To suppress the alert from snmptd probe , we are sending the SNMP trap from the snmptd probe to logmon probe through queue mechanism. But the logmon probe is not reading the traps from the queue.
How is the queue configured? Specifically what name does it have, and what subject(s) go into to? Better yet, just drop that small portion of hub.cfg into this thread.
Thanks for the reply.
attached the HUB and logmon cfg files.
The configuration of the queue in both the logmon probe and the hub looks good. You can probably confirm that by looking at the Status tab in the hub GUI (if you have not already). The logmon probe should be connected to your Inmage queue, and if any SNMP traps have been received, the queue counters should indicate that. My main concern was that the right messages are going into the queue.
If I recall correctly, when the logmon probe is configured to monitor a queue, it looks for a field named message in each message from the queue. I am guessing the SNMP-TRAP messages do not have a field named message. It probably uses some set of fields to capture the individual fields in the trap rather than combining them into a single text string. Just guessing though. You can check the behavior by using DrNimBUS to sniff the messages on the message bus.
It might work better to configure the snmptd probe to log the traps to a file. I believe that option puts the traps into a trap.log (or traps.log) file in the snmptd probe directory. Then you could monitor that with the logmon probe. (I really prefer your idea of using a queue rather than a log file, but it looks like the two probes probably lack sufficient options to make then work well together.)
1. We can see in hub queue status tab that "Queue is receiving traps from snmptd probe and sending that to logmon probe " by seeing receiving and sent count.
2. Logmon probe : Earlier we had given some text ( ex: Critical) to monitor the queue from logmon probe and send that traps to NAS.
But after , we gave patteren as " Message " becasue each traps having "Message" text on each traps.
Copying snmptraps to log file becomes issue , when size of the log file increased.
So to monitor the traps queue from logmon probe , is the good option i think.