How to identify the top devices sending traps to Spectrum
search cancel

How to identify the top devices sending traps to Spectrum

book

Article ID: 376019

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

During a trap storm where an excessive number of traps inbound to Spectrum are causing performance issues, it is usually necessary to identify the network devices responsible so as to stop it by changing the device agent configuration.

How can these devices be identified though?

Environment

DX NetOps Spectrum all supported releases.

Cause

Devices generating excessive number of traps (many per second) result in Trap storms that can negatively impact Spectrum performance leading to loss of functionality, as per:

KB : SpectroSERVER CPU at constant 100%

Resolution

To identify the devices which send the traps and the frequency they send them at, first run a packet trace on the SpectroSERVER using either WireShark or tcpdump then filter on port 162:

udp.port == 162

Then, extract the source column into a a text file:


In order to sort from highest to lowest, using the text file containing the extracted the Source IP address column from the packet trace, run it through the following bash shell command to sort each unique address on frequency:

cat <FILE> | sort | uniq -c | sort -nr > output.txt

So, as an example, output.txt looks like (with first column being number of traps sent during the period the packet trace was run):

3369 192.168.0.1

1918 192.168.0.2

1263 192.168.0.3

1159 192.168.0.4

1134 192.168.0.5

 870 192.168.0.6

 614 192.168.0.7

 586 192.168.0.8

...