I'm trying to collect simple logs from Cisco devices using netsnmp with SNMP v3.
I can get the messages to appear in my snmptrapd, but I have to manually add the EngineID to for them to talk. E.g., until I do so, I see messages like:
usm: no match on engineID (80 00 00 09 03 00 3C 01 02 03 04 05 usm: no match on engineID (80 00 00 09 03 00 3C 01 02 03 04 05 )
Then I have to go into /etc/snmp/snmptrapd.conf and manually add the engine in a new createUser line.
I will have to add some 200 devices shortly and there's going to need to be a regular procedure to add new ones. Is there a way to improve this situation without losing encryption?
Based on your description, I would automate the process. At the top of the script or program that collects the logs, query against the device ahead of time for snmpEngineID.0 to retrieve the Engine ID. Then, check the /etc/snmp/snmptrapd.conf file for the Engine ID. If the ID exists, continue on. If the ID does not exist, add the createuser -e 0xEngineID line...
A short perl or bash script should do the trick. Let me know if you have related questions.