I'm fairly new to Juniper and was tasked to configure our FW to use SNMPv3. We have SNMP configured, and we're using Cacti on a Linux host to monitor graphs and to collect SNMP data. However, it's been reported that SNMP has been generating an unnecessary amount of log data, and I've now been tasked to "reduce" it by disabling or limiting some portion of it, and I was under the assumption that the data was being pulled by the management SNMP server rather than the device sending the data. From the Cacti config point of view on the SNMP server/monitor, you basically enter the device IP, login info and version. Could it be OID value? I'm not sure what I'm looking for and some guidance would be appreciated.
Some details (more can be provided, as needed)
Under SNMP configs, we have:
- v3: with a user using md5 authentication and DES privacy for encryption
- vacm: security-to-group with 'usm' security model and the user above in 'readgroupname'
- the view 'readgroupname' shows it's using 'oid system include' and 'oid .1 include'
- the client-list has this management server IP (and one other)
- trap-group has 'authentication' and 'configuration' categories and targets (the 2 mgmt server IPs)
What can I do to accomplish this? (I'm currently waiting to get additional details on how the logs are becoming overwhelming, but would like to get ahead of it, if possible)
Similarly, I've been asked to do the same on a Cisco device, and on that, there is an option to select Poll and/or Trap, where polling is the SNMP server pulling SNMP data and Trap is the device sending SNMP data on an event. No such option is apparent on the SRX.