How to verify TrapEXPLODER is receiving traps forwarded from an external source (Legacy KB ID CNC TS8725 )

Document ID : KB000051948
Last Modified Date : 14/02/2018
Show Technical Document Details
Add an entry to the TrapExploder configuration file which will forward all received traps to an ASCII log file


For example, to forward all traps to a file named trapsReceived.log in the /tmp directory, the following entry would be added to the trapexploder.cf file:


                                              filter * * * * * * file /tmp/trapsReceived.log

The trapexploder.cf is located by default in Unix systems in the /etc directory.
The trapexploder.cf is located by default in Windows systems in the WINNT\System32 directory.

A stop and restart of the TrapExploder process is necessary for these changes to take affect.

On UNIX systems, the syntax would be:

                                             As root:


                                             /etc/rc2.d/S975trapexploder stop
                                             /etc/rc2.d/S975trapexploder start

On Windows systems, the TrapExploder service should be started and stopped via the Windows services control panel.


The traps listed in this log file can then be searched and matched on criteria such as time,Src IP ( source IP address ), and OID's to better refine and verify the existence of the expected trap.

If the expected trap is not present, the trap source should be verified to ensure the proper trap destination is present. If this configuration is correct, a network sniffer or OS based sniffer utility ( snoop ) can be used to verify if the actual UDP trap packets are being received from the source. If not, then the network connection should be verified to determine if the UDP protocol on the trap port has access to cross the particular network segment. Excessive collisions or dropped packets may also be the cause as UDP is a connection-less protocol meaning if a trap is dropped, the source will not retransmit and the packet is lost.

.

Related Issues/Questions:
How to see what traps are being sent to the eHealth server.

Problem Environment:
TrapEXPLODER

Changes affecting this problem:
There are two methods available, using eHealth products, to accomplish this.


One is the use of the xtrapmon utility that can be found in the bin directory of a SystemEDGE install.  For instructions on the use of xtrapmon, see the xtrapmon.txt file found in the doc directory of a SystemEDGE install.  xtrapmon, when run in a command prompt, will display every trap received by a server on the standard SNMPv1 trap port of 161 (UDP).  More information about the use of the xtrapmon utility can also be found in the TrapExploder User Guide, Page 40 in chapter 3.


The other is through the use of TrapExploder.  TrapExploder can be configured to filter all traps received to a log file.  Please see the next fix below for more details.




(Legacy KB ID CNC TS8725 )