Idea ID 2846733
In 2020(and prior) more and more device use SNMPv3 and send traps in V3 as request by security team. But if you have a flood in SNMPv3 the file trapFilter.conf as no used because it process only SNMP V2c and that early stage filter cannot see encrypted V3 traps.
Then if you have a flood it will hit your flooding engine and will "shut down" trap processing, probably even the other V1/V2 traps, to protect itself.
Then I request to add a post decryption V3 filtering but prior to the flood engine.
For now we can use nnmtrap.conf to drop traps after the flooding engine but that setup is not optimal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.