I have a customer using LogicMonitor to receive SNMP traps, and it is receiving 2 traps for every one sent from our arrays. Do you have any suggestions on how to determine why the client is seeing double events?
First things first: problem domain isolation. Is the problem that the device is sending two traps (indicating a configuration problem on the source device) or is LM opening two alerts (probably indicating that there are two EventSources that match the trap)?
To find out if the device is sending two traps, simply do a packet capture on the collector filtering for UDP162 and the source address. If you see two traps, the problem is in the source device configuration.
If you're seeing two alerts, are they both coming from the same EventSource? Are the coming from two different EventSources on the device? Not likely that they're coming from the same EventSource, so the two EventSources that are generating the alert each have a filter that matches the SNMP trap.
Reply
Sign up
Already have an account? Login
Login to the community
No account yet? Create an account
LogicMonitor Employee? Click here:
LogicMonitor Employee LoginEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.