Release : 20.x

Component : UIM - SNMPTD

Failed authentication on the device coming from another source.

The snmptd probe receives traps from network devices and converts them to alarms - so what this means is that something else has failed to authenticate against the device by providing an incorrect community string, and in turn, the snmptd probe has received an authentication trap from the device.  This is related to settings on the device itself which send traps for failed authentication attempts - by default the snmptd probe can receive those traps and convert them to alarms.

After the OID in the alarm (1.3.6.1.6.3.1.1.5) the alarm message also contains an IP address  - this represents the IP that is the source of whatever it is that it trying and failing to authenticate on all these devices, which in turn are sending the trap for authentication failure. The snmptd probe then receives such traps and turns them into the alarms you are seeing.

Possibilities would include (but are not limited to):

- some other probe like snmpget, snmpcollector is monitoring these devices and having authentication failures
- discovery_agent at above IP is doing network discovery and trying credentials on all the devices within a range
- some external process (security scan, etc) is trying generic community strings for penetration testing and triggering the traps

But in any case, as mentioned, ultimately you need to track down what is failing to authenticate on the device, thus causing it to throw this trap which is in turn being alerted by snmptd probe.