Receiving 2 traps per event

Question

I have a customer using LogicMonitor to receive SNMP traps, and it is receiving 2 traps for every one sent from our arrays. Do you have any suggestions on how to determine why the client is seeing double events?

Answer

First things first: problem domain isolation. Is the problem that the device is sending two traps (indicating a configuration problem on the source device) or is LM opening two alerts (probably indicating that there are two EventSources that match the trap)?

To find out if the device is sending two traps, simply do a packet capture on the collector filtering for UDP162 and the source address. If you see two traps, the problem is in the source device configuration.

If you're seeing two alerts, are they both coming from the same EventSource? Are the coming from two different EventSources on the device? Not likely that they're coming from the same EventSource, so the two EventSources that are generating the alert each have a filter that matches the SNMP trap.

Forum Discussion

Receiving 2 traps per event

1 Reply

Recent Discussions

Dark Theme?

No instances on API response

exception:groovy.lang.MissingMethodException: No signature of method:

ServiceNow Integration - Auto closing alerts

Could you please guide me on how I can manage the usage of LM logs?