When you configure the OpsRamp Gateway as an SNMP trap receiver, it processes traps sent from SNMP-enabled devices based on your trap monitor configuration.
- SNMPv2 traps are not encrypted, so the OpsRamp Gateway can directly interpret their Trap OIDs.
- SNMPv3 traps are encrypted, so the OpsRamp Gateway requires the correct credentials to decrypt and interpret the OIDs.
Default SNMPv3 Credentials
By default, the OpsRamp Gateway can process SNMPv3 traps if the remote devices use the pre-defined credentials included with the Gateway. To obtain a list of these default credentials, contact the OpsRamp Support Team.
Add Custom SNMPv3 Credentials
If you do not want to use the default credentials, you can define your own SNMPv3 credentials for the Gateway. These credentials must be encoded in Base64.
Format Custom Credentials
Define your custom SNMPv3 credentials using the following format:
{securityname}###{authProto}###{authPassPhrase}###{privProto}###{privPassphrase} Example: user6###MD5###abcdef@123###DES###ghijkl@456
If any of the following fields are not required or should be left empty, use
NONE
as the value:- authProto
- authPassPhrase
- privProto
- privPassphrase
Use the following configuration formats for SNMP privacy and authentication protocols:
SNMP Privacy Protocol | Configuration format |
---|---|
DES | DES |
DES3 | DES3 |
AES | AES |
AES128 | AES-128 |
AES192 | AES-192 |
AES256 | AES-256 |
AES192C | AES-192-C |
AES256C | AES-256-C |
SNMP Auth Protocol | Configuration format |
---|---|
SHA | SHA |
SHA224 | SHA224 |
SHA256 | SHA256 |
SHA384 | SHA384 |
SHA512 | SHA512 |
MD5 | MD5 |
Examples:
For SNMPv3 credentials with authentication and privacy (AuthPriv):
snmpusername###MD5###snmpuserauthstring###DES###snmpprivstring
For SNMPv3 credentials with authentication but no privacy (AuthNoPriv):
snmpusername###MD5###snmpuserauthstring###NONE###NONE
For SNMPv3 credentials with no authentication and no privacy (NoAuthNoPriv):
snmpusername###NONE###NONE###NONE###NONE
Example with specific values:
For a device with the following SNMPv3 credentials:
- Username: user6
- Authentication protocol: MD5
- Authentication password: abcdef@123
- Privacy protocol: DES
- Privacy password: ghijkl@456
Use the following custom credential string:
user6###MD5###abcdef@123###DES###ghijkl@456
Username: user6
Auth: MD5
Authorization password: abcdef@123
Privacy: DES
Privacy password: ghijkl@456
Encode the Credentials
After formatting the credentials, convert them to Base64 encoding using a tool of your choice.
Example:
Formatted credentials: user6###MD5###abcdef@123###DES###ghijkl@456
Encoded as: dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==
.
Configure SNMPv3 Credentials on the OpsRamp Gateway
You can configure multiple SNMPv3 credentials on the OpsRamp Gateway to enable secure processing of SNMPv3 traps. Follow the steps below based on your OpsRamp Gateway version.
For Classic OpsRamp Gateway
- Log in to the OpsRamp Gateway using the
ruser
account. - Open the
/opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfg
file for editing. - Add each Base64-encoded SNMPv3 credential on a new line in the file.
Note: For details on formatting and encoding credentials, see Add Custom SNMPv3 Credentials. - Save the file and restart the vprobe service:
service vprobe restart
The OpsRamp Gateway is now configured to process SNMPv3 traps using the specified credentials.
For NextGen OpsRamp Gateway
Create a YAML file and define the SNMPv3 credentials as shown below:
snmp_trap_v3_credentials: |- base64EncodedCredkey1 base64EncodedCredkey2 base64EncodedCredkey3
Note
Indent each credential with two spaces under `snmp_trap_v3_credentials:` to ensure correct YAML formatting.
Update the NextGen OpsRamp Gateway Helm chart with your YAML file:
helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version <current_helm_chart_version> -f <YamlFileName> -n <NAMESPACE> --reuse-values
The NextGen OpsRamp Gateway will now use the configured SNMPv3 credentials to process incoming traps.
FAQs
Does OpsRamp generate repeat alerts if the same trap (with the same state) is received?
By default, OpsRamp does not generate repeat alerts for the same trap with the same severity within 30 minutes. There is an option at OpsRamp’s side where you can enhance trap definition to exclude this 30-min logic in case of valid use cases.
When will OpsRamp exclude/drop any trap with no alerts?
Yes. OpsRamp will exclude/drop traps with no alerts, in 2 cases:
Case 1 - If the trap is in the OpsRamp Global exclude list, then it will not generate any alert.
Case 2 - Client-level Exclude: If a customer has a trap monitor created in UI
(setup → monitoring → SNMP Traps Configuration) to exclude any specific set of trap(s).How are trap severities mapped in OpsRamp?
Actual trap severity OpsRamp severity Fatal, critical, major, degrade, error, fault, notoperational, shutdown, etc. Critical Minor, warning, degrade Warning Ok, info, debug Ok