Seeing an unknown alert event in CA Spectrum for trap 1.3.6.1.4.1.9.6.1 even though the trap is defined in an AlertMap file

Document ID : KB000057326
Last Modified Date : 14/02/2018
Show Technical Document Details

ISSUE:  Seeing an unknown alert event in CA Spectrum for trap 1.3.6.1.4.1.9.6.1 even though the trap is defined in an AlertMap file. The following is the unknown alert event:

Unknown alert received from device my_device of type GnSNMPDev. Device Time 93+16:42:47. (Trap type 1.3.6.1.4.1.9.6.1)

Trap var bind data: 

OID: 1.3.6.1.4.1.9.2.9.3.1.1.2.1 Value: 6 

OID: 1.3.6.1.2.1.6.13.1.1.10.53.11.2.22.192.168.188.214.49411 Value: 5 

OID: 1.3.6.1.4.1.9.2.6.1.1.5.10.53.11.2.22.192.168.188.214.49411 Value: 728 

OID: 1.3.6.1.4.1.9.2.6.1.1.1.10.53.11.2.22.192.168.188.214.49411 Value: 5268 

OID: 1.3.6.1.4.1.9.2.6.1.1.2.10.53.11.2.22.192.168.188.214.49411 Value: 248964 

OID: 1.3.6.1.4.1.9.2.9.2.1.18.2 Value: rancid2

 

The 1.3.6.1.4.1.9.6.1 trap is defined in the following AlertMap files:

$SPECROOT/SS/CsVendor/Cisco_Router/Cisco_12000/AlertMap

$SPECROOT/SS/CsVendor/Cisco_Router/SwCiscoIOS/AlertMap

$SPECROOT/SS/CsVendor/Cisco_MC3810/Cisco_MC3810/AlertMap

$SPECROOT/SS/CsVendor/CiscoPIX/CisPIXDev/AlertMap

$SPECROOT/SS/CsVendor/Cisco_AS5X/AS5x00/AlertMap

 

The following is how the 1.3.6.1.4.1.9.6.1 is defined in the above AlertMap files:

1.3.6.1.4.1.9.6.1 0x00010003 1.3.6.1.4.1.9.2.9.3.1.1(2,0)\

                             1.3.6.1.4.1.9.2.9.2.1.18(0,0)\

                             1.3.6.1.4.1.9.2.6.1.1.5(5,0)\

                             1.3.6.1.4.1.9.2.6.1.1.1(3,0)\

                             1.3.6.1.4.1.9.2.6.1.1.2(4,0)\

                             1.3.6.1.2.1.6.13.1.1(1,0)

 

 

CAUSE:  Although the 1.3.6.1.4.1.9.6.1 trap is defined in the above noted AlertMap files, it will not be processed on the model shown in the in the unknown alert event because the model type of the model is GnSNMPDev. The AlertMap files notes above are model type specific and will only process the 1.3.6.1.4.1.9.6.1 trap on the following model types:

Cisco_12000

SwCiscoIOS

Cisco_MC3810

CisPIXDev

AS5x00

 

RESOLUTION:  Manually add the AlertMap definition for the 1.3.6.1.4.1.9.6.1 trap to the $SPECROOT/custom/Events/AlertMap file on all of the SpectroSERVER systems in the Distributed SpectroSERVER environment and then update the Event Configuration for each landscape for the change to take affect.