IBM Support

Mttrapd SNMP ProbeWatch Trap IP Status and Trap Flood

Question & Answer


Question

What generates the ProbeWatch events Trap IP Status and Trap Flood?

Cause

New ProbeWatch events for Trap IP Status and Trap Flood were added in Mttrapd probe version 19.

Answer

In conjuction with new 'mttrapd_flood_control.rules’ logging, two new Probewatch types will aid the user to track the state of IP status and Trap Flood on the Event List.

 (1) [Trap IP Status] ProbeWatch

- Triggered

o After rules functions: drop_list_add() and drop_list_remove(). (See mttrapd_flood_control.rules)

o When probe exiting, internal clean-up procedure on Drop List will send a Probewatch for each blocked IP. 

Rationale: Send Probewatch to clear the Problem entries, so that *no* previous blocked IP problems stay in Event List after probe restarts.

- Alarm-like

o In the event of an IP being blocked (i.e., added to Drop List), a Probewatch is sent to ObjectServer as a Problem – a red entry in Event List. When the IP is unblocked, another Probewatch is sent as Resolution to clear the Problem entry.

o Each blocked IP has its own Problem entry in Event List. 

o AlertGroup is “Trap IP Status”.

(2) [Trap Flood] Probe Watch

-  Sent from genevent() in mttrapd_flood_control.rules.

o The content of summary is the log messages in Report code section in the mentioned rules file.

 - (Almost) Heartbeat-like

o Periodically generated so far as mttrapd_flood_control.rules is regularly processed. The interval is

OplMttrapdReportInterval.

o AlertGroup is “Trap Flood”.

 

Probewatch in Event List

[Trap IP Status] Probewatch:

Before:

drop_list_add() added “9.127.xx.220” to Drop List

 

After:

drop_list_remove() removed “9.127.xx.220” from Drop List


 

 

Before:

When probe runs, some IPs have been blocked.

 

 

After:

Right before probe exits, each blocked IP is unblocked again as probe cleans up Drop List (IPs are removed from the list).


  

Note:

After a short while the resolved event entries will be cleared from Event List.

[Trap Flood] Probewatch:


 Below are the TRAP FLOOD event details


 

[{"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"SNMP Probe","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.4.0;7.3.1;8.1.0","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21697286

Page Feedback