Skip to main content
Version: 7.8


NetObserv SNMP Trap makes it simple to securely add credentials for the trap listener to use.

The directory of the listener credential files is specified by EF_INPUT_TRAP_LISTENER_CREDENTIALS_DIRECTORY_PATH in the trapcoll configuration options. The default location is /etc/elastiflow/snmp/traps/credentials. See credentials.yml for a template.


Currently, credentials only work for SNMP v3 Traps. Community strings are not enforced.

Trap SNMP v3 Credential File Example

Example File Structure:

- username: myuser1
authentication_protocol: md5
authentication_passphrase: mypassword1
privacy_protocol: aes
privacy_passphrase: myprivacy1
authoritative_engine_id: authoritative_engine_id
- username: myuser2
authentication_protocol: md5
authentication_passphrase: mypassword2
privacy_protocol: aes
privacy_passphrase: myprivacy2
authoritative_engine_id: authoritative_engine_id

Configuration Attributes


Currently, there are no default values for these fields and all fields are required.


The username of the listener credential.

EXAMPLE: myuser1


The authentication protocol used to authenticate the username with the incoming device Trap using SNMPv3.

  • Valid Values
    • noauth, md5, sha, sha224, sha256, sha384, sha512


The authentication passphrase used to authenticate the username with the device using SNMPv3.


Currently only device-level polling intervals are supported. A future enhancement will include support for object-level interval override of the device-level value.


The privacy protocol used to encrypt SNMPv3 traffic between the SNMP device and the Trap listener.

  • Valid Values
    • nopriv, des, aes, aes192, aes256, aes192c, aes256c


The privacy passphrase used to encrypt SNMPv3 traffic between the SNMP input and the device.


The authoritative engine ID used to make an SNMP request with SNMPv3.


The authoritative_engine_id used in each credential must exactly match the authoritative_engine_id set for the Trap listener via the EF_INPUT_TRAP_LISTENER_AUTHORITATIVE_ENGINE_ID setting.

Credential File Encryption

Credential files located in the directory specified by EF_INPUT_TRAP_LISTENER_CREDENTIALS_DIRECTORY_PATH can be encrypted using industry standard AGE encryption by setting EF_INPUT_TRAP_LISTENER_CREDENTIALS_SECURE_STORE_ENABLE to true.

Please visit Trap Listener Credentials Encryption to learn more.