Does your snmptrapd have proper v3 config? all the engineID-s etc ?

I dont know what you are talking about. I just deployed the container according to the documentation. Thats it. Do you mean there are steps I need to take that are undocumented?

I now sent some SNMPv1/v2 trap to the zabbix proxy. I can see that it was received in /var/lib/zabbix/snmptraps/snmptraps.log, and that it was imported by zabbix server in SNMP traps (fallback). So for SNMPv1/v2 the current setup does work properly.

The official documentation really is lacking about setting up for receiving SNMPv3 traps. Some examples would be helpful.
​
Circling back, why would I need to configure something in snmptrapd.conf? When I was reading the container's default config in /etc/snmp I had the impression that authentication/verification is turned off, so that these checks may be handled later by zabbix server and that the traps can be received and passed on to the server, even if authentication would fail later on when the server processes the trap log entry. Is that not how this is supposed to work?
​
Boiling it down the current question is?

-is the SNMPv3 information provided in zabbix web ui only used for active polling using snmp-get, and not for passive receiving of snmp traps?
-does the zabbix-snmptraps container need to be able to authenticate SNMPv3 traps to actually pass them on?
-does the zabbix server not authenticate SNMPv3 traps and just uses the sender information to pass it to the correct host object?​

So what you seem to say is dawning on me, that I may need to manually create SNMP users to be able to receive SNMPv3 traps, is that correct? (which would be terribly inconvenient, as this would be done within the container.

Is this correct? would I need an individual user per device (UPS1, UPS2, UPS3), or only one user per device type (1 user for all APC UPS devices using the same MIB)?

​

It is by the different nature of v1/v2 vs v3.... All the security layer in v3 requires your snmptrapd to keep track of who is allowed to send etc. So yes, you need to configure it. There is a bit of it in https://www.zabbix.com/documentation...types/snmptrap but you shoudl also read snmptrapd docs .
​
yes. As smptrapd is completely different product, and basically just dumps its received data to logfile, then there is absolutely no communication in the other way to somehow enable v3 comms in snmptrapd based on data in Zabbix...
I think so, yes... I have not dealt with containers, but I dont see any diff in that sense, that your snmpdtrapd has to have proper config, either in container or "real host"...
As long as I see, zabbix server/proxy does not do any auth procedures after snmptrapd has done its job. It picks up things from logfiles based on names / ip-s written there and matching those against existing hosts. no additional auth there...
IIRC, if you use traps, you need config per device, if you use informs, you can get away with single line in config (or at least few of them)... Point is, that with v3, inform type event triggers communication between parties... pretty much same as with v3 polling, all the "hello"-s and enginID and boot count exchange etc... using traps requires you to have those engineID-s present already in snmptrapd config...

http://www.net-snmp.org/tutorial/tut...mptrap-v3.html

Thanks this almost completely answers my questions!

If I need to have a "createUser" per trap-sending device, or only per type of trap-sending device, meaning if I have 3 UPS devices by APC all using the same SNMP MIB, would I need to create just 1 user in snmptrapd.conf, or would I need to create 3 users?.

Depends, if those are traps or informs... with informs, 1 line, as it does not need deviceID there and all those devices use same username/password. With traps one per device (deviceID etc...)

Hi! Just a question... The snmptrapd.conf file inside yhe container works with public communities. But how can i add other communities and persist that changes? Im using podman, but when i try to define /etc volume the pod does not start.
Sorry, probably is more a container issue, but i need help please. Thanks!