sec_fault_unsecure": {
"type": "message_router",
"aaf_password": null,
"dmaap_info": {
"location": "mtl5",
"client_id": null,
"client_role": null,
"topic_url": "http://localhost:3904/events/ONAP-COLLECTOR-SNMPTRAP"
},
"aaf_username": null
}
},
"files": {
"runtime_base_dir": "/opt/app/snmptrap",
"log_dir": "logs",
"data_dir": "data",
"pid_dir": "tmp",
"arriving_traps_log": "snmptrapd_arriving_traps.log",
"snmptrapd_diag": "snmptrapd_prog_diag.log",
"traps_stats_log": "snmptrapd_stats.csv",
"perm_status_file": "snmptrapd_status.log",
"eelf_base_dir": "/opt/app/snmptrap/logs",
"eelf_error": "error.log",
"eelf_debug": "debug.log",
"eelf_audit": "audit.log",
"eelf_metrics": "metrics.log",
"roll_frequency": "hour",
"minimum_severity_to_log": 3
},
"snmpv3_config": {
"usm_users": [
{
"engineId": "8000000000000001",
"user": "user1",
"usmDESPrivProtocol": "privkey1",
"usmHMACMD5AuthProtocol": "authkey1"
},
{
"engineId": "8000000000000002",
"user": "user2",
"usm3DESEDEPrivProtocol": "privkey2",
"usmHMACMD5AuthProtocol": "authkey2"
},
{
"engineId": "8000000000000003",
"user": "user3",
"usmAesCfb128Protocol": "privkey3",
"usmHMACMD5AuthProtocol": "authkey3"
},
{
"engineId": "8000000000000004",
"user": "user4",
"usmAesBlumenthalCfb192Protocol": "privkey4",
"usmHMACMD5AuthProtocol": "authkey4"
},
{
"engineId": "8000000000000005",
"user": "user5",
"usmAesBlumenthalCfb256Protocol": "privkey5",
"usmHMACMD5AuthProtocol": "authkey5"
},
{
"engineId": "8000000000000006",
"user": "user6",
"usmAesCfb192Protocol": "privkey6",
"usmHMACMD5AuthProtocol": "authkey6"
},
{
"engineId": "8000000000000007",
"user": "user7",
"usmAesCfb256Protocol": "privkey7",
"usmHMACMD5AuthProtocol": "authkey7"
},
{
"engineId": "8000000000000009",
"user": "user9",
"usmDESPrivProtocol": "privkey9",
"usmHMACSHAAuthProtocol": "authkey9"
},
{
"engineId": "8000000000000010",
"user": "user10",
"usm3DESEDEPrivProtocol": "privkey10",
"usmHMACSHAAuthProtocol": "authkey10"
},
{
"engineId": "8000000000000011",
"user": "user11",
"usmAesCfb128Protocol": "privkey11",
"usmHMACSHAAuthProtocol": "authkey11"
},
{
"engineId": "8000000000000012",
"user": "user12",
"usmAesBlumenthalCfb192Protocol": "privkey12",
"usmHMACSHAAuthProtocol": "authkey12"
},
{
"engineId": "8000000000000013",
"user": "user13",
"usmAesBlumenthalCfb256Protocol": "privkey13",
"usmHMACSHAAuthProtocol": "authkey13"
},
{
"engineId": "8000000000000014",
"user": "user14",
"usmAesCfb192Protocol": "privkey14",
"usmHMACSHAAuthProtocol": "authkey14"
},
{
"engineId": "8000000000000015",
"user": "user15",
"usmAesCfb256Protocol": "privkey15",
"usmHMACSHAAuthProtocol": "authkey15"
},
{
"engineId": "8000000000000017",
"user": "user17",
"usmDESPrivProtocol": "privkey17",
"usmHMAC128SHA224AuthProtocol": "authkey17"
},
{
"engineId": "8000000000000018",
"user": "user18",
"usm3DESEDEPrivProtocol": "privkey18",
"usmHMAC128SHA224AuthProtocol": "authkey18"
},
{
"engineId": "8000000000000019",
"user": "user19",
"usmAesCfb128Protocol": "privkey19",
"usmHMAC128SHA224AuthProtocol": "authkey19"
},
{
"engineId": "8000000000000020",
"user": "user20",
"usmAesBlumenthalCfb192Protocol": "privkey20",
"usmHMAC128SHA224AuthProtocol": "authkey20"
},
{
"engineId": "8000000000000021",
"user": "user21",
"usmAesBlumenthalCfb256Protocol": "privkey21",
"usmHMAC128SHA224AuthProtocol": "authkey21"
},
{
"engineId": "8000000000000022",
"user": "user22",
"usmAesCfb192Protocol": "privkey22",
"usmHMAC128SHA224AuthProtocol": "authkey22"
},
{
"engineId": "8000000000000023",
"user": "user23",
"usmAesCfb256Protocol": "privkey23",
"usmHMAC128SHA224AuthProtocol": "authkey23"
},
{
"engineId": "8000000000000025",
"user": "user25",
"usmDESPrivProtocol": "privkey25",
"usmHMAC192SHA256AuthProtocol": "authkey25"
},
{
"engineId": "8000000000000026",
"user": "user26",
"usm3DESEDEPrivProtocol": "privkey26",
"usmHMAC192SHA256AuthProtocol": "authkey26"
},
{
"engineId": "8000000000000027",
"user": "user27",
"usmAesCfb128Protocol": "privkey27",
"usmHMAC192SHA256AuthProtocol": "authkey27"
},
{
"engineId": "8000000000000028",
"user": "user28",
"usmAesBlumenthalCfb192Protocol": "privkey28",
"usmHMAC192SHA256AuthProtocol": "authkey28"
},
{
"engineId": "8000000000000029",
"user": "user29",
"usmAesBlumenthalCfb256Protocol": "privkey29",
"usmHMAC192SHA256AuthProtocol": "authkey29"
},
{
"engineId": "8000000000000030",
"user": "user30",
"usmAesCfb192Protocol": "privkey30",
"usmHMAC192SHA256AuthProtocol": "authkey30"
},
{
"engineId": "8000000000000031",
"user": "user31",
"usmAesCfb256Protocol": "privkey31",
"usmHMAC192SHA256AuthProtocol": "authkey31"
},
{
"engineId": "8000000000000033",
"user": "user33",
"usmDESPrivProtocol": "privkey33",
"usmHMAC256SHA384AuthProtocol": "authkey33"
},
{
"engineId": "8000000000000034",
"user": "user34",
"usm3DESEDEPrivProtocol": "privkey34",
"usmHMAC256SHA384AuthProtocol": "authkey34"
},
{
"engineId": "8000000000000035",
"user": "user35",
"usmAesCfb128Protocol": "privkey35",
"usmHMAC256SHA384AuthProtocol": "authkey35"
},
{
"engineId": "8000000000000036",
"user": "user36",
"usmAesBlumenthalCfb192Protocol": "privkey36",
"usmHMAC256SHA384AuthProtocol": "authkey36"
},
{
"engineId": "8000000000000037",
"user": "user37",
"usmAesBlumenthalCfb256Protocol": "privkey37",
"usmHMAC256SHA384AuthProtocol": "authkey37"
},
{
"engineId": "8000000000000038",
"user": "user38",
"usmAesCfb192Protocol": "privkey38",
"usmHMAC256SHA384AuthProtocol": "authkey38"
},
{
"engineId": "8000000000000039",
"user": "user39",
"usmAesCfb256Protocol": "privkey39",
"usmHMAC256SHA384AuthProtocol": "authkey39"
},
{
"engineId": "8000000000000041",
"user": "user41",
"usmDESPrivProtocol": "privkey41",
"usmHMAC384SHA512AuthProtocol": "authkey41"
},
{
"engineId": "8000000000000042",
"user": "user42",
"usm3DESEDEPrivProtocol": "privkey42",
"usmHMAC384SHA512AuthProtocol": "authkey42"
},
{
"engineId": "8000000000000043",
"user": "user43",
"usmAesCfb128Protocol": "privkey43",
"usmHMAC384SHA512AuthProtocol": "authkey43"
},
{
"engineId": "8000000000000044",
"user": "user44",
"usmAesBlumenthalCfb192Protocol": "privkey44",
"usmHMAC384SHA512AuthProtocol": "authkey44"
},
{
"engineId": "8000000000000045",
"user": "user45",
"usmAesBlumenthalCfb256Protocol": "privkey45",
"usmHMAC384SHA512AuthProtocol": "authkey45"
},
{
"engineId": "8000000000000046",
"user": "user46",
"usmAesCfb192Protocol": "privkey46",
"usmHMAC384SHA512AuthProtocol": "authkey46"
},
{
"engineId": "8000000000000047",
"user": "user47",
"usmAesCfb256Protocol": "privkey47",
"usmHMAC384SHA512AuthProtocol": "authkey47"
}
}