SNMP Traps causing trouble

Unanswered Question
Jun 11th, 2009

Hello all,

I have been attempting to send SNMP traps from our IPS to a management PC, but I don't believe they are being sent. Here is what I have done so far:

On the management PC, I have tshark listening on port 162 for any incoming UDP packets. By using nmap from other systems on the same network as the IPS, I have used nmap to send a UDP ping to this system. This has allowed me to verify that tshark is working properly and printing out these packets.

On the IPS, I can ping the management PC (although I obviously cannot test with nmap). I have also enabled SNMP traps and set it to notify for fatal, error, or warning events. I have enabled detailed traps and set a community string. Finally, I added the management pc as the destination on port 162 with the correct community string.

So in order to test this, I set an event action override for low, medium and high risk events to "Request SNMP Trap". Once I have done this, I can monitor the events that are triggered through IPSME, and I have verified that all of these type of events have the action to request the SNMP trap.

When I check the management PC, nothing has come through on tshark.

Is there something simple I am missing? Can I use an event action override for this? Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
natehausrath Fri, 06/12/2009 - 08:16

It turns out that the firewall on IPS side was blocking SNMP from that system specifically. So my UDP packet tests were allowed from other machines, but the SNMP traps from the IPS were not.

I'm glad it was something like this rather than the IPS acting strangely.


This Discussion