Introduction
When you configure the OpsRamp Gateway as an SNMP trap receiver, traps sent from SNMP-enabled devices are processed according to the trap monitor configuration.
- SNMPv2 traps are not encrypted. The OpsRamp Gateway can directly interpret the Trap OIDs.
- SNMPv3 traps are encrypted. The OpsRamp Gateway requires proper credentials to decrypt and interpret the OIDs.
Default SNMPv3 Credentials
By default, OpsRamp Gateway understands and processes the SNMP v3 Traps if the remote devices use the same credentials pre-defined in the OpsRamp Gateway.
If you want to know the list of pre-defined credentials in the OpsRamp Gateway, then reach OpsRamp Support Team.
Add Custom SNMPv3 Credentials
If you prefer not to use the default credentials, you can define your own OpsRamp Gateway credentials using Base64 encoding.
Format Custom Credentials
- Define your custom SNMP v3 credentials in the following format:
{securityname}###{authProto}###{authPassPhrase}###{privProto}###{privPassphrase}
Example: user6###MD5###abcdef@123###DES###ghijkl@456- If any of the following fields are empty or not needed, use
NONEfor the field value:- authProto
- authPassPhrase
- privProto
- privPassphrase
The format to be followed in the trap configuration file for SNMP protocols:
| Snmp Privacy Protocol | Configuration format |
|---|---|
| DES | DES |
| DES3 | DES3 |
| AES | AES |
| AES128 | AES-128 |
| AES192 | AES-192 |
| AES256 | AES-256 |
| AES192C | AES-192-C |
| AES256C | AES-256-C |
| Snmp Auth Protocol | Configuration format |
|---|---|
| SHA | SHA |
| SHA224 | SHA224 |
| SHA256 | SHA256 |
| SHA384 | SHA384 |
| SHA512 | SHA512 |
| MD5 | MD5 |
Examples:
SNMP v3 credentials are AuthPriv then:
snmpusername###MD5###snmpuserauthstring###DES###snmpprivstringSNMP v3 credentials are AuthNoPriv then:
snmpusername###MD5###snmpuserauthstring###NONE###NONESNMP v3 credentials are NoAuthNoPriv then:
snmpusername###NONE###NONE###NONE###NONE
As another example, a device with the following SNMP v3 credentials:
`user6###MD5###abcdef@123###DES###ghijkl@456`
Username: user6
Auth: MD5
Authorization password: abcdef@123
Privacy: DES
Privacy password: ghijkl@456Encode Credentials
After formatting the credentials string, encode it using a Base64 encoder of your choice.
Example:
Formatted credentials: user6###MD5###abcdef@123###DES###ghijkl@456
Encoded as: dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==.
Configure Classic OpsRamp Gateway
You can specify multiple SNMP v3 credentials in the OpsRamp Gateway configuration file, each on a new line.
- Log in to the OpsRamp Gateway using the
ruseraccount. - Open the
/opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfgfile for editing. - Copy and paste the Base64-encoded credentials into the file.
Note: Refer Adding Custom SNMPv3 Credentials on how to configure SNMP V3 credentials in Base64 encoded format. - Save the file and restart the vprobe service using the following command:
service vprobe restart
Your OpsRamp Gateway is now set up to process SNMP v3 traps using the configured credentials.
Configure NextGen OpsRamp Gateway
Follow these steps to configure SNMP v3 trap credentials in the NextGen OpsRamp Gateway:
- Create a YAML file in the OpsRamp Gateway under path: /home/gateway-admin (eg: snmp_trap_v3_creds.yml) and pass the snmp_v3 credentials in the following format.
snmp_trap_v3_credentials: |-
Example:
snmp_trap_v3_credentials: |-
base64EncodedCredkey1
base64EncodedCredkey2
base64EncodedCredkey3Note
Ensure that there are two spaces under the “snmp_trap_v3_credentials” and then pass the keys after those spaces, as the spaces are necessary for YAML indentation.helm upgrade nextgen-gw oci://us-docker.pkg.dev/OpsRamp-registry/OpsRamp Gateway-cluster-charts/nextgen-gw --version <current_helm_chart_version> -f <YamlFileName> -n <NAMESPACE> --reuse-valuesFAQs
Does OpsRamp generate repeat alerts if the same trap (with the same state) is received?
By default, OpsRamp does not generate repeat alerts for the same trap with the same severity within 30 minutes. There is an option at OpsRamp’s side where you can enhance trap definition to exclude this 30-min logic in case of valid use cases.
When will OpsRamp exclude/drop any trap with no alerts?
Yes. OpsRamp will exclude/drop traps with no alerts, in 2 cases:
Case 1 - If the trap is in the OpsRamp Global exclude list, then it will not generate any alert.
Case 2 - Client-level Exclude: If a customer has a trap monitor created in UI
(setup → monitoring → SNMP Traps Configuration) to exclude any specific set of trap(s).How are trap severities mapped in OpsRamp?
Actual trap severity OpsRamp severity Fatal, critical, major, degrade, error, fault, notoperational, shutdown, etc. Critical Minor, warning, degrade Warning Ok, info, debug Ok