Just set the logging application for SNMP to 8, you will then see the source.
set logging application SNMP level 8
When you issue a "show logging buffer" you will see output similar to this:
<166>Sep 8 16:34:08 192.168.1.1 SNMP[5]User:public;
Source:134.141.1.99; Auth failure, bad community name.
It is probably a server application hitting the switch with SNMP.
Chris Yingst | Jacobs Technology Strategic Solutions Group | Sr. Infrastructure
Engineer | 401.486.3097 | [email protected] | www.jacobs.com
-----Original Message-----
From: Eaton, Ernie [mailto:[email protected]]
Sent: Tuesday, September 13, 2011 9:40 AM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] snmp auth fail traps - more detail
This exchange does not specify the product involved. I can answer for the
product lines I'm responsible for.
The notification is "authenticationFailure" (1.3.6.1.6.3.1.1.5.5). As of
firmware version 5.41 on N/S/K-series we also bind the following enterprise
variables into this trap:
etsysMgmtAuthUserName
etsysMgmtAuthInetAddressType
etsysMgmtAuthInetAddress
Ernie Eaton
Director of Engineering
N/S/K Series Firmware
Enterasys Networks
-----Original Message-----
From: Strebler, Reinhard (SCC) [mailto:[email protected]]
Sent: Tuesday, August 30, 2011 6:45 AM
To: Enterasys Customer Mailing List
Subject: Re: [enterasys] snmp auth fail traps - more detail
Hi,
This question should not be a question to this list, but to the authors
of RFC1213.
We can define our discussion as an improvement request towards Enterasys
for adding an object in their private enterprises MIB:
IP address of last authentication failure.
Kind regards
Reinhard
Am 29.08.2011 22:45, schrieb [email protected]:
> Hi,
> So if I can't find out who tried what from where, what good are those
> "authentication failed" messages?
>
> On 29-Aug-11 11:37, Strebler, Reinhard (SCC) wrote:
>> Hi,
>>
>> Standard MIBs do not provide any information about "who caused an snmp
>> authentication failure". Cisco has an object in their
>> private.enterprises (enterprises.9.2.1.5.0). AFAIK Enterasys has no
>> similar object in their MIB.
>>
>> Kind regards
>> Reinhard
>>
>>
>> Am 29.08.2011 10:29, schrieb [email protected]:
>>> Hi,
>>>
>>> would anyone know where to get details about the IP/community string
>>> that
>>> *caused* an snmp auth fail trap?
>>> I tried to look it up at e.g. iso(1). org(3). dod(6). internet(1).
>>> mgmt(2). mib-2(1). snmp(11). authfail(4) --> doesn't exist.
>>> Netsight Console only tells me there was an incorrect community
>>> string but
>>> nothing more...
>>>
>>> Thanks.
>>>
>>>
>>> ---
>>> To unsubscribe from enterasys, send email to [email protected] with
>>> the body: unsubscribe enterasys [email protected]
>>
>> ---
>> To unsubscribe from enterasys, send email to [email protected] with the
>> body: unsubscribe enterasys [email protected]
>>
>
>
> ---
> To unsubscribe from enterasys, send email to [email protected] with the body:
> unsubscribe enterasys [email protected]
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
NOTICE - This communication may contain confidential and privileged information
that is for the sole use of the intended recipient. Any viewing, copying or
distribution of, or reliance on this message by unintended recipients is
strictly prohibited. If you have received this message in error, please notify
us immediately by replying to the message and deleting it from your computer.
NOTICE - This communication may contain confidential and privileged
information that is for the sole use of the intended recipient. Any viewing,
copying or distribution of, or reliance on this message by unintended
recipients is strictly prohibited. If you have received this message in
error, please notify us immediately by replying to the message and deleting
it from your computer.
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
