Hello All,
We have these notice alarms on our system
Incorrect trap received from x.x.x.x : Possible impacted (SNMPv3) elements:
Generic Trap Receiver SNMPv3(x/x)
Darwin SNP-E(x/x)
Would it be a case of checking what traps are being sent from the ip stated in the notice alarm. What other things can we do to identify the source of these alarms?
Thanks,
Ryan
Hi Ryan,
The IP stated in the notice should tell you the source of the trap. To have a better indication of why the trap is considered incorrect, there should be a log statement in the SLSNMPManager logging on error level 1 that indicates the reason. You will have to increase the error logging level from 0 to 1 first. The statement to look for would be:
"Callback error from SNMP++: nr:" with the method name being "SNMPPPTrapReceiver->Snmp_pp_Callback"
If you know which agent is receiving these incorrect traps, you could also set up a wireshark that listens specifically to that source IP and the SNMP trap port. I would expect to see either a message not adhering to the SNMP standard, or a valid - but unexpected - message that is not trap-related.
Do let us know if you need further assistance or have more data we can discuss.
The Generic Trap Receiver elements normally have source filters. If you can determine from which elements these alarms are being generated, you can maybe narrow it down already.