Traps and events

Nikk · July 30, 2013, 04:05:09 PM

Hi,
So I was trying out if i'm getting traps from switch. I tried the easiest way - SNMP_AUTH_FAILURE trap and event with alarm generation.
When I make login failure, everything happens as I expected - i get an alarm with appropriate message! And then starts my problem - that alarm keeps generating, although i failed to login once. It keeps coming until i make it as sticky acknowledge.
So is that normal? Should i make some kind of alarm acknowledge event or what?

And I don't see received traps in SNMP trap monitor (i guess because of this https://www.radensolutions.com/chiliproject/issues/150) and also I don't see any event in Events monitor! I consider, that event which is generated, should appear in Events monitor, am I right?

Thanks in advance,
Nikk

lindeamon · July 30, 2013, 04:47:34 PM

hi Nikk,

regarding the snmp issue, in the server configuration just enable the snmp trap logs {you may have to restart the server service}, open the snmp monitor window and see if you get more then one snmp trap about failed login.

regarding the events monitor, did you configured the alarm you have created to be logged ? i am almost sure that this is the problem.

Regards,
Lindeamon

Nikk · July 30, 2013, 05:02:05 PM

I have both EnableSNMPTraps and LogAllSNMPTraps on 1, so that's not it!

Actually how do I configure the alarm to be logged?

lindeamon · July 30, 2013, 10:24:19 PM

and you have restarted the server after configuring it ?
i do not have netxms in front of me right now, but in the event configuration as far as i remember, there is a check box
for logging the event, but i am wrong and you do not see it there i will be in front of netxms tomorrow and i'll check it.

Regards,
Lindeamon

lindeamon · July 31, 2013, 09:50:06 AM

i have checked it and i was right.
when you open an event you have a checkbox for writing the event to the log

Nikk · July 31, 2013, 10:14:25 AM

Heh, such a stupid mistake! Yes, just had to restart

Okay, back to problem, know I see that i'm getting a lot of traps, for that one fail login! What is the reason for this?
I checked tcpdump and there i didn't see anything from that exact address on which i tried to connect.

Thank you for response!

Nikk

lindeamon · July 31, 2013, 05:34:11 PM

have you configured only one device to send netxms traps ?
the only thing that i can think of now is that an snmp auth. trap gets sent from every device including windows with snmp support and maybe this is your problem.

can you post the snmp log ?

Nikk · August 01, 2013, 02:46:30 PM

I configured on 2 Enterasys switches D2 and N1 to send me traps.
In SNMP Trap monitor the traps i'm receiving are from my IP.

lindeamon · August 01, 2013, 10:54:30 PM

what is your platform ?
is snmp configured on it ?
did you configured correct snmp community in the node properties of your ip ? global snmp community on the netxms server ?
maybe netxms is trying to connect to your computer via snmp with the wrong community or maybe your computer is configured to allow snmp only from local host and that is what causing the traps.

Nikk · August 05, 2013, 12:03:34 PM

Netxms server is on Ubuntu server 12.04, and i'm working on agent (win7).
When I changed snmp settings on win7 (receice traps from any host), i get only one trap now! But I receive it as SNMP_UNMATCHED_TRAP not like SNMP_AUTH_TRAP anymore. what could be the cause of this?

Thanks in advance,
Nikk

lindeamon · August 05, 2013, 11:28:15 PM

let me see if i understand.
you installed an agent on a windows 7 platform, and on the server you get SNMP_UNMATCHED_TRAP originated from the windows 7 platform, am i right ?
if this is the case, then you can google the oid of the trap to see who or what generated it, maybe a software is configured to send snmp like the snmp agent of the broadcom management suite for servers.

if this is not the case then try to find out where the trap is originated from, lookup the oid and we will go from there.
from your answer i see that at least you solved the multiple events that you got.

Regards,
Lindeamon

Nikk · August 06, 2013, 01:12:04 PM

yes, exactly! Sorry, if I am telling something wrong!

The oid is .1.3.6.1.4.1.5624.1.2.49.1.0.1 , it's a enterasys oid from ENTERASYS-MIB-NAMES
etsysResourceCpuLoad1minThresholdExceeded, so I just need to make an event named like that and that's all?

I have successfully (i think) added all enterasys mibs.

Yes, for a while everything was quiet! But when i changed some snmp service settings, i'm receiving that spam again! My computer is generating them, as i take out netxms server form my snmp service, it's fine again.

Hope you understand!

Thanks in advance,
Nikk

lindeamon · August 06, 2013, 03:50:23 PM

for the 1st part yes, you have to make a new event. you can see here https://www.netxms.org/forum/general-support/sharing-standard-templates-for-netxms/ all my posts and maybe it will help you understand how to configure netxms.

for the 2nd part, since the node configuration of your computer in netxms includes snmp it tries to query your computer every 30 seconds or so and my be it has the wrong community configured in the node properties, check that and maybe this is your solution.

Regards,
Lindeamon

Nikk · August 06, 2013, 03:56:02 PM

Thank you, i think i get that trap&event thing

That's not the case i guess, as my community name is public!

Thanks in advance,
Nikk

NetXMS Support Forum

News:

Traps and events

Nikk

lindeamon

Nikk

lindeamon

lindeamon

Nikk

lindeamon

Nikk

lindeamon

Nikk

lindeamon

Nikk

lindeamon

Nikk