Hey Philippe,
Here's something I posted a while ago that may be of help to you in trying
to find the cause of the auth fail traps:
Try formatting the trap as follows:
Cisco_Auth_Failure {1.3.6.1.4.1.9} 4 0 A 2 0 "Status Events"
Cisco Incorrect Community Name (authenticationFailure Trap) authAddr: $1
This should show the address of the box that caused the authentication
failure
on the Cisco router - only cisco though, I dont think other vendors have
populated
the trap with this varbind.
If it is a cisco box you could also loop thru all the routers in your
collection/Smart set to see who caused previous authentication failures
just as an fyi,
since they may be the culprits causing authentication failures against other
boxes that dont report the failures.
The authAddr is a cisco local variable,
snmpwalk cisco_box 1.3.6.1.4.1.9.2.1.5.
yielding:
cisco.local.lsystem.authAddr.0 : IpAddress: 10.10.8.39
Good Luck,
--Dermott
----- Original Message -----
From: "Todd H." <netview@toddh.net>
To: "Philippe Menard" <PME@fr.ibm.com>
Cc: <nv-l@lists.tivoli.com>
Sent: Thursday, February 28, 2002 11:53 AM
Subject: Re: [nv-l] Community in traps ?
> "Philippe Menard" <PME@fr.ibm.com> writes:
>
> > All,
> >
> > Just in case : AIX 4.3.3 ML 9 + NV 6.0
> >
> > I'm trying to understand why the trapd.logs of a NetView server
> > contain 1000s authenticationFailure traps per day. These traps
> > are sent by both MLMs and network devices although the read
> > and write communities *are* OK.
>
> Is it possible any other snmp managers are tying to query the devices
> and using the wrong communities?
>
> Thought I can't recall the exact order, NetView also tries a few
> communities in an attempt to do its SNMP polling, so it may be
> possible NetView is causing the auth failures even though you appear
> to have the correct communities set for that class of device. There
> is a precedence in how it chooses which to try first if a class of
> device falls into more than one category in SNMP configuration.
>
> > I suspect they are caused by the community used in traps.
>
> I doubt it. The devices wouldn't be giving the auth failure in that
> case. The snmp manager would...but as another poster said, most often
> snmp managers simply ignore the community string in traps sent by the
> devices to the snmp manager.
>
>
>
> --
> Todd H.
> http://www.toddh.net/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> For additional commands, e-mail: nv-l-help@lists.tivoli.com
>
> *NOTE*
> This is not an Offical Tivoli Support forum. If you need immediate
> assistance from Tivoli please call the IBM Tivoli Software Group
> help line at 1-800-TIVOLI8(848-6548)
>
|