Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
10
Helpful
7
Replies

Ciscoworks causing Config traps

Go to solution
wil6707
Level 1
Level 1

‎05-27-2008 10:41 AM

Hi Folks,

Theres a certain job thats running on Ciscoworks that causes the switches and routers to send out loads of the following traps. "<hostname> Configuration Change, command - commandline, source - running, destination - commandSource. I think it may be cause by thhe config fetches or the inventory polling. I'm finding it hard to tell. Has anyone had this trap showing up a lot, or know what is causing it? It's basically flooding our Openview NNM box with too many traps and I need to try to find a way to eliminate it if possible. Any help would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to wil6707

‎05-27-2008 12:04 PM

By making TFTP the first protocol, and by making sure you have valid read-write SNMP credentials in DCR, then RME will use TFTP and SNMP on all devices that support it. However, traps will still be sent even using this method. They will just have a different command source.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-27-2008 11:04 AM

This could be caused by the config fetch job. It is most definitely not being caused by the inventory collection job. What protocol are you using to fetch your configs?

0 Helpful

Go to solution
wil6707
Level 1
Level 1
In response to Joe Clarke

‎05-27-2008 11:08 AM

It's using default settings under Transport Settings. Protocols in the following order.

TELNET

TFTP

SSH

RCP

HTTPS

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to wil6707

‎05-27-2008 11:23 AM

If the config is being fetched by telnet, then the device will send a ciscoConfigManEvent notification when the show run command is executed. This will only be sent if you've enabled config traps (e.g. snmp-server host 10.1.1.1 traps public config). If you do not want these traps, then disable config traps.

Go to solution
wil6707
Level 1
Level 1
In response to Joe Clarke

‎05-27-2008 11:58 AM

Is it possible to just use TFTP only for the fetch, and would this prevent the traps?

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to wil6707

‎05-27-2008 12:04 PM

By making TFTP the first protocol, and by making sure you have valid read-write SNMP credentials in DCR, then RME will use TFTP and SNMP on all devices that support it. However, traps will still be sent even using this method. They will just have a different command source.

0 Helpful

Go to solution
wil6707
Level 1
Level 1
In response to Joe Clarke

‎05-27-2008 12:09 PM

Okay. Sounds like we need to get rid of some traps then. Thanks for the help.

0 Helpful

Go to solution
Martin Ermel
VIP Alumni
VIP Alumni
In response to wil6707

‎05-27-2008 09:27 PM

another possibiliy should be to set the trap to 'log-only' or 'don't discplay - don't log' in NNM to keep the Alarm Browser clean.

Make a duplicate of the event and define a filter so it will be 'Don't Log - Don't Display' if your LMS server is listed as the source inside the trap. With this you will still see this trap in the Alarm Browser when other sources causes this trap.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents