CiscoWorks LMS: not receveing certain SNMP traps

Similar Messages

• Ciscoworks LMS 4.0 DFM Custom Traps

  Hello,
  We want to use Ciscoworks LMS 4.0 for Access Control List Monitoring. i.e. if we end the ACLs with "log" entry, we may send  the ACL deny logs to the Ciscoworks as Syslog or Snmp Trap format.
  With "debug snmp packets" command we may observe the packets are sent to the LMS, but the traps don't show up as alarms. Is it possible to observe any trap entry with LMS DFM Fault Manager by customizing the module, because we think the engine of the DFM analyzes the traps and shows some of the traps, not all of the traps are observable.
  The command output is as below:
  Thanks in Advance,
  Best Regards,
  Mar  2 10:28:30.028: SNMP: Queuing packet to 10.10.10.1
  .Mar  2 10:28:30.028: SNMP: V1 Trap, ent ciscoSyslogMIB.2, addr 10.10.20.1, gen  trap 6, spectrap 1
  clogHistoryEntry.2.742 = SEC
  clogHistoryEntry.3.742 = 7
  clogHistoryEntry.4.742 = IPACCESSLOGDP
  clogHistoryEntry.5.742 = list 191 denied icmp   10.10.10.1 -> 10.10.20.1 (0/0),   10 packets
  clogHistoryEntry.6.742 = 69082382

  DFM consumes the traps and decides based on its built-in code-book what to do - rise one of the predefined Events or just silently ignore it. The best DFM can do is forward the trap as-is to another trap receiver.
  Perhaps the LMS Syslog-Server can do what you want and lauch automated actions (like scripts or e-mail) based on certain criteria.
  But you should take care of the underlying syslog file and keep its size under control with logrot.pl utility.
  The online help of LMS should give you more details on the syslog capabilities or this link to the LMS 4.0 Administration Guide:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/useNotif.html#wp1075603

• CiscoWorks LMS not sending mail

  Hi,
  I have CiscoWorks LMS functionning properly. For some time, I am seeing problems with it sending mail notifications. When it is rebooted, it sends the mail properly but after some time, the mail notifications are not sent.
  Is there a log file to see the issue with the mail sending? I am not sure whether it is a CiscoWorks LMS issue or the mail server (on which i have no access) to try to isolate the problem.
  The last change that I made to the server, that might be a possible cause. I had installed the HP NIC teaming with 2 NIC cards teamed and assuming the IP address of the server.
  I just want to check with the server before proceding to mail server blacklisting or other.
  Thanks in Advance,
  Ashley

  Sorry,
  Hi,
  I have CiscoWorks LMS functionning properly. For some time, I am seeing problems with it is not sending mail notifications. When it is rebooted, it sends the mail properly but after some time, the mail notifications are not sent.
  Is there a log file to see the issue with the mail sending? I am not sure whether it is a CiscoWorks LMS issue or the mail server (on which i have no access) to try to isolate the problem.
  The last change that I made to the server, that might be a possible cause. I had installed the HP NIC teaming with 2 NIC cards teamed and assuming the IP address of the server.
  I just want to check with the server before proceding to mail server blacklisting or other.
  Thanks in Advance,
  Ashley

• LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding

  Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
  2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.6.3.1.1.5
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.6.3.1.1.5.2
  Trap Time=-1436283373
  1.3.6.1.2.1.2.2.1.1.83=83
  1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
  1.3.6.1.2.1.2.2.1.3.83=6
  1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
  EndTrap
  10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
  Community=ciscoworks
  Enterprise=1.3.6.1.4.1.9.1.291
  Generip trap type=2
  Specific Trap Type=0
  Trap From=10.220.10.1
  Trap ID=1.3.6.1.4.1.9.1.291.2
  Trap Time=1628056965
  1.3.6.1.2.1.2.2.1.1.8=8
  1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
  1.3.6.1.2.1.2.2.1.3.8=18
  EndTrap
  As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
  How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.

  Hi,
  Is the issue you have the source IP address of the forwarded trap?  Per RFC it is the IP of the actual device sending the trap.  The originating IP should be contained within the packet. I have included some additional information you may find helpful.
  Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
  A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
  http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
  DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
  Configure SNMP to send traps directly to DFM
  Integrate SNMP trap receiving with an NMS or a trap daemon
  The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
  Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
  As one of the following events:
  > InformAlarm
  > MinorAlarm
  > MajorAlarm
  With the device type and the device name from which it was generated.
  If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html

• LMS 4.0 SNMP Traps Forwarding

  Hello,
  I have installed a new version of CiscoWorks LMS 4.0.
  I would like to forward certain SNMP traps to another server. Not all traps but only the traps of devices which are down.
  Is it possible to filter the traps and then forward the traps who match the filter to a server?
  Thanks,
  Best Regards,
  Joris

  If you enable trap forwarding in LMS, all traps received by LMS will be forwarded to the external NMS.
  You can, however, look at NMSROOT/objects/smarts/conf/trapd/trapd.conf.  You can modify this file to specify exactly what traps to forward.  The comments in the file should help you figure out the syntax.  However, direct modification of this file is not supported by TAC, so be sure to save a backup just in case.

• Prblem while adding firewall in ciscoworks lms 2.6

  We are not able to add firewall ASA5510 in ciscoworks LMS 2.6.
  SNMP configuration on firewall is as follows
  snmp-server host inside 10.48.2.54 community firewall version 2c
  no snmp-server location
  no snmp-server contact
  snmp-server community ****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  Please check attached file for ciscoworks configuration, SNMP Walk command output and Firewall "show version" output.

  Now I am able to add firewall but when i am trying to access firewall through Cisco View> Chassis View I am getting following error.
  Message
  Can't find applicable device package for 10.44.100.37.
  Cause
  Device package for this device type is not installed or device support for this device type might not be available or you are attempting to open a component inside a device.
  Action
  Please install a device package for the device type or open the parent device to manage the component.
  When I configured netshow job for "show running-config" and "show tech-support" it ends with following error
  Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: show tech-support. Insufficient no. of interactive responses(or timeout) for command: show tech-support.

• SCOM 2012 unable to monitor SNMP traps

  After installing SCOM 2012 I did not
  get the SNMP Trap. I tried the solution
  of the topics http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/6826f6a6-bbc3-444b-9b18-288d7fedac3e Nothing
  has helped.
  Help please, why SCOM can
  not take Traps?

  We had the an issue where device was sending SNMP v1 traps as per Wireshark but the device was discovered as a SNMP v2 device. We forced the device to be discovered as a SNMP v1 device and that worked.
  To do so, after you add the device that needs to be discovered within the discovery rule, export the MP called Network Discovery Internal. Open this in notepad and browse to the IP address of your device that needs to be discovered. Change the value for
  "AutoDetect" to v1 in case you want to discover his as a V1 DEVICE. Then you will be able to receive traps from the said device that got discovered.
  <SeedSystem>
                    <SeedIPorName>10.100.x.x</SeedIPorName>
                    <Version>AUTODETECT</Version>
                    <SNMPPort>161</SNMPPort>
                  </SeedSystem>
  Hope this helps.
  Kapil Dham

• 3750 SNMP Traps

  Hi,
  recently i have upgarded the IOS on cisco 3750, IOS ver.12.1(14r)EA1a, earlier i was using the older one which has come along with the switch, now after upgrading the IOS, i am not getting any SNMP traps from the switch. i have a network monitoring software installed, which receivez the SNMP traps from the switches, now only from 3750 it is not able to receive the traps,other switches 3550 & 2950 where able to receive, even in these switches i have upgraded the IOS, but this works fine. what could be the reason?

  Hello Anand,
  in order to see which MIBs are loaded on your current IOS, you can also check with the command:
  show subsys | include mib
  to verify that you are polling data from existing MIBs.
  Regards,
  GP

• ACE and ANM, Syslog and SNMP Traps

  Hi guys.. another ACE/ANM question.
  I configured the ACE devices to send Syslog and SNMP messages to the ANM server. But i got a couple of questions:
  Whats the difference between using the:
  logging history 4 (this would send logging messages as SNMP traps according to doc)
  And:
  snmp-server host x.x.x.x traps version 2c public
  snmp-server trap-source vlan 1000
  This of course I think should do the same..
  The funny and weird thing, in the ANM Event viewer, I can only see syslog messages, not one snmp event.
  Thanks!
  Omar
  PS: ACE ver A2.4
        ANM Ver 4.2

  Hi Omar,
  Let's see if I can clarify your questions.
  As you mentioned, the "logging history 4" command specifies that, syslog messages of severity 4 and higher will be sent as SNMP traps. After you configure it, you need the "snmp-server host x.x.x.x traps version 2c public" command to specify what will be the destination IP and SNMP community for these traps.
  It would only make sense to use the "logging history 4" command if your monitoring application doesn't support receiving syslog messages. However, since ANM is able to get syslog messages from the ACE without issues, I would just configure a destination for syslog message instead (with "logging host x.x.x.x")
  I hope this makes this point more clear.
  Now, moving on to why you are not seeing any SNMP traps in your ANM, the first things you would need to check are:
  -- Did you enable traps? You would use the "ACE(config)# snmp-server enable traps" command for this
  -- Are traps being sent? You can use the "show snmp" command and check if the "Trap PDUs" counter increases
  -- Is ANM getting these traps? This is the most complicated step. For this, I would recommend getting a traffic capture on the ANM server (if it's installed on linux) or as close as possible to it if it's a ANM appliance
  I hope this helps
  Daniel

• LMS 3.2 not forwarding SNMP Traps

  I am using LMS 3.2 and under DFM... Notification Services... SNMP Trap Notification, I have a Subscription set up to forward Traps to Unicenter 11.1.  I have tried a combination of sending Alerts and Events, Critical and Informational, Active and Cleared messages.
  At this time I have it set to send:
  Alerts Informational and Cleared
  Events Critical and Informational, Active and Cleared.
  Every Trap that is forwarded from LMS I get in the Unicenter console Twice.   Also, I occasionally get a clear in Unicenter, but normally clears are not being forwaded.
  Any ideas on this issue?
  Thanks
  -Scott

  You should first install the consolidated DFM 3.2 patch from http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.2.0&mdfid=282640771&sftType=CiscoWorks+Device+Fault+Manager+Patches&optPlat=Windows&nodecount=2&edesignator=null&modelName=CiscoWorks+Device+Fault+Manager+3.2&treeMdfId=268439477&treeName=Network+Management&modifmdfid=&imname=&hybrid=Y&imst=N&lr=Y (patch for CSCta56151).  If the problem persists after that, post the NMSROOT/log/dfmLogs/NOS/nos.log after reproducing the problem with a new event/alert.

• User tracking not finding any hosts in Ciscoworks LMS 3.1

  L.S.
  Our test-configuration is as follows:
  Application versions:
  Ciscoworks LMS 3.1
  Ciscoworks Common Services 3.2.0
  Campus Manager 5.1.4
  We have 31 managed devices in Campus Manager (data has been collected on all),
  Edit: All of them show up green in the topology window.
  The device are: 2 6509 cores (running IOS s72033_rp-IPSERVICESK9_WAN-M version 12.2(18)SXF8), 1 ASA firewall (running ASA-OS version 8.0.5) and 29 switches (2960 and 3560 models both running ios version 12.2(52)SE). The switches are connected as follows:
  User tracking jobs are running normally, but aren't finding any end-hosts or IP phones at all (I suspect around 250-500 hosts+ on these switches)
  We are running SNMP v3 on the switches and have added the following configuration items to all the switches:
  snmp-server group readonly v3 auth context vlan-1
  <repeat for all present snmp-contexts as shown in show snmp context output>
  snmp-server group readonly v3 auth context vlan-83
  Debugging is enabled in CM->Admin->Debugging Options->User Tracking Server
  This is the UT.log file of the last major acquisition:
  messages will remian logged to file: D:\PROGRA~1\CSCOpx\log\ut.log
  2010/01/13 14:00:01 main MESSAGE ProcessInitializer: Properties will be read from D:\PROGRA~1\CSCOpx\campus\etc\cwsi\ut.properties
  I= 0value *.*.*.*
  I= 1value 6
  I= 2value 1
  2010/01/13 14:00:01 main MESSAGE DBConnection: Created new Database connection [hashCode = 10969598]
  PartialOrderNode tree dump: time base = VMPSMajor
  <root>
      VMPSMajor: <root>
      VMPSMajor:     VMPSMajor.GetXMLData
      VMPSMajor:         VMPSMajor.PingSweep
      VMPSMajor:         VMPSMajor.PopulateFromDCR
      VMPSMajor:             VMPSMajor.GetPortStatus
      VMPSMajor:                 VMPSMajor.GetBridgeTable
      VMPSMajor:             VMPSMajor.Sweep
      VMPSMajor:                 VMPSMajor.GetIpXlateTable
      VMPSMajor:                 VMPSMajor.GetIpv6XlateTable
      VMPSMajor:                     VMPSMajor.GenerateTable6
      VMPSMajor:                         VMPSMajor.GenerateTable
  SMFunction evaluation order: time base = VMPSMajor
    VMPSMajor.GetXMLData  Major
    VMPSMajor.PingSweep  Minor
    VMPSMajor.PopulateFromDCR  Major
    VMPSMajor.GetPortStatus  Minor
    VMPSMajor.Sweep  Major
    VMPSMajor.GetBridgeTable  Minor
    VMPSMajor.GetIpXlateTable  Minor
    VMPSMajor.GetIpv6XlateTable  Minor
    VMPSMajor.GenerateTable6  Major
    VMPSMajor.GenerateTable  Major
  Time base VMPSMajor has 5 major nodes and 3 minor traversals.
  log4j:ERROR No appenders could be found for category (CTM.common).
  log4j:ERROR Please initialize the log4j system properly.
  In classlist loader
  In classlist loader processing sub classes
  updation done
  In classlist loader completed
  2010/01/13 14:00:03 main MESSAGE DBConnection: Created new Database connection [hashCode = 12524859]
  Calling default
  Subnet to SubnetData Map Size :73
  2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 12524859]
  2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 10969598]
  2010/01/13 14:04:50 main MESSAGE DCRDevWrapper: Closing DCRProxy
  I'm slowly getting to a dead end here. What am I missing?

  Well, our problem was resolved finally through a weird coincendence after having a websession with a Cisco TAC engineer (TAC case SR 613376661)
  We changed the
  snmp-server group readonly v3 auth context vlan-xxxx
  commands in the switches to:
  snmp-server group writeonly v3 auth context vlan-xxxx
  that is: use the writestring in the snmp-server groups instead of the read string.
  After we changed that, all of the User Tracking mysteriously started working.
  As far as I know, the writestring should not be needed, but apparently it is....
  Is there any explanation for this?

• Syslog & SNMP Traps:- Does LMS 3.1 need to receive both?

  Do my switches need to send both syslog and SNMP traps to LMS 3.1 or should I configure for either syslog or SNMP Traps, but not both?
  Thanks
  James

  Well "needs to", no
  Syslog
  RME configuration management works better if it can detect config changes via syslog.
  The syslog reports depend on it, so do the "automated actions" since they are based on syslog messages
  Traps
  Fault management can interpret a few traps but does most of its detecting via snmp get.
  LMS will work without it but I think it is worthwhile to configure the devices to send traps and syslog.
  Cheers,
  Michel

• Cisco Prime Infrastructure 1.4 SNMP Traps are not converted into Alarms

  Hi everybody,
  I just configured SNMP Traps on a Cisco Catalyst 3750-x to send to our Cisco Prime Infrastructure 1.4 Appliance.
  Now I forced the Switch to send some traps (Power off a Power Supply, Interface errdisable). The only events I see in Alarms & Events on PI is the same information message everytime:
  Configuration management event has been recorded in ccmHistoryEventTable.
  I think the forced traps should be converted into alarms? Why can't I see them?
  Thanks,
  Marc

  Ok, I started debugging as you said. I get the following output:
  Mar 13 09:28:13.711: SNMP: V2 Trap, reqid 11689, errstat 0, erridx 0
   sysUpTime.0 = 198609846
   snmpTrapOID.0 = ciscoSyslogMIB.2.0.1
   clogHistoryEntry.2.1688 = PM
   clogHistoryEntry.3.1688 = 5
   clogHistoryEntry.4.1688 = ERR_RECOVER
   clogHistoryEntry.5.1688 = Attempting to recover from bpduguard err-disable state on Gi1/0/13
   clogHistoryEntry.6.1688 = 198609844
  Mar 13 09:28:13.737: SNMP: Queuing packet to xx.xx.xx.xx
  Looks like the Switch is sending SNMP Traps from the ciscoSyslogMIB. Is this why PI can't show the Traps and convert it into a alarm?
  After this test I configured logging (syslog) to the PI. Now the errors are showed but still not converted into alarms. I just want to be notified by email when such errors occurs.
  Thanks,
  Marc

• Cisco WLC 5508 not sending SNMP Traps

  Hello Everyone.
  I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
  I can receive correctly Syslog messages, but not traps.
  I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
  I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
  Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
  I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
  *rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
  My WLC Version is 7.6.130.0
  Thank you for your support.

  I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
  https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
  https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
  Thanks :)

• CiscoWorks LMS 4.0.1 - Could not generate the report

  Hello,
  I am running CiscoWorks LMS 4.0.1 since 6 months and I wanted to generate today a report about the interface utilization on 2 Cisco switches (Catalyst 3750G). The corresponding job is created, it runs and then i get "succeeded with info" in the "Run Status" column. When I want to click then on the "View Report" link, I get the following error: "Could not generate the report. Either data is not available for the specified duration or the report job failed."
  I tried the same procedure with 2 other switches but I have got the same result.
  Does anybody has an idea of how I can fix this issue?
  Thanks a lot in advanced.
  Best regards,
  Marc Hoffmann

  Hi Marc,
  I have this problem too. I rebooted my Windows but no solved. You known the service name responsible for this error? You have any other sugestion?
  Thank you !!!