I finally got trapmon working, after trying to figure out the "Cannot
find mib.txt" error forever. I used the export/mibfile_v2 suggestion
that someone posted in the archives and it worked. Thanks! Now here's
another question.... our firewall sends SNMP traps to the server running
the monitor, and here's the trap received as shown in trapmon when run
manually:
***** BEGIN RECEIVED V1 TRAP *****
xx.xx.x.x: Enterprise Specific Trap (0) Uptime: 44 days, 2:12:22
Src Enterprise ID .1.3.2.1.4.1.2622.1.1
Name: .iso.org.dod.internet.private.enterprises.2622.1.1.1.0 -> OCTET
STRING- (ascii): 1Aug2000 16:59:28 drop spinoze >qfe0 snmpt
rap proto tcp src 17x.1xx.1x4 dst spinoze servi
ce telnet s_port 22x4 len 48 rule 4 xlatesrc xxx
.xx.x.xxx xlatedst spinoza xlatesport 2xx4 xlate
dport telnet.
***** END OF RECEIVED V1 TRAP *****
(removed IPs & port #'s for security)
Now my question is this.. when the trap is received, netconsole (and the
web interface) simply show a warning for this trap, but we can't view
the details of the trap that says specifically that the problem was
someone tried to telnet into our firewall. Is there a way to view this
exact trap from the web interface? It would provide us with so much
more information then just the simple warning message. Any help would
be greatly appreciated.
Thanks,
Adam Orentlicher
Thaumaturgix, Inc.
|