Forum Discussion

JohnToner's avatar
5 years ago

Receiving 2 traps per event

I have a customer using LogicMonitor to receive SNMP traps, and it is receiving 2 traps for every one sent from our arrays. Do you have any suggestions on how to determine why the client is seeing double events?

  • Anonymous's avatar
    Anonymous

    First things first: problem domain isolation. Is the problem that the device is sending two traps (indicating a configuration problem on the source device) or is LM opening two alerts (probably indicating that there are two EventSources that match the trap)?

    To find out if the device is sending two traps, simply do a packet capture on the collector filtering for UDP162 and the source address. If you see two traps, the problem is in the source device configuration.

    If you're seeing two alerts, are they both coming from the same EventSource? Are the coming from two different EventSources on the device? Not likely that they're coming from the same EventSource, so the two EventSources that are generating the alert each have a filter that matches the SNMP trap.