Greetings All,
We have SystemEDGE 5 installed on Windows 2003 server.
Spectrum: 9.1.1
eHealth: 6.1
Configured the agent to send traps to Spectrum & eHealth server.
Traps are coming to Spectrum server with SNMP V2 from SystemEDGE 5 agents, which are not being identified by spectrum server.
Wierd thing i have found from the Packet sniffer is that:
- the 'header' info for the packet shows lots of SNMPv2 references (See below packet capture with color code in red)
- the traps enterprise ID shows enterprise: 1.3.6.1.4.1.546.1.1 (SNMPv2-SMI::enterprises.546.1.1)
- the Simple Network Management Protocol version in the packet shows as "version: version-1 (0)"
No. Time Source Destination Protocol Info
77 10:47:40.185622 172.23.100.82 172.23.100.77 SNMP
trap SNMPv2-SMI::enterprises.546.1.1 SNMPv2-SMI::enterprises.546.17.1.1.1.3
SNMPv2-SMI::enterprises.546.17.1.1.2.3
SNMPv2-SMI::enterprises.546.17.1.1.3.3
SNMPv2-SMI::enterprises.546.17.1.1.4.3
SNMPv2-SMI::enterprises.546.17.1.1.6.3
SNMPv2-SMI::enterprises.546.17.1.1.7.3
SNMPv2-SMI::enterprises.546.17.1.1.15.3
SNMPv2-SMI::enterprises.546.17.1.1.16.3
SNMPv2-SMI::enterprises.546.17.1.1.17.3
SNMPv2-SMI::enterprises.546.17.1.1.18.3
SNMPv2-SMI::enterprises.546.17.1.1.19.3
Frame 77 (323 bytes on wire, 323 bytes captured)
Ethernet II, Src: HewlettP_da:74:c5 (00:0f:20:da:74:c5), Dst:
HewlettP_fd:eb:45 (00:11:0a:fd:eb:45)
Internet Protocol, Src: 172.23.100.82 (172.23.100.82), Dst: 172.23.100.77
(172.23.100.77)
User Datagram Protocol, Src Port: snmptrap (162), Dst Port: snmptrap (162)
[color=#F80808]Simple Network Management Protocol[color]
[color=#F33A0A]version: version-1 (0)[color]
community: public
data: trap (4)
trap
enterprise: 1.3.6.1.4.1.546.1.1
[color=#EB1B1B](SNMPv2-SMI::[color=#F33A0A][color]enterprises.546.1.1) [color]
agent-addr: 172.23.100.82 (172.23.100.82)
generic-trap: enterpriseSpecific (6)
specific-trap: 20
time-stamp: 1281019679
variable-bindings: 11 items
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.1.3 (1.3.6.1.4.1.546.17.1.1.1.3): 3
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.2.3 (1.3.6.1.4.1.546.17.1.1.2.3): 4469736B
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.3.3 (1.3.6.1.4.1.546.17.1.1.3.3): 2F2F2E2F4669727374
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.4.3 (1.3.6.1.4.1.546.17.1.1.4.3): 50657263656E7442757379
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.6.3 (1.3.6.1.4.1.546.17.1.1.6.3): 4
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.7.3 (1.3.6.1.4.1.546.17.1.1.7.3): 2
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.15.3 (1.3.6.1.4.1.546.17.1.1.15.3): 6
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.16.3 (1.3.6.1.4.1.546.17.1.1.16.3): 16
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.17.3 (1.3.6.1.4.1.546.17.1.1.17.3): 1
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.18.3 (1.3.6.1.4.1.546.17.1.1.18.3): 4
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.19.3 (1.3.6.1.4.1.546.17.1.1.19.3): 1
Following are the event extraction from Spectrum Event tab from the server where SystemEDGE 5 traps received & not identified with any events defined in spectrum.
"Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:16. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
Trap var bind data:
OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 2
OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 1
OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"
"Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:07. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
Trap var bind data:
OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 2
OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 0
OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"
Has anyone come across this kind of situation from SystemEDGE 5 traps?
Since the Spectrum is not able to identify the traps as V2 or V1 its not generating any alarm on it.