SiteScope doesnt recive SNMP Traps (1191 Views)
Reply
Occasional Visitor
lamama
Posts: 1
Registered: ‎05-10-2012
Message 1 of 24 (1,191 Views)

SiteScope doesnt recive SNMP Traps

Greetings HP forum members,

im getting an SNMP traps from server to the SiteScope server (can see that via software called: "snmp trap reciver")

we are monitoring technology log file which supposed to monitor the SNMP log.

its been working fine till 1 week ago and suddenly it doesnt do anything / the log file doesnt update so its not monitoring

anything...

 

we also created snmp trap monitor the resault is:

address in use

 

SiteScope version is 11.12 on Windows server 2008 R2 (if that helps)

anyone can help me?

 

Many thanks and Best Regards,

Lamama. :)

Please use plain text.
Valued Contributor
gtodorov
Posts: 80
Registered: ‎10-29-2010
Message 2 of 24 (1,164 Views)

Re: SiteScope doesnt recive SNMP Traps

Remove or stop all additional SNMP tools and services.
Add at least one SNMP monitor.
Restart SiS
:)
Please use plain text.
Occasional Visitor
AshAsh
Posts: 1
Registered: ‎08-06-2013
Message 3 of 24 (1,062 Views)

Re: SiteScope doesnt recive SNMP Traps

I'm having a similar problem and hoping someone can assist.

 

OS is Windows 2008 R2, SiteScope 11.22

 

I have configured a single 'SNMP Trap' monitor that I want to alert me when SNMP traps are received from a web application firewall device. I believe the remote end is correctly configured and running tcpdump on it (it's based on CentOS) I can see it sending out UDP traffic on port 162 to the IP of the box I run SiteScope on.

 

Unfortunately in SiteScope when configuring the SNMP Trap monitor and using the 'Use Tool' button and then clicking 'Run Tool' (with 'Content match:' left empty to match all content) I get '0 traps' returned. The same thing happens if I use the 'SNMP Trap Tool' via the 'Tools' menu.

 

Under 'Preferences' --> 'SNMP Preferences' I have the following configured in the 'Receive SNMP Traps Preferences' section:

 

Name: test

Host: 10.x.x.x  # The IP of the web application firewall

Port: 162

 

I've read that a SiteScope/logs/snmptrap.log file should be being appended to if SiteScope is to configured to receive traps. This log doesn't exist in my setup.

 

I also came across this (very old - 2004) reference which refers to key/values in SiteScope/groups/master.config http://sitescope.edc.com.mx/SiteScope/docs/master_config.htm

 

It suggests some important ones should be in that config which are not in mine - eg. _snmpTrapListener amd _snmpTrapListenerIP

 

Perhaps this is OK and this is out of date, but these are the main _snmp* settings I see in my config:

 

_snmpAddPrefix=
_snmpCommunity=
_snmpEnableBrowsableLog=0
_snmpGeneric=
_snmpHost=
_snmpMonitor=1.3.6.1.2.1.1.1 system.sysDescr
_snmpMonitor=1.3.6.1.2.1.1.3 system.sysUpTime
_snmpMonitor=1.3.6.1.2.1.4.3 ip.ipInReceives
_snmpMonitor=1.3.6.1.2.1.4.6 ip.ipForwDatagrams
_snmpMonitor=1.3.6.1.2.1.2.2.1.8 ifSpecific.ifOperStatus
_snmpMonitor=1.3.6.1.2.1.2.2.1.5 ifSpecific.ifSpeed
_snmpMonitor=1.3.6.1.2.1.2.2.1.10 ifSpecific.ifInOctets
_snmpMonitor=1.3.6.1.2.1.2.2.1.11 ifSpecific.ifInPackets
_snmpMonitor=1.3.6.1.2.1.2.2.1.13 ifSpecific.ifInDiscards
_snmpMonitor=1.3.6.1.2.1.2.2.1.14 ifSpecific.ifInErrors
_snmpMonitor=1.3.6.1.2.1.2.2.1.16 ifSpecific.ifOutOctets
_snmpMonitor=1.3.6.1.2.1.2.2.1.17 ifSpecific.ifOutPackets
_snmpMonitor=1.3.6.1.2.1.2.2.1.19 ifSpecific.ifOutDiscards
_snmpMonitor=1.3.6.1.2.1.2.2.1.20 ifSpecific.ifOutErrors
_snmpMonitor=1.3.6.1.4.1.9.2.1.8 cisco.system.freeMem
_snmpMonitor=1.3.6.1.4.1.9.2.1.58 cisco.cpu.avgBusy5
_snmpMonitor=1.3.6.1.4.1.9.2.1.57 cisco.cpu.avgBusy1
_snmpMonitor=1.3.6.1.4.1.9.2.1.79 cisco.system.envTestPt1Measure
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.6 cisco.locIfInBitsSec
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.7 cisco.locIfInPktsSec
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.8 cisco.locIfOutBitsSec
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.9 cisco.locIfOutPktsSec
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.14 cisco.locIfInOverrun
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.25 cisco.locIfCollisions
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.26 cisco.locIfInputQueueDrops
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.27 cisco.locIfOutputQueueDrops
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.44 cisco.locIfipInOctets
_snmpMonitor=1.3.6.1.4.1.9.2.2.1.1.45 cisco.locIfipOutOctets
_snmpMonitorMaximum=10
_snmpObjectID=
_snmpObjectIDOther=
_snmpPort=
_snmpSpecific=
_snmpTrapEncoding=ISO8859-1
_SNMPTrapMonitorDetailsMax=1000
_snmpTrapSource=
_snmpTrapVersion=

 

 

I'm not sure if these are still used/important -- if they are I'd imagine things like _snmpHost and _snmpPort should be populated? Unsure.

 

I think my problem is, if SiteScope is meant to include full functionality to respond to SNMP traps, is that it's not running any kind of listener to receive traps and therefore isn't writing said logfile.

 

Alternatively, is SiteScope meant to piggy-back of the Windows SNMP service, or Windows SNMP Trap service? I haven't done a great deal of configuration in these sections (in fact there's none available in the latter) but have tried ensuring community strings exist under the SNMP service preferences and they match what I configured on the remote device, and included the IP of hte remote device under 'Accept SNMP packets from these hosts'. I've also configured a matching community name in the 'Traps' tab and configured trap destinations as 'localhost'. Unsure if any of this is required (documentation unclear).

 

I've tried turning on and off the SNMP Trap service. If I stop it, the SiteScope server rejects the traps from the remote device at the IP level as no port is listening.

 

In my current situation, and somewhat following the brief advice in the previous post, I have the SiteScope Receive SNMP Trap Preferences to receive traps directly from the remote device on port 16000 to bypass any port conflict from the standard Windows SNMP service, and have restarted SiteScope.

 

This isn't working as again, nothing is listening on port 16000. What am I meant to do to get either SiteScope listening for traps, or reocnfiguring the Windows SNMP services to correctly deal with them and forward to SiteScope?

 

Help!

 

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 4 of 24 (1,056 Views)

Re: SiteScope doesnt recive SNMP Traps

If error is address in use that means something else is using port 163 (SNMP). You may want to check _snmpPort= entry in master.config
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 5 of 24 (1,013 Views)

Re: SiteScope doesnt recive SNMP Traps

I am facing same problem . I instrumented SNMP trap monitor with sitescope to receive trap but not getting any trap.

I checked and everything looks ok but according to documents there should be SNMPTrap.log file in <Sitescope_root_dir>/logs but in my case it is not created and SNMP trap service is also running.

 

SiteScope version :11.22

OS : windows 2008 R2

Traps sent from device running on CentOS .

 

any help will be appriciated .

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 6 of 24 (1,010 Views)

Re: SiteScope doesnt recive SNMP Traps

[ Edited ]

Hi Mahesh472006

 

 

I'd start by confirming that your Sitescope server is indeed listening on port 162. To do that, an easy way is to run the following in commandline:

 

netstat -an | findstr :162

 

 

If your server is listening, the above command should produce something like this:

 

  UDP    0.0.0.0:162            *:*
  UDP    [::ffff:10.20.30.40]:162  *:*

 

 

If you didn't get results similar to the above, confirm that you have at least one SNMP Trap monitor running on your Sitescope.

 

 

To take things a step further, confirm that port 162 is actually being used by Sitescope and not something else. To do that, run the following command from a commandline:

 

netstat -ano | findstr :162

 

 

The above command will give you something like this:

  UDP    0.0.0.0:162            *:*                                    3184
  UDP    [::ffff:10.20.30.40]:162  *:*                                    3184

 

 

That number at the end is the PID of the process using the port in question. So now, run the following (change the number to match the number you got back):

tasklist | findstr 3184

 

 

If it is Sitescope that's using that port, you should see something like this:

SiteScope.exe                 3184 Services                   0    758?408 K

 

 

 

Assuming all the above checks out for you, I'd next confirm that a) your firewalls are permitting UDP traffic from the device sending SNMP traps to your Sitescope server over UDP port 162 and b) that the device sending the SNMP traps are sending the traps to your Sitescope server over UDP port 162.

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 7 of 24 (1,005 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

when i am executing 

 

netstat -an | findstr :162

 

i am getting following result :

 

UDP 0.0.0.0:162 *:*
UDP 0.0.0.0:162 *:*
UDP [::]:162 *:*
UDP [::ffff:169.254.248.178%13]:162 *:*

 

 

and when i am executing :

 

netstat -ano | findstr :162

 

i am getting following :

 

UDP 0.0.0.0:162 *:* 36872
UDP 0.0.0.0:162 *:* 34124
UDP [::]:162 *:* 36872
UDP [::ffff:169.254.248.178%13]:162 *: 34124

 

and after this when i am issuing :

 

tasklist | findstr 36872

 

the o/p is :

snmptrap.exe                 36872 Services                   0      3,864 K

 

and when i am issuing :

 

tasklist | findstr 34124

 

the o/p is :

SiteScope.exe                34124 Services                   0  1,069,392 K

 

 

Regards

 

Mahesh

 

 

 

 

 

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 8 of 24 (1,004 Views)

Re: SiteScope doesnt recive SNMP Traps

Anser for both your question is yes :

a) there is no firewall issue , i checked it with telnet.

b)the device is sending traffic(snmp traps) on port 162

 

 

 

 

Regards

 

Mahesh

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 9 of 24 (1,000 Views)

Re: SiteScope doesnt recive SNMP Traps

[ Edited ]

Hi Mahesh


I'm slightly concerned with this bit that you posted:

UDP 0.0.0.0:162 *:* 36872
UDP 0.0.0.0:162 *:* 34124
UDP [::]:162 *:* 36872
UDP [::ffff:169.254.248.178%13]:162 *: 34124


There shouldn't be two processes both binding to port 162. In fact, I'm a bit baffled how the Windows OS would allow something like this, but that's beside the point.

It looks like you have your Windows "SNMP Trap" service started, correct?
If so, stop the "SNMP Trap" service, set it to "Manual", then retry your Sitescope monitors.
What you're looking for is for one process only to be binded to UDP port 162, so after you've stopped the "SNMP Trap" process, run the following command again and confirm that you're only seeing one PID coming back:
netstat -ano | findstr :162

If the SNMP traps are sent and received successfully, you should see a new logfile called "snmptrap.log" appearing in your Sitescope logfile directory.

 

 

EDIT: I did some more reading on UDP ports and, apparently, it is possible to have multiple processes binding to the same UDP port. I'd personally not recommend this though, but that's more a matter of personal opinion than anything else.

 

I'd still recommend having only Sitescope bind to port 162 in this case. Either that, or change the SNMP port for Sitescope.

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 10 of 24 (977 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

I stopped SNMP service and now only sitescope.exe process is bind with port 162.

 

I tried again but still not able to capture SNMP traps and even SNMPTrap.log file is not created under <Sitescope_root_dir>/logs. Please let me know If something else that we need to check .

 

 

 

Regards

 

Mahesh 

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 11 of 24 (976 Views)

Re: SiteScope doesnt recive SNMP Traps

when i am trying to telnet the server from where traps are triggered with port 162, i am getting connection refused error.

but with port 8080, its working fine .

 

 

 

Regards

 

Mahesh 

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 12 of 24 (973 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi Mahesh


I doubt telnet will be useful for testing whether you can connect to port 162 unfortunately, as it is a UDP port.

Your SNMP traps will definitely need to be sent to port 162 though. If it still doesn't work, I'd get a network admin to check the firewall side of things out just to be safe.

Your connection to port 8080 is fine as you say, so it might be unlikely that there is a firewall issue. Could be worthwhile having it double-checked in any event, just in case.
Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 13 of 24 (972 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

Do you have any idea how to check connectivity with UDP port ?Netcat is not installed on the server.

 

 

Regards

 

Mahesh Aggarwal

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 14 of 24 (966 Views)

Re: SiteScope doesnt recive SNMP Traps

[ Edited ]

Have you created a Receiver SNMP preference pointing to SiS server on port 162 before creating the monitor?

 

You can use iReasoning MiB browser to check if traps are comming in to SiS server, there is a portable version that doesnt require installation (zip file): http://ireasoning.com/download.shtml

Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 15 of 24 (961 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

 

i haven't created Receiver SNMP preference pointing to SiS and i have no idea how to do that .

 

I have downloded MIB Browser enterprise edition and when i am using this , it is showing some integer value with respect to OID.

 

 

Regards

 

Mahesh

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 16 of 24 (949 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi Mahesh

 

 

Not sure which OS you have running on the device that is sending the SNMP traps, but if it's a *Nix type system with SNMP v2 installed, you could give this command a try as a simple test:

 

snmptrap -v 2c -c public <YOUR_SITESCOPE_IP>:162 '' 1.3.6.1.4.1.2021.13.991 .1.3.6.1.2.1.1.6 s "`hostname`" 1.3.6.1.2.1.2.6 s "TEST SNMP TRAP" 1.3.6.1.2.1.3.6 s "Application" 1.3.6.1.2.1.7.6 s "Critical" 1.3.6.1.2.1.9.6 s "This is a test SNMP trap to see if communications are OK"

 

 

If the above command runs OK, you should see an entry in your snmptrap.log file on the Sitescope side matching what was sent above.

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 17 of 24 (935 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

I run the above mentioned command and it's showing nothing in command line and also the snmptrap.log file is not created under <sis_root_dir>/logs folder.Is there any other way to check if sitescope is capturing traps or not /

 

 

 

Regards

 

Mahesh Aggarwal

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 18 of 24 (930 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi Mahesh

 

 

You can try the built-in Sitescope SNMP Trap tool, but if there's no snmptrap.log then I'm relatively sure Sitescope hasn't received anything yet.

 

To test though, in your Sitescope UI, go to "Tools" (bottom left), then "SNMP Tools", then "SNMP Trap tool". Fill in the following in the content match area:

 

/(.*)/

 

 

Now click on "Run Tool". It should display all the SNMP traps received (if any).

 

 

At this stage, we know that you have the necessary SNMP Trap monitors running and that only Sitescope is listening on port 162. We also know that neither the method your application uses to send SNMP traps nor the "snmptrap" utility produces any received traps on the Sitescope side of things.

This leads me to suspect that the issue is something to do with communications, most likely UDP port 162 not being allowed from your device sending the SNMP traps to your Sitescope machine.

 

I'd ask your network administrator to check, and if communications are indeed not allowed, to permit.

 

 

If you want to be absolutely sure everything checks out on your Sitescope machine, I'd suggest trying to send an SNMP trap to Sitescope from your Sitescope machine, or an SNMP trap loopback test of sorts. Have a look at http://h30499.www3.hp.com/t5/Systems-Management-OpenView-OP/SNMP-Trap-send-tool/td-p/3115759#.UkAtHX... and download the tool if you want. It should be possible to configure that tool to send to your Sitescope machine from your Sitescope machine.


That should at the very least result in a generated snmptrap.log file.

 

 

I think get your network admin to start checking out communications between your device and Sitescope machine so long though. If anything, it should at least save you some time hopefully.

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 19 of 24 (920 Views)

Re: SiteScope doesnt recive SNMP Traps

You need to create the receiver preference in SNMP preferences, just put SiS server IP and port 162.
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 20 of 24 (915 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

I tried the ablove mentioned tool and tried to send trap from my Sitescope machine to sitescope. It is working file, with this i am able to create a snmptrap.log file .So it means there is some network communication problem or some other reason that i am not able to capture traps from other devices ?

 

 

 

Regards

 

Mahesh Aggarwal

Please use plain text.
Respected Contributor
dcsbeemer
Posts: 294
Registered: ‎07-19-2011
Message 21 of 24 (900 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi Mahesh

 

 

That narrows it down to network communications I'd say.

We know your Sitescope appears to do what it's supposed to, so the only conclusion I can make at this point is that your Sitescope isn't creating an snmptrap.log file as it's simply not receiving any SNMP traps from the device you're trying to send from.

 

I'd try Kenneth's recommendations as well, but again, to me this looks like a definite firewall issue.

Please use plain text.
Advisor
Mahesh472006
Posts: 10
Registered: ‎09-20-2013
Message 22 of 24 (888 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

 

Thanks for the help you provided..finally i am able to receive trap with sitescope .I’ve added a public lookup between sending server and siteserver and now it is working fine. 

 

 

Regards

 

Mahesh Aggarwal

Please use plain text.
ykk
Occasional Collector
ykk
Posts: 3
Registered: ‎09-10-2012
Message 23 of 24 (636 Views)

Re: SiteScope doesnt recive SNMP Traps

[ Edited ]

Hi, I am having the same problem that Sitescope is not recieving any traps. when I ran the commands,PFB the output.

 

netstat -ano | findstr :162
UDP 0.0.0.0:162 *:* 34760
UDP [::]:162 *:* 34760

tasklist | findstr 34760
snmptrap.exe 34760 Services 0 8,208 K

 

Seems that the port 162 is listening. But Sitescope is not running using 162 port. Can you let me know how I can make Sitescope to use 162 port. It was using 162 port before and was recieving the traps. Suddenly it stopped recieving traps and this seems to be the reason.

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 24 of 24 (632 Views)

Re: SiteScope doesnt recive SNMP Traps

Hi,

It appears you also have snmptrap service running so SiS can't bind to port 162, you need to shut it down.
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation