Symptoms

• The Trap Adapter and the Trap Exploder do not log any new incoming traps or appears empty
• The TCPDump collected on the socket, shows incoming trap traffic yet are not picked up by any of the Smarts trap processing services. 

Smarts 10.1.X

TCSA 2.X

Below errors were traced on the /var/log/messages on the server:

• Error Signature #1:

<Ethernet Interface of the server like eth0> left promiscuous mode

This message indicates that the interface has stopped intercepting and reading all network traffic on the network it's connected to. Promiscuous mode allows an interface to capture all packets, not just those directly addressed to it.

• Error Signature #2:

May 21 12:40:27 <Smarts Host> setroubleshoot[106661]: SELinux is preventing /opt/InCharge10/SAM/smarts/bin/system/sm_trapd from name_connect access on the tcp_socket port 426.#012#012*****  Plugin connect_ports (48.3 confidence) suggests   *********************#012#012If you want to allow /opt/InCharge10/SAM/smarts/bin/system/sm_trapd to connect to network port 426#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 426#012    where PORT_TYPE is one of the following: dns_port_t, dnssec_port_t, kerberos_port_t, ocsp_port_t.#012#012*****  Plugin restorecon_source (48.3 confidence) suggests   *****************#012#012If you want to fix the label. #012/opt/InCharge10/SAM/smarts/bin/system/sm_trapd default label should be bin_t.#012Then you can run restorecon.#012Do#012# /sbin/restorecon -v /opt/InCharge10/SAM/smarts/bin/system/sm_trapd#012#012*****  Plugin catchall_boolean (4.32 confidence) suggests   ******************#012#012If you want to allow nis to enabled#012Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.#012#012Do#012setsebool -P nis_enabled 1#012#012*****  Plugin catchall (0.97 confidence) suggests   **************************#012#012If you believe that sm_trapd should be allowed name_connect access on the port 426 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sm_trapd' --raw | audit2allow -M my-smtrapd#012# semodule -X 300 -i my-smtrapd.pp#012

This message indicates the SELinux affecting TCP_Socket connections on ports (ports that are used by Smarts processes) 

The SELinux needs to be disabled on the Smarts server to allow for a seamless connections between the remote devices (via traps) towards the Smarts Trap processors (Trap Adapter & Trap Forwarder)

Please engage with the Server Administration team to achieve this or raise exception by writing custom policies as recommended by the SELinux errors above to avoid these errors.