SSL Visibility sending SNMP traps for 'P1 Therm Ctrl %' and 'P1 Therm margin'.
search cancel

SSL Visibility sending SNMP traps for 'P1 Therm Ctrl %' and 'P1 Therm margin'.

book

Article ID: 380253

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

Administration teams may receive SNMP traps from SSL Visibility with warnings similar to the following:

Bluecoat Sensor Trap - "unknown"
deviceSensorName = P1 Therm Ctrl %
deviceSensorCode = unknown

Bluecoat Sensor Trap - "unknown"
deviceSensorName = P1 Therm Margin
deviceSensorCode = unknown

 

Within the system logs on the SSLv these traps will correlate with the log lines below:

Sep 26 14:45:17 sslv01 snmptrapd[18028]: 2024-09-26 14:45:17 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472573326) 54 days, 16:42:13.26 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.40 = STRING: "P1 Therm Ctrl %" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.40 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 3

Sep 26 14:45:17 sslv01 snmptrapd[18028]: 2024-09-26 14:45:17 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472573326) 54 days, 16:42:13.26 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.41 = STRING: "P1 Therm Margin" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.41 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.41 = INTEGER: 3

 

Cause

This issue is caused by a misread or failure to read the IPMI sensor.  The misread or failure to read the IPMI sensor can be identified by checking the value of the SensorCode (next to last number in the id 6). When the value is 3 or 2 it indicates the misread Sensor condition.

enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 3 

The value of 2 or 3 translates to the following:

unknown(2)
notInstalled(3)

 

The snmpCode value of 'notInstalled' is the default value set prior to the sensor read. In addition, none of the snmp translation maps use this 'notInstalled' value, and is not a possible value after the snmp translation.  The snmpCode value of 'unknown' is an indicator the sensor read failed.

 

 

 

Resolution

These trap warnings should clear in about a minute.  You will likely see the clearing on your SIEM which receives your traps.

When they clear log messages like below will populate the system logs:

Sep 26 14:46:18 sslv01 snmptrapd[18028]: 2024-09-26 14:46:18 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472579429) 54 days, 16:43:14.29 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.40 = STRING: "P1 Therm Ctrl %" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.40 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 2

Sep 26 14:46:18 sslv01 snmptrapd[18028]: 2024-09-26 14:46:18 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472579429) 54 days, 16:43:14.29 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.41 = STRING: "P1 Therm Margin" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.41 = INTEGER: -38 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.41 = INTEGER: 1