nv-l

Re: [nv-l] Help with an unknown trap - PLEASE!

2002-08-29 08:46:47
Subject: Re: [nv-l] Help with an unknown trap - PLEASE!
From: James Shanks <jshanks AT us.ibm DOT com>
To: "Westphal, Raymond" <RWestphal AT erac DOT com>
Date: Thu, 29 Aug 2002 08:46:47 -0400
Ray -
The trace you have provided if for a different trap with the same 
enterprise ID, which is 1.3.6.1.2.1.  This is the OID of a standard SNMP 
MIB-II element, which you can see if you use the MIB browser, xnmbrowser, 
and go down the tree.  Try it.  Follow down to 
".iso.org.dod.internet.mgmt"  and with mib-2 in the window, click 
"Describe".  It shows that this has the OID .1.3.6.1.2.1.   That's what 
you have to define as an enterprise in trapd.conf, just as the "NO FMT" 
message in the trapd.log said.  Call it whatever you like.  How about 
"SNMPV1-MIB2"?

The rest of message says  that this trapd is generic type 6 and specific 
type 2, and that it has two variables with it.  The first is  variable is
vtpVlanTable.vtpVlanEntry.vtpVlanIndex.1.892 and has an integer value of " 
892 ".  I don't know what that means to your switch -- you'll have to consult 
Cisco for that - but it looks like a port to 
me.  The second variable is ifMIB.ifMIBObjects.ifXTable.ifXE
ntry.ifName.48 and has a text (OctetString) value of " Fa0/48 ".  That looks 
like an interface name to me, but again, you'll have to 
consult Cisco doc to determine what it means.   In any case, the "No FMT" 
message tells you everything you need to know about how to define this 
trap to trapd.conf.
You don't need the trace.

The trace message you provided is for the same enterprise id, 1.3.6.1.2.1, 
but for specific trap number 1, not 2.  There is probably another "No FMT" 
message in your trapd.log which spells this one out too.  I have provided 
the translation below.  Since they are so similar I am not surprised your 
were confused.  In any case, just define the enterprise and specific traps 
1 and 2 and the "No FMT" will go away.  But you'll have to consult Cisco 
to determine what the traps mean.

Hope this helps

30 44 02 01 00 04 0a XX XX XX XX XX XX XX XX XX     0D.....XXXXXXXXX
XX a4 33 06 05 2b 06 01 02 01 40 04 aa bb cc dd     [email protected]
02 01 06 02 01 01 43 04 06 1d af 77 30 18 30 16     ......C....w0.0.
06 10 2b 06 01 04 01 09 09 2e 01 03 01 01 01 01     ..+.............
86 7c 02 02 03 7c -- -- -- -- -- -- -- -- -- -- .|...|..........

30 44               x'30' start of trap, length x'44' or 68 bytes
02 01 00            x'02' means 'integer', length = 1,  x'00' = SNMP V1 
format 
04 0a XX XX XX XX XX XX XX XX XX XX    octet string, 10 bytes, community 
name
a4                  x'a4' means "SNMP PDU type, a trap"
33                  remaining length x'33' or 51 bytes
06 05 2b 06 01 02 01   x'06' = Enterprise ID, length =5, value = 
1.3.6.1.2.1 
40 04 aa bb cc dd      x'40' means IP Address 
02 01 06               x'02' integer, length of 1, value = 6  generic trap 
type (vendor)
02 01 01               x'01' integer, length of 1, value = 1  specific 
trap number 
43 04 06 1d af 77      x'43' time ticks  length of 4, value x'61daf77' or 
102608759
30 18                  x'30' start of variable section x'18' or 24 bytes 
remaining 
30 16                  x'30' first variable x'16' or 22 bytes long
06 10                  x'06' OID of variable, x'10' or 16 bytes long: 
2b 06 01 04 01 09 09 2e 01 03 01 01 01 01 86 7c
1.3.6 .1 .4 .1 .9 .9.46 .1 .3 .1 .1 .1 .1.134.124
02 02 03 7c            x'02' integer,  length=2,  value  x'037c' or  892


James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group




"Westphal, Raymond" <RWestphal AT erac DOT com>
08/28/2002 04:49 PM

 
        To:     "NV List (E-mail)" <nv-l AT lists.tivoli DOT com>
        cc: 
        Subject:        [nv-l] Help with an unknown trap - PLEASE!

 

Hello Everyone.

I've been receiving the following trap from several Cisco 2950 Catalyst
switches. The trap arguments provide the VLAN number and associated 
physical
interface number. I cannot determine which trap definition(s) NV is 
missing.
The hex trace of the trap (from trapd.trace) is listed below. The 
Enterprise
OID provided is only 1.3.6.1.2.1. I crossed out the comm. name and the IP
address in the packet for security. I did confirm that aa.bb.cc.dd is the 
IP
listed at the bottom of the trace. 

Has anyone else encountered this trap or does anyone have a suggestion?

TRAP
****************************************************************************
********************************
1030558010 2  Wed Aug 28 13:06:50 2002 hostname ? NO FMT IN TRAPD.CONF:
mib-2 (1.3.6.1.2
.1) generic:6 specific:2 args(2):  [1]
vtpVlanTable.vtpVlanEntry.vtpVlanIndex.1.892 (Integer): 892
1030558010 2  Wed Aug 28 13:06:50 2002  hostname ?  [2]
ifMIB.ifMIBObjects.ifXTable.ifXE
ntry.ifName.48 (OctetString): Fa0/48
****************************************************************************
********************************
TRACE
Wed Aug 28 09:55:42 2002 send_to_appl: [12] [72000] sent packet 94 bytes
Wed Aug 28 09:55:42 2002 del_first_event: [12] [72000] all events sent
Wed Aug 28 09:55:42 2002 trapd: [15] [112752] ready for writing
Wed Aug 28 09:55:42 2002 send_to_appl: [15] [112752] sending event len 94
Wed Aug 28 09:55:42 2002 send_to_all_appls: [112752] appl queue size 1 of
maximum 30000 events
Wed Aug 28 09:55:42 2002 send_to_appl: [15] [112752] sent packet 94 bytes
Wed Aug 28 09:55:42 2002 del_first_event: [15] [112752] all events sent
30 44 02 01 00 04 0a XX XX XX XX XX XX XX XX XX     0D.....XXXXXXXXX
XX a4 33 06 05 2b 06 01 02 01 40 04 aa bb cc dd     [email protected]
02 01 06 02 01 01 43 04 06 1d af 77 30 18 30 16     ......C....w0.0.
06 10 2b 06 01 04 01 09 09 2e 01 03 01 01 01 01     ..+.............
86 7c 02 02 03 7c -- -- -- -- -- -- -- -- -- --     .|...|..........
Wed Aug 28 09:55:42 2002 queue_event: queued 70 bytes.

Wed Aug 28 09:55:42 2002 process_event: de-queued 70 bytes.

Wed Aug 28 09:55:42 2002 process_event: received UDP trap from aa.bb.cc.dd
****************************************************************************
********************************

Thanks in advance.
Ray Westphal
Enterprise Rent-A-Car



---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com
For additional commands, e-mail: nv-l-help AT lists.tivoli DOT com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)





<Prev in Thread] Current Thread [Next in Thread>