DX NetOps

Greetings All,

We have SystemEDGE 5 installed on Windows 2003 server.
Spectrum: 9.1.1
eHealth: 6.1

Configured the agent to send traps to Spectrum & eHealth server.
Traps are coming to Spectrum server with SNMP V2 from SystemEDGE 5 agents, which are not being identified by spectrum server.

Wierd thing i have found from the Packet sniffer is that:
- the 'header' info for the packet shows lots of SNMPv2 references (See below packet capture with color code in red)
- the traps enterprise ID shows enterprise: 1.3.6.1.4.1.546.1.1 (SNMPv2-SMI::enterprises.546.1.1)
- the Simple Network Management Protocol version in the packet shows as "version: version-1 (0)"


No. Time Source Destination Protocol Info
77 10:47:40.185622 172.23.100.82 172.23.100.77 SNMP
trap SNMPv2-SMI::enterprises.546.1.1 SNMPv2-SMI::enterprises.546.17.1.1.1.3
SNMPv2-SMI::enterprises.546.17.1.1.2.3
SNMPv2-SMI::enterprises.546.17.1.1.3.3
SNMPv2-SMI::enterprises.546.17.1.1.4.3
SNMPv2-SMI::enterprises.546.17.1.1.6.3
SNMPv2-SMI::enterprises.546.17.1.1.7.3
SNMPv2-SMI::enterprises.546.17.1.1.15.3
SNMPv2-SMI::enterprises.546.17.1.1.16.3
SNMPv2-SMI::enterprises.546.17.1.1.17.3
SNMPv2-SMI::enterprises.546.17.1.1.18.3
SNMPv2-SMI::enterprises.546.17.1.1.19.3
Frame 77 (323 bytes on wire, 323 bytes captured)
Ethernet II, Src: HewlettP_da:74:c5 (00:0f:20:da:74:c5), Dst:
HewlettP_fd:eb:45 (00:11:0a:fd:eb:45)
Internet Protocol, Src: 172.23.100.82 (172.23.100.82), Dst: 172.23.100.77
(172.23.100.77)
User Datagram Protocol, Src Port: snmptrap (162), Dst Port: snmptrap (162)
[color=#F80808]Simple Network Management Protocol[color]
[color=#F33A0A]version: version-1 (0)[color]
community: public
data: trap (4)
trap
enterprise: 1.3.6.1.4.1.546.1.1
[color=#EB1B1B](SNMPv2-SMI::[color=#F33A0A][color]enterprises.546.1.1) [color]
agent-addr: 172.23.100.82 (172.23.100.82)
generic-trap: enterpriseSpecific (6)
specific-trap: 20
time-stamp: 1281019679
variable-bindings: 11 items
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.1.3 (1.3.6.1.4.1.546.17.1.1.1.3): 3
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.2.3 (1.3.6.1.4.1.546.17.1.1.2.3): 4469736B
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.3.3 (1.3.6.1.4.1.546.17.1.1.3.3): 2F2F2E2F4669727374
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.4.3 (1.3.6.1.4.1.546.17.1.1.4.3): 50657263656E7442757379
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.6.3 (1.3.6.1.4.1.546.17.1.1.6.3): 4
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.7.3 (1.3.6.1.4.1.546.17.1.1.7.3): 2
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.15.3 (1.3.6.1.4.1.546.17.1.1.15.3): 6
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.16.3 (1.3.6.1.4.1.546.17.1.1.16.3): 16
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.17.3 (1.3.6.1.4.1.546.17.1.1.17.3): 1
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.18.3 (1.3.6.1.4.1.546.17.1.1.18.3): 4
[color=#F01414]SNMPv2-SMI[color]::enterprises.546.17.1.1.19.3 (1.3.6.1.4.1.546.17.1.1.19.3): 1

Following are the event extraction from Spectrum Event tab from the server where SystemEDGE 5 traps received & not identified with any events defined in spectrum.

"Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:16. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
Trap var bind data:
OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 2
OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 1
OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"
"Unknown alert received from device ems-t-itcm12.mgmt.ciber.net of type Host_systemEDGE. Device Time 148+06:23:07. (Trap type 1.3.6.1.4.1.546.1.1.6.20)
Trap var bind data:
OID: 1.3.6.1.4.1.546.17.1.1.1.3 Value: 3
OID: 1.3.6.1.4.1.546.17.1.1.2.3 Value: Disk
OID: 1.3.6.1.4.1.546.17.1.1.3.3 Value: //./First
OID: 1.3.6.1.4.1.546.17.1.1.4.3 Value: PercentBusy
OID: 1.3.6.1.4.1.546.17.1.1.6.3 Value: 2
OID: 1.3.6.1.4.1.546.17.1.1.7.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.15.3 Value: 6
OID: 1.3.6.1.4.1.546.17.1.1.16.3 Value: 16
OID: 1.3.6.1.4.1.546.17.1.1.17.3 Value: 0
OID: 1.3.6.1.4.1.546.17.1.1.18.3 Value: 4
OID: 1.3.6.1.4.1.546.17.1.1.19.3 Value: 1"

Has anyone come across this kind of situation from SystemEDGE 5 traps?
Since the Spectrum is not able to identify the traps as V2 or V1 its not generating any alarm on it.

Hi All,

Any ideas here?

Thanks!
Chris

That's not an SNMPv2 trap.... Where your sniffer looks up the OIDs are not relevant...

Have you discovered/modeled the System Edge Agent as a Host_SystemEdge model class to a landscape/spectro server already? Are the Alert Mappings Defined? Did you point your systemedge agent trap destinations to the SPectrum Landscape Server it was modeled/discovered on?

I think what you're really looking at here is a SPECTRuM issue as to why the traps are not being handled correctly.

The traps from SystemEDGE are by default SNMPv1. The agent can be configured to send SNMPv2 trap (page 145 of SystemEDGE 5.0 guide).

The fact that the traps are making it to SPECTRuM supports that SystemEDGE is doing what is asked of it.

If this is still an issue for you, please open a issue with the SPECTRuM team.