HPE Community
Server Management - Systems Insight Manager
1848615 Members
6594 Online
104033 Solutions
New Discussion

Re: SNMP flood

 
Jon_151
Regular Advisor

‎10-25-2007 03:50 AM

‎10-25-2007 03:50 AM

SNMP flood

My SIM server is not getting ANY test SNMP packets, however when I use a snmp trap monitor the SIM system is being flooded with packets. The OID is 1.3.6.1.4.1.311.1.1.3.1.2 type 4/0 also .3 at the end same type. From what I can learn this is a server object or a domain controller. How can I shut this off or can I filter it somehow???
0 Kudos
5 REPLIES 5
Misaq
Honored Contributor

‎10-25-2007 05:05 AM

‎10-25-2007 05:05 AM

Re: SNMP flood

311 is for Microsft related traps you will need to turn off those traps on node level or create a filter to ignore them at destination.
0 Kudos
Jon_151
Regular Advisor

‎10-25-2007 06:30 AM

‎10-25-2007 06:30 AM

Re: SNMP flood

Yes I know they are microsoft related BUT when I shut off the HP agents in the service console the snmp traps stop as well. Where do I shut off the MS portion.
0 Kudos
Misaq
Honored Contributor

‎10-26-2007 03:28 AM

‎10-26-2007 03:28 AM

Re: SNMP flood

not sure but if u check in the services/SNMP trap setting in services.mmc you can deselect unwanted traps from there.(such as application alerts etc)
0 Kudos
NewKidd2
Frequent Advisor

‎10-27-2007 01:17 PM

‎10-27-2007 01:17 PM

Re: SNMP flood

I do not know if this might help..., We had a similar issue w/ SNMP floods causing memory leaks on our HPSIM server.

The problem, in our case, was that the most of our servers had the "Send Authentication Trap" box. Try the following:

1.) Click Start-->Administrative Tools
2.) Select the SNMP Service
3.) Click the Security tab
4.) Uncheck the box entitled "Send Authentication Trap"
5.) Click OK when done
6.) Repeat steps 1 -5 for each server

Now, when I installed SP1 for our HPSIM 5.1 server, I noticed that it made it much easier to identify which servers had the Authentication Trap box enabled. All these servers logged hundreds (or thousands) of informational event related to Authentication issues in the Event Log located in HPSIM.

It still proved to be bear, since we did not have anyone who could script the necessary changes in SNMP to our servers. But at least I knew exactly which servers needed the correction.

I hope this helps.
0 Kudos
Jon_151
Regular Advisor

‎10-29-2007 12:59 AM

‎10-29-2007 12:59 AM

Re: SNMP flood

Thanks New kidd.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.