Not sure of your network environment, but we see a lot of the same thing in
our network and it's caused by the latest version of Microsoft SMS software
that tries to poll anything on the network that is SNMP enabled. There
are a lot of assest management tools that do the same thing as well. If
your devices are SNMP configured with read and read/write strings set at
anything other than the defaults ie. "Public" then you will see the types
of trap messages you are receiving. I myself would still like to find a
way to filter these out .... they just take up valuable space in the log
file. Does anyone have a method to filter these out?? I would be
interested in hearing it.
"Philippe
Menard" To: nv-l@lists.tivoli.com
<PME@fr.ibm.co cc:
m> Subject: [nv-l] Community in traps
?
2002/02/28
03:07 AM
All,
Just in case : AIX 4.3.3 ML 9 + NV 6.0
I'm trying to understand why the trapd.logs of a NetView server
contain 1000s authenticationFailure traps per day. These traps
are sent by both MLMs and network devices although the read
and write communities *are* OK.
I suspect they are caused by the community used in traps.
Has anyone a clear understanding of how the MLMs and NetView
handle communities in traps ?
Q1 : does the MLM check the community in a trap it receives
from a network device ?
Q2 : does the MLM assume the "public" community ?
Q3 : if not, where is the expected community defined in the MLM ?
snmpd.conf ? I could find no field in the APM policy windows.
Q4 : does the MLM replace the trap community when forwarding
a trap to the NetView server ?
Q5 : where is this new community defined in the MLM ?
snmpd.conf ? which statement(s) ?
Q6 : does the NetView server check the community in a trap
it receives from an MLM ? (it could be considered that
the MLM-NV TCP connection provides enough security [?] )
Q7 : does the NetView server check the community in a trap
it receives from a network device ?
Q8 : does the NetView server assume the "public" community ?
any difference between the Q6 and Q7 cases ?
Q9 : where in the NetView server is/are the expected trap
communities defined ? snmpd.conf ? which statements ?
Quite some questions I'm afraid ! Thanks in advance.
Best regards,
Philippe.
- - -
Philippe MÉNARD
Networking Delivery Support Center
Mail : pme@fr.ibm.com
Phone : +33 (0)4 92 11 54 21
Fax : +33 (0)4 93 24 49 07
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|