Spectrum drops them. My suggestion is to kick the vendor and tell them fill out the agent address correctly in the trap. We have been able to get all our vendors to fix that problem once they understood what it was for.
Spectrum uses that address to map what device model it should apply the trap to. Since we don't have 0.0.0.0 in the IPAddress table on any device model, Spectrum will drop the trap. This can actually be handy. We have a management station that sends us traps based on the devices that it is monitoring. Unlike other systems that put the management station in the agent-addr, it sticks the IP of the alarming device. This way we don't have to setup southbound gateway logic for processing those traps. Bill Barnes -----Original Message----- From: Marcel Schulte [mailto:[email protected]] Sent: Wednesday, April 08, 2009 4:17 AM To: spectrum Subject: [spectrum] Spectrum handling for traps with "agent-addr 0.0.0.0" Hi list, does anyone of you (or perhaps the CA people) know how Spectrum handles snmp traps which contain "agent-addr 0.0.0.0" instead of "agent-addr <trap-src-ip>"? I think Spectrum simply does... nothing! The question came up here because we did never generate any trap-events from our Checkpoint FWs. We traced snmp traffic and recognized the traps coming in with this 0.0.0.0 as agent-addr. Spectrum didn't even generate events on VNM model for these traps... Regarding this I wondered if there's any possibility to debug what happens if a trap comes in: - trap comes in - showing detected model(handle) - showing used Alertmap - showing used EventDisp ...do you know if this would be possible? Many thanks in advance! Regards, Marcel --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
