Thanks. Do you know of a way that I can identify what device the trap is coming from? I looked in the Analysis-message view and searched on 188.8.131.52. All it told me is:
%NIC-6-508100: Packager,Packager,-,-,-,-,Detail: 1488 Device 184.108.40.206 (unknown): 2 messages processed
No that doesn't help. Packager message is different. We need raw SNMP trap message ( you can get this from event viewer or with a sniffer ). In SNMP trap message you will see something like this 220.127.116.11.18.104.22.168.27
To help, make sure you check the Analyze button and change collection from Candidate to "active"
Then you can start collecting the events that come in from the 22.214.171.124 SNMP device. The raw information can tell you the source.
Let me know how it goes.
I am working on a device Cisco IPS V5.1. One of the SNMP TRAPs in event viewer as below:
May 05 15:55:00 [126.96.36.199] %TRAP 188.8.131.52184.108.40.206system.sysUpTime.0 0:2:10:10.53.iso.org.dod.internet.sampV2........snmpTrapOID.0 enterprises.9.9.383.0.1 enterprises.220.127.116.11.1.1 1197426013243243enterprises.18.104.22.168.1.2......enterprises.22.214.171.124.1.3....enterprises.126.96.36.199.1.4....enterprises.188.8.131.52.2.1.....enterprises.184.108.40.206.2.2.....
I think I should set up UDC manage snmp traps in enVision:
What should be the vendor id? location?
What should be the messager id , location?
Retrieving data ...