Unknown Alert Events Generated for Mapped Traps
Article ID: 193457
Updated On:
Products
Issue/Introduction
Unknown Alert Events are generated for traps that have been correctly mapped via the AlertMap file. When looking at the
event, it appears that Spectrum drops the last digit from the SnmpTrapOID varbind
Environment
Release : 10.x
Component : Spectrum Core / SpectroSERVER
Cause
The v2c trap did not conform to rfc standards and was not sending sysUptime as the first varbind. This causes problems for
the SpectroSERVER when processing the incoming trap.
Via a wireshark/tcpdump capture, we can see there is a missing varbind for sysUptime which should be the first varbind.
Resolution
In this specific instance, the vendor Rubrik is creating a fix for the traps being sent so that they will conform to rfc standards. In other
instances traps could be generated via script using snmptrap and in these cases, the command being run would need to be updated
to include sysuptime.
When testing by recreating the trap manually using snmptrap on Linux we were able to see the trap successfully processed when
sysUptime was included.
Ex.
snmptrap -v 2c -c TestRO 10.10.10.100:162 '' 1.3.6.1.4.1.49929.4.1 1.3.6.1.4.1.49929.8.1 s "Failed on demand backup of Microsoft SQL Server Database" 1.3.6.1.6.3.18.1.3.0 a 10.84.200.29
Additional Information
https://tools.ietf.org/html/rfc3416#page-22
The destination(s) to which an SNMPv2-Trap-PDU is sent is determined
in an implementation-dependent fashion by the SNMP entity. The first
two variable bindings in the variable binding list of an SNMPv2-Trap-PDU
are sysUpTime.0 [RFC3418] and snmpTrapOID.0 [RFC3418] respectively.
Feedback
