SNMPv3 engine ID scalability #1280
Description
If your issue is not a bug or a feature request, please raise a support ticket through our support portal (Splunk.com > Support > Support Portal). This will help us resolve your issue more efficiently and provide you with better assistance. For more information on how to work with the Splunk Support, please refer to this guide.
** What is the SC4SNMP version? 1.12.1
Is your feature request related to a problem? Please describe.
We require SC4SNMP to support receiving traps of thousands of different SNMP v3 engine IDs. As per RFC 3411, each engine ID must be unique.
RFC 3411 Architecture for SNMP Management Frameworks December 2002
3.1.1.1 snmpEngineID
Within an administrative domain, an snmpEngineID is the unique and unambiguous identifier of an SNMP engine. Since there is a one-to-one association between SNMP engines and SNMP entities, it also uniquely and unambiguously identifies the SNMP entity within that administrative domain.
Describe the solution you'd like
- SNMP_V3_SECURITY_ENGINE_ID to accept a wildcard (*) to allow traps from any engine ID, subject to format-compliant checks (Pages 40-41 of https://www.ietf.org/rfc/rfc3411.txt)
or - Develop a scalable method to incorporate thousands of allowed engine IDs within the trap configuration
Describe alternatives you've considered
Use v2 traps, but it's not an option due to security flaws
Additional context
Add any other context or screenshots about the feature request here.