Unknown Alert Events Generated for Mapped Traps


Article ID: 193457


Updated On:


CA Spectrum



Unknown Alert Events are generated for traps that have been correctly mapped via the AlertMap file. When looking at the
   event, it appears that Spectrum drops the last digit from the SnmpTrapOID varbind





The v2c trap did not conform to rfc standards and was not sending sysUptime as the first varbind. This causes problems for
   the SpectroSERVER when processing the incoming trap.

Via a wireshark/tcpdump capture, we can see there is a missing varbind for sysUptime which should be the first varbind.


Release : 10.x

Component : Spectrum Core / SpectroSERVER


In this specific instance, the vendor Rubrik is creating a fix for the traps being sent so that they will conform to rfc standards. In other
  instances traps could be generated via script using snmptrap and in these cases, the command being run would need to be updated
  to include sysuptime.


When testing by recreating the trap manually using snmptrap on Linux we were able to see the trap successfully processed when
   sysUptime was included.


snmptrap -v 2c -c TestRO '' s "Failed on demand backup of Microsoft SQL Server Database" a




Additional Information



The destination(s) to which an SNMPv2-Trap-PDU is sent is determined
in an implementation-dependent fashion by the SNMP entity. The first
two variable bindings in the variable binding list of an SNMPv2-Trap-PDU
are sysUpTime.0 [RFC3418] and snmpTrapOID.0 [RFC3418] respectively.