This is the code I have used for receiving the SNMP trap messages from a firewall.
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp.entity import engine, config
from pysnmp.entity.rfc3413 import ntfrcv
from pysnmp.proto.api import v2c
from pysnmp import debug
def cbFun(snmpEngine, stateReference, contextEngineId, contextName,
varBinds, cbCtx):
execContext = snmpEngine.observer.getExecutionContext(
'rfc3412.receiveMessage:request'
)
print('Notification from %s:%s' % execContext['transportAddress'])
for var_bind in varBinds:
print(f"Received OID: {var_bind[0]}, Value: {var_bind[1]}")
snmpEngine = engine.SnmpEngine())
# config.addV1System(snmpEngine, "user", "test")
# Setup transport endpoint
config.addSocketTransport(
snmpEngine,
udp.domainName,
udp.UdpSocketTransport().openServerMode(("0.0.0.0", 162)),
)
config.addV3User(
snmpEngine,
"test",
config.usmHMAC192SHA256AuthProtocol,
"hasuhunjsnjnL@123",
config.usmAesCfb128Protocol,
"hasuhunjsnjnL@123",
securityEngineId=v2c.OctetString(hexValue='80004f83983b30ea40'),
)
print("SNMP Trap; registering; Registered snmp v3 user %s", "test")
ntfrcv.NotificationReceiver(snmpEngine, cbFun)
debug.setLogger(debug.Debug('all'))
try:
snmpEngine.transportDispatcher.jobStarted(1)
snmpEngine.transportDispatcher.runDispatcher()
except KeyboardInterrupt:
snmpEngine.transportDispatcher.closeDispatcher()
print("SNMP Receiver stopped.")
when i get the trap message from the firewall i am getting this error
2023-10-13 18:12:07,330 pysnmp: prepareDataElements: using sendPduHandle None for msgID 35729595
2023-10-13 18:12:07,330 pysnmp: StatusInformation: {'errorIndication': EngineIDMismatch('SNMP engine ID mismatch encountered')}
I have tried to query for Engine ID using the MIB browser then I get 80001f8880h7238781d65 as the Engine ID. When I run the code I am receiving this 80004f83983b30ea40 as the securityEngineID. Are they different and how to configure it in Sophos firewall xg?