Why an event message based on trap is displayed as non Trap Event?


Article ID: 196006


Updated On:


CA Spectrum


The 0x4b6006e event message is saying that is based on trap, but the Trap Event column is not checked on.


Release : 10.4

Component : Event


The 0x4b6006e is a "child event" based on event condition, originated from 0x4b60053 event code.

The "parent event" is 0x4b60053, which is really based on trap.

That is the reason the 0x4b6006e event code message is the same as the 0x4b60053 event code.


How to find the "parent event"

On the SpectroSERVER machine, navigate to the $SPECROOT/SS/CsVendor directory.

Search for 0x4b6006e event code in each EventDisp file under $SPECROOT/SS/CsVendor directory.

$ find . -name EventDisp -exec grep 4b6006e {} \; -print
    "{ v 8 } == { I 0 }", "0x04b6006e -:-", \
0x04b6006e E 50 A 2, 0x04b6006e
0x04b6006f E 30 C 0x04b6006e
grep: ./Cisco_Router/CiscoVDCContainer/EventDisp: Is a directory

Then search in the $SPECROOT/SS/CsVendor/Airespace/EventDisp file for the 0x04b6006e event code.

# bsnSignatureAttackDetected
0x04b60053 R Aprisma.EventCondition, \
    "{ v 8 } == { I 0 }", "0x04b6006e -:-", \
    "{ v 8 } == { I 1 }", "0x04b6006f -:-", \
    "default", "0x04b60070 -:-"
0x04b6006e E 50 A 2, 0x04b6006e
0x04b6006f E 30 C 0x04b6006e
0x04b60070 E 10

The 0x4b60053 is the parent event.

Search for 0x4b60053 event code in each AlertMap file under $SPECROOT/SS/CsVendor directory.

$ find . -name AlertMap -exec grep 4b60053 {} \; -print               0x04b60053,0)\

The trap OID is mapped to generate the 0x4b60053 event code.