I have a client who had DFM 3.0.2 instrumented with a TRAP notification group to send DFM events as snmp traps to CIC on port 3100. For the most part this works. Except in some cases.
We get the IF-Down eventtrap from DFM but on some cases not the clear. I cannot find in CIC trap capture files any trace of the clear trap but at the same time I haven't yet got the client convinced that DFM didn't send the trap. hence no TAC case on DFM so far.
Now the client DFM Trap notifier is sending alerts and events on critical and major on active and clears to CIC port 3100 with an event set that includes most everything except manual clears. CIC ignores the alert traps and only processes the event traps.
What do I need to ask the client to do to validate if DFm is sending the clear trap to CIC ? If there a log somewhere for this ? Sniffer trace is too hard to do since ifdowns like this are infrequent and the rest of the traps are high volume.
Verify the Notification Group is configured properly. For cleared notifications to be sent, you need to have both the Cleared and the Informational boxes checked. You should also confirm that the events are actually clearing in the DFM AAD.