When you configure the OpsRamp Gateway as an SNMP trap receiver, it processes traps sent from SNMP-enabled devices based on your trap monitor configuration.

  • SNMPv2 traps are not encrypted, so the OpsRamp Gateway can directly interpret their Trap OIDs.
  • SNMPv3 traps are encrypted, so the OpsRamp Gateway requires the correct credentials to decrypt and interpret the OIDs.

Default SNMPv3 Credentials

By default, the OpsRamp Gateway can process SNMPv3 traps if the remote devices use the pre-defined credentials included with the Gateway. To obtain a list of these default credentials, contact the OpsRamp Support Team.

Add Custom SNMPv3 Credentials

If you do not want to use the default credentials, you can define your own SNMPv3 credentials for the Gateway. These credentials must be encoded in Base64.

Format Custom Credentials

  1. Define your custom SNMPv3 credentials using the following format:

        {securityname}###{authProto}###{authPassPhrase}###{privProto}###{privPassphrase}
    
        Example: user6###MD5###abcdef@123###DES###ghijkl@456
        
  2. If any of the following fields are not required or should be left empty, use NONE as the value:

    • authProto
    • authPassPhrase
    • privProto
    • privPassphrase

Use the following configuration formats for SNMP privacy and authentication protocols:

SNMP Privacy ProtocolConfiguration format
DESDES
DES3DES3
AESAES
AES128AES-128
AES192AES-192
AES256AES-256
AES192CAES-192-C
AES256CAES-256-C
SNMP Auth ProtocolConfiguration format
SHASHA
SHA224SHA224
SHA256SHA256
SHA384SHA384
SHA512SHA512
MD5MD5

Examples:

  • For SNMPv3 credentials with authentication and privacy (AuthPriv):

    snmpusername###MD5###snmpuserauthstring###DES###snmpprivstring
    
  • For SNMPv3 credentials with authentication but no privacy (AuthNoPriv):

    snmpusername###MD5###snmpuserauthstring###NONE###NONE
    
  • For SNMPv3 credentials with no authentication and no privacy (NoAuthNoPriv):

    snmpusername###NONE###NONE###NONE###NONE
    

Example with specific values:

For a device with the following SNMPv3 credentials:

  • Username: user6
  • Authentication protocol: MD5
  • Authentication password: abcdef@123
  • Privacy protocol: DES
  • Privacy password: ghijkl@456

Use the following custom credential string:

user6###MD5###abcdef@123###DES###ghijkl@456
Username: user6
Auth:  MD5
Authorization password: abcdef@123
Privacy: DES
Privacy password: ghijkl@456

Encode the Credentials

After formatting the credentials, convert them to Base64 encoding using a tool of your choice.

Example:
Formatted credentials: user6###MD5###abcdef@123###DES###ghijkl@456
Encoded as: dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==.

Configure SNMPv3 Credentials on the OpsRamp Gateway

You can configure multiple SNMPv3 credentials on the OpsRamp Gateway to enable secure processing of SNMPv3 traps. Follow the steps below based on your OpsRamp Gateway version.

For Classic OpsRamp Gateway

  1. Log in to the OpsRamp Gateway using the ruser account.
  2. Open the /opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfg file for editing.
  3. Add each Base64-encoded SNMPv3 credential on a new line in the file.
    Note: For details on formatting and encoding credentials, see Add Custom SNMPv3 Credentials.
  4. Save the file and restart the vprobe service:
        service vprobe restart
        

The OpsRamp Gateway is now configured to process SNMPv3 traps using the specified credentials.

For NextGen OpsRamp Gateway

  1. Create a YAML file and define the SNMPv3 credentials as shown below:

        snmp_trap_v3_credentials: |-
          base64EncodedCredkey1
          base64EncodedCredkey2
          base64EncodedCredkey3
        

  2. Update the NextGen OpsRamp Gateway Helm chart with your YAML file:

        helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version <current_helm_chart_version> -f <YamlFileName> -n <NAMESPACE> --reuse-values
        

The NextGen OpsRamp Gateway will now use the configured SNMPv3 credentials to process incoming traps.

FAQs


  1. Does OpsRamp generate repeat alerts if the same trap (with the same state) is received?

    By default, OpsRamp does not generate repeat alerts for the same trap with the same severity within 30 minutes. There is an option at OpsRamp’s side where you can enhance trap definition to exclude this 30-min logic in case of valid use cases.

  2. When will OpsRamp exclude/drop any trap with no alerts?

    Yes. OpsRamp will exclude/drop traps with no alerts, in 2 cases:

    Case 1 - If the trap is in the OpsRamp Global exclude list, then it will not generate any alert.
    Case 2 - Client-level Exclude: If a customer has a trap monitor created in UI
    (setup → monitoring → SNMP Traps Configuration) to exclude any specific set of trap(s).

  3. How are trap severities mapped in OpsRamp?

    Actual trap severityOpsRamp severity
    Fatal, critical, major, degrade, error, fault, notoperational, shutdown, etc.Critical
    Minor, warning, degradeWarning
    Ok, info, debugOk