To: | nv-l@lists.us.ibm.com |
---|---|
Subject: | Re: [nv-l] Trap source |
From: | James Shanks <jshanks@us.ibm.com> |
Date: | Tue, 10 Aug 2004 16:20:41 -0400 |
Delivery-date: | Tue, 10 Aug 2004 21:36:49 +0100 |
Envelope-to: | nv-l-archive@lists.skills-1st.co.uk |
In-reply-to: | <OFE9EB8C1B.CBB9220E-ON85256EEC.006E49C0-85256EEC.006E2595@worldspan.com> |
Reply-to: | nv-l@lists.us.ibm.com |
Sender: | owner-nv-l@lists.us.ibm.com |
I'm not sure what has made you think that trapd will do something special with non-NetView traps, but he doesn't. All SNMP traps contain two addresses, one for the destination (which is the NetView box) and one for the sender (also called the agent). The trap source is whatever the sending agent has encoded in the trap it sends. Now what does trapd do with the trap when it's received? For internal NetView traps, we replace the sender's address (which would always be the NetView box and not very helpful) with address of the device the trap is about, which is why a NetView Interface Down or Node Down, appears to have been sent by the device itself. it shows up in the event window and trapd.log with address of the device which owns the "down" interface(s). But we do no such modification for traps from any other source. Traps from outside the box are shown with whatever source IP Address the sender encoded in the trap itself. To see this you would have to enable the -x option on trapd (hex dump all packets) and then get a trapd.trace of the incoming trap. Then you have to decode the hex yourself. Look for a string in the first few lines which begins "40 04 xx xx xx xx" . The hex "40" means what follows is an IP Address and the length is 04. The bottom line is that if your Cisco trap is shown with a source of 10.18.109.46, that's what Cisco sent us. James Shanks Level 3 Support for Tivoli NetView for UNIX and Windows Tivoli Software / IBM Software Group
Hi, I'm running NV 7.1.4 on AIX 5.2 I thought I understood something about how a trap source was logged in trapd.log but I've seen something that challenges my understanding. I have a router with a loopback interface and 5 frame relay interfaces like so. Name resolution is shown in parenthesis: router1.domain.net (192.168.14.1) Cisco Router 192.168.14.1 (router1.domain.net) Loopback0 -- Software Loopback 10.11.1.254 () Serial0/0.1 -- Frame Relay 10.11.3.254 () Serial0/1.1 -- Frame Relay 10.12.100.254 () Serial0/0.2 -- Frame Relay 10.12.102.254 () Serial0/1.2 -- Frame Relay 10.18.109.46 () Serial1/0.1 -- Frame Relay I seem to recall determining empirically that even if a trap was sent by this router with the source as one of the serial interfaces, the trap would be logged with a source of router1.domain.net. Recently I have been seeing traps from this device with a source of 10.18.109.46. Is my understanding as described here wrong? Will the trap source always be recorded just as it was received? Thanks, Bill Kellam Enterprise Integration and Management |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | Re: [nv-l] Trap source, Alan E. Hennis |
---|---|
Next by Date: | [nv-l] maps not saving?, Mike |
Previous by Thread: | [nv-l] Trap source, bill . kellam |
Next by Thread: | Re: [nv-l] Trap source, Alan E. Hennis |
Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web