there are some posts to this but no Solution:
In the SNMP traps send by the UTM (9.104-17 and all earlier Versions) the strukture of the Packets seems to have a problem.
The OID in the Value-Section of the trap send from an UTM9, wich is taken maybe by snmptt, for example is iso.3.6.1.4.1.9789.0.1500 for a failed ssh login (wich seems wrong).
In the Ent-Value-Section (wich is an extension only in my understanding) the UTM is sending the right OID for example iso.3.6.1.4.1.9789.1500.2.6 wich is the right OID for a failed ssh login.
In the MIB downloadable from the UTM it is correct. But snmptt says it is an unknown trap because of the above behavior.
Since the year 2005 there are posts in this Forum but no Solution.
Could anyone explain this ?
Has anybody running snmptt with an Sophos UTM?
Output of snmptt in snmpttunknown.log:
Thu Aug 15 20:33:16 2013: Unknown trap (iso.3.6.1.4.1.9789.0.1500) received from astaro.anyone.de at:
Value 0: astaro.anyone.de
Value 1: 192.168.250.250
Value 2: 5:23:06:46.00
Value 3: iso.3.6.1.4.1.9789.0.1500
Value 4: 192.168.250.250
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: iso.3.6.1.4.1.9789.1500.2.6=[astaro.anyone.de][WARN][006]
Ent Value 1: iso.3.6.1.6.3.18.1.3.0=192.168.250.250
Ent Value 2: iso.3.6.1.6.3.18.1.4.0=public
Ent Value 3: iso.3.6.1.6.3.1.1.4.3.0=iso.3.6.1.4.1.9789
and in the MIB of Astaro (downloaded from 9.104-17)
#
EVENT WARN-006 iso.3.6.1.4.1.9789.1500.2.6 "Status Events" Normal
FORMAT Failed SSH login $*
SDESC
Failed SSH login
Variables:
EDESC
#
Yes i know this maybe is a case for the Sophos Support - but not if i am the only one with this Problem.
Thanks
firebear
This thread was automatically locked due to age.
