Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Netscreen Devices

Status
Not open for further replies.
Trancemission

Trancemission

Technical User
Oct 16, 2001
108
GB
I have been using openview on and off in the past year to montior a couple of web site installations. All of the nodes which I have monitored/managed have been Solaris all with Openview agents so it has been quite simple, plus I have been on an Openview course.

I have now been tasked with adding our network of netscreen firewalls to our system.

I have have very little [okay none] experiance on nodes without agent software [ie that only send snmp traps]

I am getting quite lost as to how to go about adding showing the SNMP traps in my message browser. Once I have this I am sure I can learn from there but I cannot even get that far. I am as far as adding the node and it will go red when I unplug the device. I have configured it to send snmp traps to my management server.

The only documentation I have reagarding SNMP and Openview is very limited and not helping at all.


I am currently in the testing phase so only need to get stuff working, once we have proved this and we will be using it then I will be off on a course etc. but until then and help would be appreciated.

Cheers Trancemission
=============
If it's logical, it'll work!
 
Sort by date Sort by votes
My experience is with NetView but it should convert :)

I have a few questions for you before I can answer your questions.
Are the Netscreen devices configured to forward SNMP traps to OpenView?
What are you receiving in the trapd log?
Is your events application indicating a trap received with unknown format?
Do you have the MIB file for the Netscreen devices?
Do you have Ping and SNMP access to the devices?

Cheers
Don
 
Upvote 0 Downvote
Don,

Thanks for your reply.

I have got a bit further, I think my problem lies in the MIB's that are provided with the netscreen device.

The traps are being sent to the openview server. I have added a catchall to the Netscreen Enetrprise ID and they show up in the message browser. From here I can manually set-up events.

Obviosuly when I load the MIBs this should create events for me. When I load all the MIB's all I get is the 6 standard traps (hot start etc..)

It doesn't seem to load the MIB events correctly. UNless my understanding is wrong :)

Netscreen's response was 'we don't have an openview license so cannot test'. I have no escalated this with them for help.

Any ideas?

Cheers



Trancemission
=============
If it's logical, it'll work!
 
Upvote 0 Downvote
Go to this site and download the zip file.
FILE: netscreen-firewall-mibs.zip

It conatins 38 mib files for Netscreen devices, you may find some of them useful.

The zip also contains a file called NS-TRAPS.mib
This file defines 6 Private Enterprise traps.

I don't think loading the MIB file defines the traps in OV.
I know it does not in NetView.
It just replaces dotted decimal jibberish with meaningful text. You need to add each one. Similar to how you added the "catch-all" trap for Netscreen.

Don
 
Upvote 0 Downvote
Fantasic Don, closure for me :)

I am getting there now, added most of the traps which i want.

Many Thanks



Trancemission
=============
If it's logical, it'll work!
 
Upvote 0 Downvote
I am still getting problems with this.

I have added the MIBS and added a 'catchall' to the netscreen eneterprise id (3224), when I pull and interface down, a SNMP trap is sent and it is displayed in the message browser.

This is exactly what I want, the problem is if I initate a port scan or SYN attack, a SNMP trap is sent but not being displayed in Openview. I can see the trap being sent through on Openview (Snoop on interface)

I also have a little trap receiever running on my laptop which netscreen also sends traps to and I cen see the trap and it has the correct enterprise ID etc. etc

I am at a total loss now and not sure what direction to follow, any help would be greatly appreciated, I am not sure what other info to post.

Cheers

Trancemission
=============
If it's logical, it'll work!
 
Upvote 0 Downvote
My guess is that this particular trap is configured to be "log only". Check your trap reception log. If it is being logged you can configure it to be displayed. Check your trap customization and you will probably find it set to log only for that trap.
Don
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cgonan
  • Locked
  • Question
Seeing all devices on switches
Replies
1
Views
42
NMSman
NMSman
volv
  • Locked
  • Question
Managing Devices via ICMP
Replies
0
Views
23
volv
volv
esamsalah
  • Locked
  • Question
Manage non-IP devices !!! 1
Replies
5
Views
51
ppostma
ppostma
Guest_imported
  • Locked
  • Question
How do I get OV to autodiscover devices withunnumbered interfaces
Replies
0
Views
23
Guest_imported
Guest_imported
Guest_imported
  • Locked
  • Question
How do I get OV to autodiscover devices with unnumbered interfaces
Replies
3
Views
45
vlan52
vlan52

Part and Inventory Search

Sponsor

Back
Top