Device in Managed Device List 22.214.171.124
Thanks. Do you know of a way that I can identify what device the trap is coming from? I looked in the Analysis-message view and searched on 126.96.36.199. All it told me is:
%NIC-6-508100: Packager,Packager,-,-,-,-,Detail: 1488 Device 188.8.131.52 (unknown): 2 messages processed
No that doesn't help. Packager message is different. We need raw SNMP trap message ( you can get this from event viewer or with a sniffer ). In SNMP trap message you will see something like this 184.108.40.206.220.127.116.11.27
To help, make sure you check the Analyze button and change collection from Candidate to "active"
Then you can start collecting the events that come in from the 18.104.22.168 SNMP device. The raw information can tell you the source.
Let me know how it goes.
I am working on a device Cisco IPS V5.1. One of the SNMP TRAPs in event viewer as below:
May 05 15:55:00 [22.214.171.124] %TRAP 126.96.36.199188.8.131.52system.sysUpTime.0 0:2:10:10.53.iso.org.dod.internet.sampV2........snmpTrapOID.0 enterprises.9.9.383.0.1 enterprises.184.108.40.206.1.1 1197426013243243enterprises.220.127.116.11.1.2......enterprises.18.104.22.168.1.3....enterprises.22.214.171.124.1.4....enterprises.126.96.36.199.2.1.....enterprises.188.8.131.52.2.2.....
I think I should set up UDC manage snmp traps in enVision:
What should be the vendor id? location?
What should be the messager id , location?