Configure SNMP Trap and Inform Notifications
Paragon Insights supports inform and trap notifications that devices send in the network for fault management. The SNMP manager (Paragon Insights) and the SNMP agents (devices) send traps and informs as notifications about change of state in network. Paragon Insights performs trigger evaluations on the traps and informs. Paragon Insights processes traps and informs from the configured device only if a playbook containing an SNMP-notification rule is running for the specified device. In all other cases, the SNMP Manager drops the trap or inform message.
The following sections describe relevant terms, configuration of traps and informs through CLI, port configuration, and accessing status of SNMP traps through CLI.
You can configure SNMP trap notifications in SNMPv2c and SNMPv3. You can configure SNMP inform messages only when you use SNMPv3 protocol.
Tasks You Can Perform
Before you delve into SNMP trap and inform configurations, the following glossary can familiarize you with important concepts in SNMPv3 protocol.
The authoritative agent |
In SNMPv3 transactions between two entities (agent and manager), Paragon Insights verifies the source device of notifications through authentication and privacy.Authentication identifies and verifies the source of an SNMPv3 message. The privacy feature prevents packet analyzers from snooping the content of messages by encrypting the notification messages. The entity that controls the notification flow is known as an authoritative agent. In SNMPv3, the non-authoritative entity must know the <Engine ID> of the authoritative agent for a successful communication. |
Traps or trap messages |
A trap is an unacknowledged notification sent to the SNMP manager. In trap messages, SNMP agent is the authoritative agent. The administrator must configure the SNMP v3 <user> (distinct from the local IAM users) and <Context Engine ID> on the device that sends out the trap messages. For traps, the <Context Engine ID> is the Engine ID that uniquely identifies the SNMP agent. |
Informs or inform messages |
An inform is also a notification sent from an SNMP agent to the SNMP manager. In inform messages, SNMP manager is the authoritative agent. You configure the device that needs to send inform messages with the details of the remote authoritative agent, SNMP manager (Paragon Insights). The administrator must configure the <user> found in the remote SNMP manager. |
Engine ID |
<Engine ID> is a hexadecimal generated for a given agent that uniquely identifies the SNMP agent and needs to be unique across a given administrative domain. It also must be persistent across reboots or upgrades. |
Security Engine ID |
It is a security parameter in the SNMP communication between the agent and the manager. <Security Engine ID> is usually the <Engine ID> of the authoritative agent involved. A trap message has two parts: a header and a trap Protocol Data Unit (PDU). The header contains the <Security Engine ID> and a <username> set in the trap configuration. When an agent sends a trap, the parameters in the trap header are checked against the details in the USM table. The trap is further processed only when the parameters in the header matches with details in the USM table. In inform notifications, the <Security Engine ID> is Paragon Insight’s Engine ID. |
Context Engine ID |
<Context Engine ID> is part of a trap PDU. It uniquely identifies a device which has sent the original trap message. <Context Engine ID> and <Security Engine ID> are identical is most cases. |
USM Table |
SNMP managers receiving the traps needs to maintain the USM table (User-based Security Model) which has <Security Engine ID> and <username> as the key to verify the source of the trap messages. |
The following sections detail how to:
Find the Engine ID
Depending on if you configure devices to send trap or inform notifications, you need to first find the <Engine ID> of either the SNMP agent. You can refer to the sample commands below to find the engine id in Junos devices.
The CLI command to find <Engine ID> varies from vendor-to-vendor.
To find the <Engine ID> of SNMP agents (devices) that are Junos-based platforms, enter the following command in CLI.
show snmp v3 engine-id
You will receive a HEX output as the device <Engine ID>.
Configure Trap Notifications
You can configure a device to send trap notifications using SNMPv2c and SNMPv3.
The source IP address needs to be unique across all the devices as it uniquely identifies the device. You can configure source IP address only for devices.
In Paragon Insights, the SNMPv2c and SNMPv3 ingest and trap configurations share the same workflow.
To configure SNMP trap notifications at the device level:
In device groups, you can configure port number for traps and inform notifications. You can also configure log levels for SNMP notification.
-
Click the Configuration > Device Groups option in the left-navigation bar.
-
Select a device group and click on the edit button (pencil icon).
The Edit Device Group page appears.
-
Click Advanced > Ports to configure notification ports for traps and informs.
-
Click Advanced > Logging > Service Logging Overrides to configure SNMP logs.
The following table describes the attributes in the Add a Device Group window:
Table 1: Table 2: Add Device Group Page Details Attributes
Description
Name
Name of the device group. (Required)
Description
Description for the device group.
Devices
Add devices to the device group from the list. (Required)
In Paragon Insights, you can add more than 50 devices per device group. However, the actual scale of the number of devices you can add depends on the available system resources.
For example, let's say that you want to create a device group of 120 devices. In releases earlier than Release 4.0.0, we recommend that you create three device groups of 50, 50, and 20 devices respectively. With Paragon Insights, you just create one device group.
Logging Configuration
SNMP Notification
Paragon Insights supports collecting log data for SNMP notification. You can collect different severity levels of logs for the snmp-notification service in a device group.
Use these fields to configure which log levels to collect:
Global Setting Log Level From the list, select the level of the log messages that you want to collect for every running Paragon Insights service for the device group. The level is set to None by default.
Services Logging Overrides Select the log level from the list for any specific service that you want to configure differently from the Global Setting log level. The log level that you select for a specific service takes precedence over the Global Setting log configuration.
Ports
SNMP Notification Ports
Enter port number(s) separated by comma, if you want to configure multiple ports. Paragon Insights listens on these ports for trap and inform notifications.
-
Click Save to commit the configuration or click Save and Deploy to deploy the configuration in Paragon Insights.
Configure Inform Notifications
To enable devices to send inform notifications, you must configure SNMPv3 USM user(s).
To create USM users in Paragon Insights:
After adding USM users, you can configure the following details in the Edit Device-Name page in Device Configuration and Edit Device Group page in Device Group Configuration.
Attributes |
Description |
---|---|
SNMP |
|
Version |
You can set this field in Edit Device-Name page under Protocols > SNMP caret. Select v3 from the menu. |
Port (Devices only) |
You can set this field in Edit Device-Name page under Protocols > SNMP caret. Port number required for SNMP inform notifications. The standard port number for trap and inform notifications is 162. |
Notification Ports (Device Groups only) |
You can set this field in Edit Device Group page under Advanced > Ports > SNMP Notification Ports field. Enter notification ports separated by comma. Paragon Insights listens on the notification ports for traps and inform messages from device groups. |
Context Engine ID (Devices only) |
You can set this field in Edit Device-Name page under Protocols > SNMP caret. This field appears if you selected v3 in Version field. The Engine ID must be set to engine-id of the SNMP agent. |
Source IP Address (Devices only) |
You can set this field in Edit Device-Name page under Device Details ID > SNMP Source IPs caret. This field appears if you selected v3 in SNMP Version field. Enter the source IP address of the device. This field is optional. If you use NAT or an SNMP Proxy, the virtual IP address you configure for the SNMP Proxy must be set as the source IP address. |
Configure Port for Inform Notifications
By default, Paragon Insights listens for traps and informs in the standard SNMP trap port 162. If needed, you can change this port either at the global level (which is applicable to all device groups) or at the device group level applicable to a specific device group.
Port configured under ingest will apply to all device groups. Trap and Inform messages received through any other port are discarded.
To configure port number at the ingest level:
- Go to Configuration > Data Ingest > Settings in the left-nav bar.
- Select the SNMP Notification tab on the Ingest Settings page.
- In the Port section, enter the port number.
- Click Save to only save the configuration and Save and Deploy to deploy the configuration in Paragon Insights.
Port configured under device group will apply to only a specific device group. Traps and informs received through any other port are discarded. To configure port numbers at the device group level, see Table 1.
Configure a Rule for SNMP Notification
Once the device is configured to send traps or inform notification, you must configure a rule on the device with SNMP trap so that, Paragon Insights can process traps from the device. In device groups, you can apply a playbook instance that has the snmp-notification rule. When you configure SNMP notification in any rule, you must select the MIB name you want to monitor. Go to the Juniper MIB Explorer to browse MIB files for Junos OS devices and the Cisco MIB Locator to browse MIB files for Cisco devices.
The following example shows how you can configure a rule with SNMP notification to send alerts if an interface comes up for the chassis.interfaces/ topic.
It is assumed that you have configured the device or device group for SNMP trap notification. See Configure Trap Notifications to configure SNMP trap notifications in devices or device groups.
To configure a rule under topic chassis.interfaces/:
You must include this rule in a playbook and apply the playbook's instance in a device or a device group.
To check the new SNMP notifications sent by device groups, log into Paragon Insights server as a root user and type the following command.
/var/local/healthbot/healthbot cli --device-group healthbot -s influxdb
You can track new entries of SNMP trap notifications. The notifications are sent to the Paragon Insights server for the fields (for example, IfAdminStatus) you configured.