|[Date Prev] [Date Next]||[Thread Prev] [Thread Next]||[Date Index] [Thread Index]|
[nocol-users] Trapmon and SNMP traps
I finally got trapmon working, after trying to figure out the "Cannot find mib.txt" error forever. I used the export/mibfile_v2 suggestion that someone posted in the archives and it worked. Thanks! Now here's another question.... our firewall sends SNMP traps to the server running the monitor, and here's the trap received as shown in trapmon when run manually: ***** BEGIN RECEIVED V1 TRAP ***** xx.xx.x.x: Enterprise Specific Trap (0) Uptime: 44 days, 2:12:22 Src Enterprise ID .126.96.36.199.4.1.2622.1.1 Name: .iso.org.dod.internet.private.enterprises.26188.8.131.52.0 -> OCTET STRING- (ascii): 1Aug2000 16:59:28 drop spinoze >qfe0 snmpt rap proto tcp src 17x.1xx.1x4 dst spinoze servi ce telnet s_port 22x4 len 48 rule 4 xlatesrc xxx .xx.x.xxx xlatedst spinoza xlatesport 2xx4 xlate dport telnet. ***** END OF RECEIVED V1 TRAP ***** (removed IPs & port #'s for security) Now my question is this.. when the trap is received, netconsole (and the web interface) simply show a warning for this trap, but we can't view the details of the trap that says specifically that the problem was someone tried to telnet into our firewall. Is there a way to view this exact trap from the web interface? It would provide us with so much more information then just the simple warning message. Any help would be greatly appreciated. Thanks, Adam Orentlicher Thaumaturgix, Inc.