SNMP Traps generated from resources behind NAT router appear with Public IP address under Hostname Column in Event Console
| Article:TECH176832 | | | Created: 2011-12-13 | | | Updated: 2011-12-13 | | | Article URL http://www.symantec.com/docs/TECH176832 |
Problem
This issue pertains to resources that reside behind a NAT router that are configured to generate SNMP Traps with Trap Destination of the SMP\Event Console’s IP address. When the resources generate a Trap, the Trap is sent to the Event Receiver and Event Engine and is then processed into the Event Console as an Alert. The problem is that ALL SNMP based Alerts will appear with the same Public IP Address and not the unique physical IP Address of the resource that actually generated the SNMP Trap.
Environment
Symantec Management Platform 7.x
Event Console 7.x
Cause
Solution
A workaround would be to use an Event Console based Task Rule that would leverage a SQL based task to do the following:
1) Select a record in ec_alert_variable with name 'SNMP::Varbinds' for the particular alert. We can then parse this variable data. (Variable data is in xml format.)
2) We can determine host name
3) Execute following sql updates: update ec_alert set hostname='ABCD' where guid='%!ALERTGUID!%'; update ec_alert_pooled set hostname='ABCD' where guid='%!ALERTGUID!%'; (where 'ABCD' -is required host name.)
This will change host column data in event console grid and in alert details page to reflect physical IP Address.
|
|
Article URL http://www.symantec.com/docs/TECH176832
Terms of use for this information are found in Legal Notices
Thank you.