Overview

SNMP (Simple Network Management Protocol) Traps are alert messages sent from network devices to the OpsRamp Gateway, enabling real-time monitoring of hardware and infrastructure. When using SNMPv3, the traps are encrypted for enhanced security. For the NextGen Gateway to interpret and process these traps correctly, it must be configured with the appropriate SNMPv3 credentials.

Why SNMPv3 Credentials Are Required

• SNMPv2 traps are unencrypted and easily interpreted by the Gateway.
• SNMPv3 traps are encrypted and require decryption using matching credentials (security name, authentication method, privacy method, and passphrases).
• If the credentials on the device and the Gateway don’t match, the traps cannot be processed.

Default SNMPv3 Credential Support

OpsRamp Gateways come with a predefined set of SNMPv3 credentials. If your devices use these, no manual configuration is required. To access the list of default SNMPv3 credentials, contact the OpsRamp Support Team.

Adding Custom SNMPv3 Credentials

If your devices use custom SNMPv3 credentials, you’ll need to manually define and configure them in the Gateway.

Step 1: Format the Credentials

Use the following structure for each SNMPv3 credential string:

{securityName}###{authProtocol}###{authPassphrase}###{privProtocol}###{privPassphrase}

If any of the fields mentioned below are empty or not needed, please use NONE for the field value.

• authProto
• authPassPhrase
• privProto
• privPassphrase

Examples:

• AuthPriv (Authentication + Privacy):
  snmpuser###MD5###authPass123###DES###privPass456
• AuthNoPriv (Authentication only):
  snmpuser###SHA256###authPass123###NONE###NONE
• NoAuthNoPriv (No security):
  snmpuser###NONE###NONE###NONE###NONE

Supported SNMPv3 Protocols

Privacy Protocols

Authentication Protocols

Step 2: Encode Credentials in Base64

After formatting your credentials, convert them to Base64 format using any standard tool (Linux CLI, online Base64 encoder, etc.).

Example:
Formatted:

user6###MD5###abcdef@123###DES###ghijkl@456

Base64 Encoded:

user6###MD5###abcdef@123###DES###ghijkl@456

Configuring the SNMPv3 Credentials in the Gateway

Classic Gateway Configuration

1. Log into the Gateway server with the ruser account.
2. Open the file:

   /opt/gateway/vprobe/conf/snmp_trap_v3_credentials.cfg

3. Paste each Base64-encoded credential on a new line.
4. Save the file.
5. Restart the vprobe service:

   service vprobe restart

NextGen Gateway Configuration

To configure SNMPv3 trap credentials in a Kubernetes-based NextGen Gateway:

Step 1: Create a YAML File

Prepare a values YAML file with your encoded credentials:

snmp_trap_v3_credentials: |-
  dXNlcjYjIyNNRDUjIyNhYmNkZWZAMTIzIyMjREVTIyMjZ2hpamtsQDQ1Ng==

Step 2: Upgrade the Gateway with Helm

Run the Helm upgrade command with the new credentials YAML file:

helm upgrade nextgen-gw \
  oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw \
  --version <current_helm_chart_version> \
  -f <YamlFileName> \
  -n <namespace> \
  --reuse-values

Replace <YamlFileName>, <namespace>, and <current_helm_chart_version> accordingly.

Verification

Once the credentials are configured, validate by:

• Sending test SNMPv3 traps from a device using the custom credentials.
• Monitoring Gateway logs to confirm traps are received and decoded.
• Checking that alerts are generated (if trap monitor conditions are met).

FAQs

Q: Will OpsRamp generate alerts for duplicate SNMP traps?

A: By default, no. Duplicate traps with the same severity are suppressed within a 30-minute window. However, this behavior can be modified by OpsRamp Support for specific use cases.

Q: When does OpsRamp drop a trap without generating an alert?

A: In the following scenarios:

• The trap is on OpsRamp’s global exclude list.
• A custom exclusion rule is configured via Setup > Monitoring > SNMP Traps Configuration.

Q: How are trap severities mapped in OpsRamp?

A: The mapping is explained below: