2018-08-22 11:32 AM
How would I know that particular events are snmp traps sent from a Linux server, as opposed to the regular logs being sent from the server to RSA SA?
I believe I've configured everything proper for snmp traps to be sent to and received by RSA SA, and want to verify if they're registering or not.
Is there a particular metakey that'll immediately help identify if the traffic is a snmp trap?
2018-09-12 07:40 AM
command tailf /var/log/messages |grep -i snmp
NwLogCollector[22071]: [SnmpTrapCollection] [info] TID: 22285 - Got 1 buffered traps
Yes, got this - only thing is it doesn't tell from which device the trap was received.
Have to painstakingly figure that out from the console manually - a problem when the trap is being mapped to a different device type, or falls under unknown along with several other syslog messages for that device.
Anyhow, thanks!
2018-08-22 11:58 AM
you can login to log collector and very if you are receiving snmp traps or not by using below command.
tailf /var/log/messages |grep -i snmp
The sample output should be like below.
NwLogCollector[22071]: [SnmpTrapCollection] [info] TID: 22285 - Got 1 buffered traps
2018-08-31 11:48 AM
Hi Arjun,
I ran the command tailf /var/log/messages |grep -i snmp, and I get something to this effect -
Aug 31 15:46:00 Collector snmpd[1900]: Connection from UDP: [DeviceIP]:57495->[CollectorIP]
But I see no snmp traps from this device; what does it say here? merely a connection that's available but inactive?
2018-09-12 07:40 AM
command tailf /var/log/messages |grep -i snmp
NwLogCollector[22071]: [SnmpTrapCollection] [info] TID: 22285 - Got 1 buffered traps
Yes, got this - only thing is it doesn't tell from which device the trap was received.
Have to painstakingly figure that out from the console manually - a problem when the trap is being mapped to a different device type, or falls under unknown along with several other syslog messages for that device.
Anyhow, thanks!