Drop SNMPv3 traps at early filter. trapFilter.conf only catch SNMPv2 but in 2020 V3 is a must

Idea ID 2846733

Drop SNMPv3 traps at early filter. trapFilter.conf only catch SNMPv2 but in 2020 V3 is a must

In 2020(and prior) more and more device use SNMPv3 and send traps in V3 as request by security team.  But if you have a flood in SNMPv3 the file trapFilter.conf as no used because it process only SNMP V2c and that early stage filter cannot see encrypted V3 traps. 

Then if you have a flood it will hit your flooding engine and will "shut down" trap processing, probably even the other V1/V2 traps, to protect itself.

Then I request to add a post decryption V3 filtering but prior to the flood engine.

For now we can use nnmtrap.conf to drop traps after the flooding engine but that setup is not optimal.

2 Comments
Micro Focus Contributor
Micro Focus Contributor

This is a critical feature to have for NNMi  for all of big enterprises.

Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. More information may be needed at this stage, and we expect the community to help prioritize the idea with comments and community support (votes/kudos).

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.