SNMP Traps Received are Incorrect
I am running SCOM 2012 R2 and I have setup SNMP to receive traps from my HP Procurve switches. All my switches were bought at different times so they have different revisions. I opened a thread about this before, but it was not answered and has
died off so I figured I'd open a new one. If I connect to a switch and view the logs, they come out correctly. The entries would read "Port #19 is now off-line". That same entry in SCOM would read "19". I configured
the same switch to send traps to my PC and I used a simple SNMP trap receiver and the alerts were correct. I was told to update the firmware so I did. But even the switches with the latest firmware show up incorrect in SCOM. Does anyone know
how to fix this issue? HP said to update the MIB's on my management server, but you cannot do that with SCOM. The picture shows a PUTTY session and the logs are displayed correctly. The second picture is the app on my PC and the one on the
bottom is from SCOM:
October 22nd, 2014 2:41pm
HP said to update the MIB's : this is a hint that your OID value is changed for you SNMP Trap. You should update your snmp trap monitor/rule to reflect the updated SNMP trap
October 23rd, 2014 6:07am
How do I go about that? The OID portion of the rule is blank to monitor all OID's.
Thursday, October 23, 2014 7:41 PM
October 23rd, 2014 12:42pm
I updated the firmware/MIB's on one of my switches. The traps are still coming in as numbers only.
October 27th, 2014 4:24pm
I did some more research and I found out that if I configure my switches to send all traps instead of critical, Not-info, or informs, then the traps are sent correctly. EXCEPT for any "Warning" labeled traps. Any trap that is "Port
#19 is now on-Line" will come through fine, because it's an informational alert. However, the alert "Excessive broadcasts on port #19" that is labeled as a warning comes in as only "19". So it looks like SCOM cannot decipher
a warning alert, but has no problem reading informational alerts. Please respond.
October 28th, 2014 8:14pm
From your description, you consider it to be caused by that SCOM can't decipher a warning alert while can read informational alerts. Could you please capture the screenshot again as it looks like not so clear. thanks for your time.
November 4th, 2014 10:06am
Also, if you can, can you provide repro steps? I dont have a HP Procurve switch, but if this is a general issue, I should be able to reproduce that.
November 11th, 2014 2:45am
I setup SNMP on my server. I disabled the trap service. I setup an SNMP Trab based event. Under Monitors, I created a new folder and created a New Event View and pointed to the Trap event.
November 11th, 2014 7:35pm
Here is a new screen shot. The top one is from SCOM. The bottom one is from the switch.
November 11th, 2014 7:36pm
I am opening a new thread because this one is old.
March 12th, 2015 3:22pm