This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-03-27 02:25 PM

Device in Managed Device List 1.0.0.0

A device keeps showing up in the Managed Monitored Device page, 1.0.0.0 device type unknown.  What is this and do I need to set the device type to something specific for proper operation of Envision?
0 Likes
Reply
6 Replies
RSAAdmin
Beginner
Beginner
‎2008-03-27 04:14 PM

This happens when envision system receives a SNMP trap and the envision system is not configured to understand SNMP trap OID. Please refer to the SNMP trap documentation from the device vendor and configure it in envision GUI->Overview tab->System configuration->Services->Universal Device Collection->Manage SNMP traps.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-03-27 04:35 PM

Thanks.  Do you know of a way that I can identify what device the trap is coming from?  I looked in the Analysis-message view and searched on 1.0.0.0.  All it told me is:

 

%NIC-6-508100: Packager,Packager,-,-,-,-,Detail: 1488 Device 1.0.0.0 (unknown): 2 messages processed

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-03-27 04:44 PM

No that doesn't help. Packager message is different. We need raw SNMP trap message ( you can get this from event viewer or with a sniffer ). In SNMP trap message you will see something like this 1.3.6.1.4.1.9.9.27

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-04-02 12:28 PM

To help, make sure you check the Analyze button and change collection from Candidate to "active"

 

Then you can start collecting the events that come in from the 1.0.0.0 SNMP device. The raw information can tell you the source.

 

Let me know how it goes.

 

Mark. 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-05-16 01:10 AM

I am working on a device Cisco IPS V5.1. One of the SNMP TRAPs in event viewer as below:

 

May 05 15:55:00 [1.0.0.0] %TRAP [0]198.2.1.12[1]198.2.1.12[2]system.sysUpTime.0 0:2:10:10.53[3].iso.org.dod.internet.sampV2........snmpTrapOID.0 enterprises.9.9.383.0.1 [4]enterprises.9.9.38.1.1.1 1197426013243243[5]enterprises.9.9.38.1.1.2......[5]enterprises.9.9.38.1.1.3....[6]enterprises.9.9.38.1.1.4....[7]enterprises.9.9.38.1.2.1.....[8]enterprises.9.9.38.1.2.2.....

 

I think I should set up UDC manage snmp traps in enVision:

What should be the vendor id? location?

What should be the messager id , location?  

 

Thanks,

 

Joy 

Message Edited by jtian on05-16-200801:33 AM
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-06-27 07:50 AM

To identify the IP address of the device which is sending these traps, go to the Analysis tab and select the device type as unknown and the IP address 1.0.0.0. From these raw logs you will be identify the IP address of the device that is sending these messages.
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.