HPE Community
Server Management - Systems Insight Manager
1752794 Members
5880 Online
108789 Solutions
New Discussion юеВ

Re: SIM unable to recieve traps from DMZ

 
tsl_2
Advisor

тАО08-23-2007 09:01 PM

тАО08-23-2007 09:01 PM

SIM unable to recieve traps from DMZ

Hi all,
We have a wierd problem that's been bugging us for several months now without a resolution.

We have a SIM server (v5 on 2003) on an internal lan. Traps from agents on different private lans works fine, but traps from agents on DMZ never shows in SIM. We have (for testing) enabled full IP access from one DMZ server to the SIM server to no avail. The DMZ server is discovered and registered in SIM.
An udp check from DMZ to SIM server on port 162 shows as Open.

In SIM, under Options->Events->Event Filter Settings we have set to accept unregistered events and traps from all IP ranges (*).

If I shutdown the SNMP Trap Service windows service and run the "SNMP Trap Watcher" util on the SIM server, I can see the test trap fine when sending it from the DMZ server agent.

Community is correct and I have enabled logging of autorization problems but none are shown.

I'm totally out of ideas now.
Would someone have a clue?

Many thanks
-tsl-
0 Kudos
Reply
17 REPLIES 17
Rob Buxton
Honored Contributor

тАО08-26-2007 11:57 AM

тАО08-26-2007 11:57 AM

Re: SIM unable to recieve traps from DMZ

A guess...
Is there a mismatch between how HPSIM resolved the server name and the name of the trap.

Maybe this is a server with multiple interfaces, HPSIM has detected one but the traps are from the second. It receives it but has no device to match it up against.
0 Kudos
Reply
tsl_2
Advisor

тАО08-26-2007 06:39 PM

тАО08-26-2007 06:39 PM

Re: SIM unable to recieve traps from DMZ

Thanks for replying Rob!
However I'm not sure I follow?

The particular testserver has multiple interfaces but use teaming, so only 1 IP.
Other servers on DMZ does not use teaming and only 1 interface active, but same problem.

In the eventlog on the SIM server there are no traces from the test traps sent in.

Do you have any other ideas?

cheers
-tsl-
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

тАО08-26-2007 07:38 PM

тАО08-26-2007 07:38 PM

Re: SIM unable to recieve traps from DMZ

Have you registered the MIB for the server prperly ?

For authentication Failure traps :
Under SNMP trap settings
In the Mib Name field, select rfc1215.mib.
In the Trap Name field, select authenticationFailure if it is not already selected. In the Enable Trap Handling field, select Yes.

Hope this helps.

Regards,
James.
0 Kudos
Reply
tsl_2
Advisor

тАО08-26-2007 07:48 PM

тАО08-26-2007 07:48 PM

Re: SIM unable to recieve traps from DMZ

Hi James,
yes I have enabled the authentication trap logging from the mib as you described.

Still nothing is logged from traps sent from DMZ's, so it seems somehow that SIM drops traps from these servers, but testing another trap listener on the SIM server do get the info??!!

thanks
-tsl-
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

тАО08-26-2007 08:11 PM

тАО08-26-2007 08:11 PM

Re: SIM unable to recieve traps from DMZ

Hello TSL,

If you Create an automatic event handling task & forward it as an SNMP trap to a specified IP... will this work from the DMZ server ??

Regards,
James.
0 Kudos
Reply
tsl_2
Advisor

тАО08-26-2007 08:17 PM

тАО08-26-2007 08:17 PM

Re: SIM unable to recieve traps from DMZ

James, I have this setup already, but there's no forwarding of DMZ traps to the eventmanager either. Only traps from servers on internal LANs work as expected. I'm going nuts over this...
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

тАО08-26-2007 09:06 PM

тАО08-26-2007 09:06 PM

Re: SIM unable to recieve traps from DMZ

Oh man !!

Then try the Configure or Repair Agents & go thru the various settings AGAIN!(im sure u have) & see if there are different options to try.

is the secure shell (SSH) access selected ??

Regards,
James.
0 Kudos
Reply
tsl_2
Advisor

тАО08-26-2007 10:04 PM

тАО08-26-2007 10:04 PM

Re: SIM unable to recieve traps from DMZ

> Oh man !!

Yes, I agree ;o)

I've tried the Configure or Repair Agents to no avail.

SSH is not selected and I cannot find anywhere why SIM is not recieving the traps.

I'm starting to think about a complete reinstall of SIM (maybe on linux instead), but alot of work to add and configure all working agents again...
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

тАО08-26-2007 10:35 PM

тАО08-26-2007 10:35 PM

Re: SIM unable to recieve traps from DMZ

yea, nothing else is working.
How about the firewall settings & setting up the PORTS ??

Just guessing... what u might not have tried !


Regards,
James.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.