DX NetOps

Expand all | Collapse all

SNMP V2 traps from SystemEDGE 5

Jump to Best Answer
  • 1.  SNMP V2 traps from SystemEDGE 5

    Posted 08-09-2010 12:41 PM
    Greetings All,

    We have SystemEDGE 5 installed on Windows 2003 server.
    Spectrum: 9.1.1
    eHealth: 6.1

    Configured the agent to send traps to Spectrum & eHealth server.
    Traps are coming to Spectrum server with SNMP V2 from SystemEDGE 5 agents, which are not being identified by spectrum server.

    Wierd thing i have found from the Packet sniffer is that:
    - the 'header' info for the packet shows lots of SNMPv2 references (See below packet capture with color code in red)
    - the traps enterprise ID shows enterprise: 1.3.6.1.4.1.546.1.1 (SNMPv2-SMI::enterprises.546.1.1)
    - the Simple Network Management Protocol version in the packet shows as "version: version-1 (0)"


    No. Time Source Destination Protocol Info
    77 10:47:40.185622 172.23.100.82 172.23.100.77 SNMP
    trap SNMPv2-SMI::enterprises.546.1.1 SNMPv2-SMI::enterprises.546.17.1.1.1.3
    SNMPv2-SMI::enterprises.546.17.1.1.2.3
    SNMPv2-SMI::enterprises.546.17.1.1.3.3
    SNMPv2-SMI::enterprises.546.17.1.1.4.3
    SNMPv2-SMI::enterprises.546.17.1.1.6.3
    SNMPv2-SMI::enterprises.546.17.1.1.7.3
    SNMPv2-SMI::enterprises.546.17.1.1.15.3
    SNMPv2-SMI::enterprises.546.17.1.1.16.3
    SNMPv2-SMI::enterprises.546.17.1.1.17.3
    SNMPv2-SMI::enterprises.546.17.1.1.18.3
    SNMPv2-SMI::enterprises.546.17.1.1.19.3
    Frame 77 (323 bytes on wire, 323 bytes captured)
    Ethernet II, Src: HewlettP_da:74:c5 (00:0f:20:da:74:c5), Dst:
    HewlettP_fd:eb:45 (00:11:0a:fd:eb:45)
    Internet Protocol, Src: 172.23.100.82 (172.23.100.82), Dst: 172.23.100.77
    (172.23.100.77)
    User Datagram Protocol, Src Port: snmptrap (162), Dst Port: snmptrap (162)
    [color=#F80808]Simple Network Management Protocol[color]
    [color=#F33A0A]version: version-1 (0)[color]
    community: public
    data: trap (4)
    trap
    enterprise: 1.3.6.1.4.1.546.1.1
    [color=#EB1B1B](SNMPv2-SMI::[color=#F33A0A][color]enterprises.546.1.1) [color]
    agent-addr: 172.23.100.82 (172.23.100.82)
    generic-trap: enterpriseSpecific (6)
    specific-trap: 20
    time-stamp: 1281019679
    variable-bindings: 11 items
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.1.3 (1.3.6.1.4.1.546.17.1.1.1.3): 3
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.2.3 (1.3.6.1.4.1.546.17.1.1.2.3): 4469736B
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.3.3 (1.3.6.1.4.1.546.17.1.1.3.3): 2F2F2E2F4669727374
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.4.3 (1.3.6.1.4.1.546.17.1.1.4.3): 50657263656E7442757379
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.6.3 (1.3.6.1.4.1.546.17.1.1.6.3): 4
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.7.3 (1.3.6.1.4.1.546.17.1.1.7.3): 2
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.15.3 (1.3.6.1.4.1.546.17.1.1.15.3): 6
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.16.3 (1.3.6.1.4.1.546.17.1.1.16.3): 16
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.17.3 (1.3.6.1.4.1.546.17.1.1.17.3): 1
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.18.3 (1.3.6.1.4.1.546.17.1.1.18.3): 4
    [color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.19.3 (1.3.6.1.4.1.546.17.1.1.19.3): 1

    Following are the event extraction from Spectrum Event tab from the server where SystemEDGE 5 traps received & not identified with any events defined in spectrum.

    "Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:16. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
    Trap var bind data:
    OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
    OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
    OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
    OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
    OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 4
    OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 2
    OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
    OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
    OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 1
    OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
    OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"
    "Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:07. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
    Trap var bind data:
    OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
    OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
    OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
    OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
    OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 2
    OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 4
    OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
    OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
    OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 0
    OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
    OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"

    Has anyone come across this kind of situation from SystemEDGE 5 traps?
    Since the Spectrum is not able to identify the traps as V2 or V1 its not generating any alarm on it.


  • 2.  RE: SNMP V2 traps from SystemEDGE 5

    Broadcom Partner
    Posted 08-11-2010 03:18 PM
    Hi All,

    Any ideas here?

    Thanks!
    Chris


  • 3.  RE: SNMP V2 traps from SystemEDGE 5

    Posted 08-26-2010 03:35 AM
    That's not an SNMPv2 trap.... Where your sniffer looks up the OIDs are not relevant...


  • 4.  RE: SNMP V2 traps from SystemEDGE 5

    Posted 02-19-2011 01:33 AM
    Have you discovered/modeled the System Edge Agent as a Host_SystemEdge model class to a landscape/spectro server already? Are the Alert Mappings Defined? Did you point your systemedge agent trap destinations to the SPectrum Landscape Server it was modeled/discovered on?


  • 5.  RE: SNMP V2 traps from SystemEDGE 5
    Best Answer

    Broadcom Employee
    Posted 04-08-2011 02:49 PM
    I think what you're really looking at here is a SPECTRuM issue as to why the traps are not being handled correctly.

    The traps from SystemEDGE are by default SNMPv1. The agent can be configured to send SNMPv2 trap (page 145 of SystemEDGE 5.0 guide).

    The fact that the traps are making it to SPECTRuM supports that SystemEDGE is doing what is asked of it.

    If this is still an issue for you, please open a issue with the SPECTRuM team.


  • 6.  Re: SNMP V2 traps from SystemEDGE 5

    Posted 01-19-2017 08:13 AM

    Spectrum 9.1 support SystemEDGE 5 traps ?

    If you are getting events of type "0x10801" is because something is missing in alertmap configuration.


    Diego MP