RE: How to determine source of IBM Authentication Failure Traps in Netview for Solaris Platform ?

["Beeler, George" <GBeeler@us.britannica.com>]

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

Jim,

Thanks for your reply.  We'll give it a try.

Regards,

George

-----Original Message-----
From: Jim Kellock [mailto:jkellock@nc.rr.com]
Sent: Tuesday, February 27, 2001 5:58 AM
To: IBM NetView Discussion
Subject: Re: [NV-L] How to determine source of IBM Authentication
Failure Traps in Netview for Solaris Platform ?


NetView only knows what the agent on the machine getting the SNMP poll
will tell him.  You have to deal with the source device for the trap
you're getting.

Two ways you can do this:
1. You can set the logging level up for SNMPD on the machine that's
getting polled with an incorrect community name (if it's a workstation).
Then, as long as that agent is able to determine and capture the info,
he'll log the poller info for you, and may or may not include this info
in his trap to NetView- depends on the agent.

2. Put a sniffer on it.

Agents on some routers, switches, etc., don't have the ability to
capture the source address of the poll, even though they recognize the
intrusion and will send the authentication trap.

> "Beeler, George" wrote:
> 
> All,
> 
> I have searched through the archives on trying to determine the source
> of IBM Authentication Failure traps in Netview, but we are running it
> on a Solaris platform.  Does anyone have any steps that we could try
> and troubleshoot this problem?  Mainly, we would like to turn on
> 'tracing' and view the results to be able to track down which end host
> is the culprit.
> 
> Thank-you in advance,
> 
> George
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

Jim,

Thanks for your reply.  We'll give it a try.

Regards,

George

-----Original Message-----
From: Jim Kellock [mailto:jkellock@nc.rr.com]
Sent: Tuesday, February 27, 2001 5:58 AM
To: IBM NetView Discussion
Subject: Re: [NV-L] How to determine source of IBM Authentication
Failure Traps in Netview for Solaris Platform ?

NetView only knows what the agent on the machine getting the SNMP poll
will tell him.  You have to deal with the source device for the trap
you're getting.

Two ways you can do this:
1. You can set the logging level up for SNMPD on the machine that's
getting polled with an incorrect community name (if it's a workstation).
Then, as long as that agent is able to determine and capture the info,
he'll log the poller info for you, and may or may not include this info
in his trap to NetView- depends on the agent.

2. Put a sniffer on it.

Agents on some routers, switches, etc., don't have the ability to
capture the source address of the poll, even though they recognize the
intrusion and will send the authentication trap.

> "Beeler, George" wrote:
>
> All,
>
> I have searched through the archives on trying to determine the source
> of IBM Authentication Failure traps in Netview, but we are running it
> on a Solaris platform.  Does anyone have any steps that we could try
> and troubleshoot this problem?  Mainly, we would like to turn on
> 'tracing' and view the results to be able to track down which end host
> is the culprit.
>
> Thank-you in advance,
>
> George
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l