SNMP Traps generated from resources behind NAT router appear with Public IP address under Hostname Column in Event Console
|Article:TECH176832|||||Created: 2011-12-13|||||Updated: 2011-12-13|||||Article URL http://www.symantec.com/docs/TECH176832|
This issue pertains to resources that reside behind a NAT router that are configured to generate SNMP Traps with Trap Destination of the SMP\Event Console’s IP address. When the resources generate a Trap, the Trap is sent to the Event Receiver and Event Engine and is then processed into the Event Console as an Alert. The problem is that ALL SNMP based Alerts will appear with the same Public IP Address and not the unique physical IP Address of the resource that actually generated the SNMP Trap.
Symantec Management Platform 7.x
Event Console 7.x
A workaround would be to use an Event Console based Task Rule that would leverage a SQL based task to do the following:
1) Select a record in ec_alert_variable with name 'SNMP::Varbinds' for the particular alert. We can then parse this variable data. (Variable data is in xml format.)
2) We can determine host name
3) Execute following sql updates: update ec_alert set hostname='ABCD' where guid='%!ALERTGUID!%'; update ec_alert_pooled set hostname='ABCD' where guid='%!ALERTGUID!%'; (where 'ABCD' -is required host name.)
This will change host column data in event console grid and in alert details page to reflect physical IP Address.
Article URL http://www.symantec.com/docs/TECH176832