nv-l
[Top] [All Lists]

Re: How to determine source of IBM Authentication Failure Traps in Netvi

To: nv-l@lists.tivoli.com
Subject: Re: How to determine source of IBM Authentication Failure Traps in Netview for Solaris Platform ?
From: Jim Kellock <jkellock@nc.rr.com>
Date: Tue, 27 Feb 2001 06:57:47 -0500
NetView only knows what the agent on the machine getting the SNMP poll
will tell him.  You have to deal with the source device for the trap
you're getting.

Two ways you can do this:
1. You can set the logging level up for SNMPD on the machine that's
getting polled with an incorrect community name (if it's a workstation).
Then, as long as that agent is able to determine and capture the info,
he'll log the poller info for you, and may or may not include this info
in his trap to NetView- depends on the agent.

2. Put a sniffer on it.

Agents on some routers, switches, etc., don't have the ability to
capture the source address of the poll, even though they recognize the
intrusion and will send the authentication trap.

> "Beeler, George" wrote:
> 
> All,
> 
> I have searched through the archives on trying to determine the source
> of IBM Authentication Failure traps in Netview, but we are running it
> on a Solaris platform.  Does anyone have any steps that we could try
> and troubleshoot this problem?  Mainly, we would like to turn on
> 'tracing' and view the results to be able to track down which end host
> is the culprit.
> 
> Thank-you in advance,


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web