The format of the seed file is identical to a standard IP Domain Manager seed file, but the semantics are slightly different. In IP, the sections are keyed by the hostname or IP address (the first line in each block). SNMPv3/USM uses the engineID of the SNMP agent in the network device to uniquely identify the agent which sent the trap. The hostname (or IP address) is ignored completely. For each engineID, there will be one or more users. The engineID/userName pair constitutes the unique key for the SNMP Trap Adapter seed file.
In order to receive SNMPv3 traps, you must uncomment and edit specific lines. For example, you must type a valid hostname or IP address, set the SNMPVERSION field to V3, and edit the seed file fields beginning with the comment: # The following are for SNMPv3 entries. Recommended practice is to place each SNMPv3 field/value pair on its own line. “Sample SNMPv3 seed file entries” on page 97 provides more information.
The first line in the seed file must appear as follows if you intend to encrypt both the AUTHPROTOCOL and PRIVPROTOCOL passwords:
#<encrypted seed>:1.0:AUTHPASS,PRIVPASS
When you edit the seed file using the sm_edit utility, this line controls which field values in the seed file should be encrypted (for example, the AUTHPASS and PRIVPASS password fields).
The sm_edit utility may be invoked in a non-interactive mode by using the noedit option, for example:
sm_edit --noedit conf/trapd/seedfile
This will cause sm_edit to read in the seed file, encrypt the fields specified by the first line, and write them back out in encrypted mode.
While sm_trapd can parse plain text passwords from unencrypted seed files, VMware strongly recommends that all seed files be encrypted using the sm_edit utility. Failure to encrypt the seed files (and destroy any plaintext intermediates) will expose plaintext passwords to anybody who can read the file.
