No, we only send them to NV (no CIM server here) We
used to have a ported version of CIM for NV AIX but they abandoned it and only
make a Solaris (I think) version now. If I stop the Insight Agent
services - my auth failure traps stop! I am still looking for a fix to
this (nothing obvious appeared in my research yesterday)
Glen Warn
PEMCO Corporation Computer Services
(PCCS)
206-628-5770
Your CIM agents send traps to NV as well as the HP SIM server? If so
you have my sincerest condolences! We thought about doing this with our
servers but HP changes MIBs more often than most and you never know which trap
an agent is going to throw depending on the hardware and SSD version. Have you
considered just having the SIM server forward traps? We decided to use NetIQ
AppManager to scrape CIM events from the event log, but I'm pretty sure you
can forward traps.
Hi Drew,
I will definitely check into this but since I've
sent this message I've drawn closer (I think) to solving this issue.
As it turns out, the boxes giving me grief all turned out to be HP/Compaq
Proliants - running various versions of Insight Manager Agents. I am
trying to unlock the last missing piece of this puzzle by reading up on
Insight Mgr. In the short term, I can either stop the services (not
desirable) or temporarily disable the Auth Failure trap until I can ID the
issue (the path I'm taking) Fortunately, it's less than 50
servers.
If anyone else has any ideas along these line, they'd
be greatly appreciated.
Glen Warn
PEMCO Corporation Computer Services
(PCCS)
206-628-5770
I just finished cleaning something like this up last week. Your
Windows servers are sending traps to the NV box and something's not matching
so NV is creating authentication traps. You'll be able to poll fine because
that's not the issue. Is the NV server trapping itself? In our case it was
internal to the NV box and the NV server was trapping itself every 5
seconds. There was a mismatch between snmpd.conf and
snmpd.peers.
Running 7.1.4
FP3 on Redhat AS2.1
I am being
bombarded with auth failure traps from some of my Windows 200x
servers (not even a majority). Odd part is I can do
a demand poll and run a sniffer trace at the same time. I see
the poll run successfully (using the appropriate RO community
string) then the same server issue an auth failure trap back to
Netview (I have all my servers set to do this so I can detect rogue
queries) None of my traces reveal any other boxes trying to run
queries (what I had assumed in the beginning)
I think this
has been happening for a long time (all along?) but just became aware of a
big problem because I accidentally hidden from myself thru event
configuration (setting to "Don't display or Log") that I used a long time
ago to debug something but never reverted.
Any
ideas? I have tried changing the comm strings to something basic,
put in a host specific snmp config, etc. The devices are scattered
across 5 different companies and dozens of subnets.
In the mean
time, I believe this flood of traps is severely hampering Netviews ability
to process other traps (because there are so many coming in
non-stop)
Glen Warn
PEMCO Corporation Computer
Services (PCCS)
206-628-5770
This message (including any attachments)
contains confidential information intended for a specific individual and
purpose, and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the
taking of any action based on it, is strictly prohibited.
[v.E.1]
�