Administration teams may receive SNMP traps from SSL Visibility with warnings similar to the following:
Bluecoat Sensor Trap - "unknown"
deviceSensorName = P1 Therm Ctrl %
deviceSensorCode = unknown
Bluecoat Sensor Trap - "unknown"
deviceSensorName = P1 Therm Margin
deviceSensorCode = unknown
Within the system logs on the SSLv these traps will correlate with the log lines below:
Sep 26 14:45:17 sslv01 snmptrapd[18028]: 2024-09-26 14:45:17 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472573326) 54 days, 16:42:13.26 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.40 = STRING: "P1 Therm Ctrl %" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.40 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 3
Sep 26 14:45:17 sslv01 snmptrapd[18028]: 2024-09-26 14:45:17 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472573326) 54 days, 16:42:13.26 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.41 = STRING: "P1 Therm Margin" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.41 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.41 = INTEGER: 3
This issue is caused by a misread or failure to read the IPMI sensor. The misread or failure to read the IPMI sensor can be identified by checking the value of the SensorCode (next to last number in the id 6). When the value is 3 or 2 it indicates the misread Sensor condition.
enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 3
The value of 2 or 3 translates to the following:
unknown(2)
notInstalled(3)
The snmpCode value of 'notInstalled' is the default value set prior to the sensor read. In addition, none of the snmp translation maps use this 'notInstalled' value, and is not a possible value after the snmp translation. The snmpCode value of 'unknown' is an indicator the sensor read failed.
These trap warnings should clear in about a minute. You will likely see the clearing on your SIEM which receives your traps.
When they clear log messages like below will populate the system logs:
Sep 26 14:46:18 sslv01 snmptrapd[18028]: 2024-09-26 14:46:18 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472579429) 54 days, 16:43:14.29 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.40 = STRING: "P1 Therm Ctrl %" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.40 = INTEGER: 0 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.40 = INTEGER: 2
Sep 26 14:46:18 sslv01 snmptrapd[18028]: 2024-09-26 14:46:18 localhost.localdomain [UDP: [127.0.0.1]:48728->[127.0.0.1]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (472579429) 54 days, 16:43:14.29 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.3417.2.1.2.0.1 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.9.41 = STRING: "P1 Therm Margin" SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.5.41 = INTEGER: -38 SNMPv2-SMI::enterprises.3417.2.1.1.1.1.1.6.41 = INTEGER: 1