IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

ISAM VA and SNMP Trap

Sylvain GilbertFri April 05, 2019 09:12 PM

Hello ISAM Community Well, working at the SNMP trap level of the Appliance may not be a topic as ...

Scott ExtonMon April 08, 2019 01:55 AM

Sylvain, The SNMP capability which is used by the ISAM appliance is based on the net-snmp package ( ...

1. ISAM VA and SNMP Trap

Like
Sylvain Gilbert
Posted Fri April 05, 2019 09:12 PM

Reply
Hello ISAM Community

Well, working at the SNMP trap level of the Appliance may not be a topic as sexy as configuring cool AAC/Federation functionality but someone must do it, right? (-;

Lately our NMS team has upgraded their SNMP trap receiving system from a single host environment to an HA solution, and now SNMP traps are sent across a load-balancer.

Nothing to worry, right?

Well, we just found out by tracing packets that ISAM includes an empty (0.0.0.0) "agent-addr" field when configured to send trap in SNMP V1. When configured in SNMP V2C, it does not include the "agent-addr" field at all.

What happens next is that SNMP traps sent by ISAM Appliance when received in the NMS system lose the originating IP source context therefore it cannot determine from which equipment it originated thus the SNMP Trap to equipment correlation is broken.

Don't know if there was any though given when this sub-system was design and if it is too late to incorporate this? Will probably consider opening an RFE but I welcome any comments or experience sharing on this particular "boring" SNMP trap topic (-;

Sylvain
2. RE: ISAM VA and SNMP Trap

Like
Scott Exton
Posted Mon April 08, 2019 01:55 AM

Reply
Sylvain,

The SNMP capability which is used by the ISAM appliance is based on the net-snmp package (http://www.net-snmp.org/). I'm not currently sure how the net-snmp package is setting the 'agent-addr' field, but after a very brief look I can't see a way to configure this. Anyway, I'll try to find some more time to investigate further tomorrow.

Thanks,

Scott.

------------------------------
Scott Exton
IBM
Gold Coast
------------------------------

Original Message

IBM Verify

IBM Verify

ISAM VA and SNMP Trap

Sylvain GilbertFri April 05, 2019 09:12 PM

Scott ExtonMon April 08, 2019 01:55 AM

1. ISAM VA and SNMP Trap

2. RE: ISAM VA and SNMP Trap

Additional
Resources

Office

Quick Links

IBM Verify

IBM Verify

ISAM VA and SNMP Trap

Sylvain GilbertFri April 05, 2019 09:12 PM

Scott ExtonMon April 08, 2019 01:55 AM

1. ISAM VA and SNMP Trap

2. RE: ISAM VA and SNMP Trap

Related Content

ISVA DevOps: Optimizing system alerts visibility by selectively muting them

Log Forwarder Configuration in IBM Security Identity Governance and Intelligence Virtual Appliance (IGI-VA)

ISAM SNMP and Splunk

Hybrid ISAM Environments

What is new in IBM Security Access Manager V9.0.7.0

Additional Resources

Office

Quick Links

Additional
Resources