This issue pertains to resources that reside behind a NAT router that are configured to generate SNMP Traps with Trap Destination of the SMP\Event Console’s IP address. When the resources generate a Trap, the Trap is sent to the Event Receiver and Event Engine and is then processed into the Event Console as an Alert. The problem is that ALL SNMP based Alerts will appear with the same Public IP Address and not the unique physical IP Address of the resource that actually generated the SNMP Trap.
The physical Host IP Address is in the PDU of the SNMP Trap. The Event Engine is not parsing this part of the packet to obtain the Host's IP Address information.
A workaround would be to use an Event Console based Task Rule that would leverage a SQL based task to do the following:
1) Select a record in ec_alert_variable with name 'SNMP::Varbinds' for the particular alert. We can then parse this variable data. (Variable data is in xml format.)
2) We can determine host name
3) Execute following sql updates: update ec_alert set hostname='ABCD' where guid='%!ALERTGUID!%'; update ec_alert_pooled set hostname='ABCD' where guid='%!ALERTGUID!%'; (where 'ABCD' -is required host name.)
This will change host column data in event console grid and in alert details page to reflect physical IP Address.
Symantec Management Platform 7.x
Event Console 7.x
Rate this Article
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.