[Xymon] Phantom trap alerts?

Jeremy Laidman jlaidman at rebel-it.com.au
Thu Mar 14 00:49:02 CET 2013

On 14 March 2013 10:03, David Baldwin <david.baldwin at ausport.gov.au> wrote:

> It absolutely requires some test to generate these. Check the IP address
> of the originating server that sent the trap status message, then check
> what tests are running from there. Might also be worth checking Ghost
> Clients to see if there are more of these that you don't know about.

Also, check the trap destination configured on the device.  If it's set to
the Xymon server, then look for a process on your Xymon server that's
listening for SNMP packets.  On Linux, you can do "sudo netstat -naup |
grep :162" and it should show the PID and name of the process that is
receiving the traps.

> devmon does not do SNMP traps in any way. It is SNMP polling only.

(As David implied) neither does Xymon.  There must be another process that
receives a trap and then generates a Xymon status message, but not
necessarily running on the Xymon server.

Googling the phrase ["Unknown trap" xymon] shows the HOWTO that David
linked to.  I suspect someone has set this up on your Xymon server.  This
means you probably have snmptrapd running, which you should stop if you
don't ever use SNMP traps.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130314/c0de5d64/attachment.html>

More information about the Xymon mailing list