CTS-Manager snmpInBadCommunityNames increasing

o.khazem · ‎11-28-2012

I have a security alarm I can't remove on a CTS-Manager

By digging the logs and capture traffic, it seems there is an internal snmp mecanism in the device using / generating bad snmp community names

There are about 163 bad requests per 5 minutes ...

Please see attached some informations or logs / analysis retrieved from the CTS-Manager server

Hardware Model: 7835H2
Software Version: 1.6.5.0 (167)

How to solve internal requests to not generate snmp bad community issues?

Rafal Szeremeta · ‎11-28-2012

Hello Oliver

Quick glance in messages shows issue with expired certificate mxcorporatetp:

Nov 23 09:00:00 tp-ctm-fulton local0 2 1 2012-11-23T14:00:00.093Z tp-ctm-fulton.FranceTelecomTP.local CTM_CERTIFICATEEXPIRYMONITOR - EC_1610 [meta sequenceId="39"] 'CertExpiryAlert'. Certificate name 'mxcorporatetp'. Unit 'CTM-trust'. Type 'trust-cert'. Expiration: 'Fri Apr 8 06:35:16:000 UTC 2011'.||Please delete this certificate and uplaod a valid certificate.

Also please try this link:

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en

The total number of SNMP PDUs delivered to the SNMP protocol entity which used a SNMP community name not
known to said entity.

Can you attach full CTS MAN logs?

Thanks

Rafal

o.khazem · ‎11-29-2012

Hello Rafal

many thanks for your reply!!! I have attached the full logs and it is currently being queued for virus analysis.

The attachment is added to the first message of this thread.

I have also attached some picture related to the certificate alarms seen on the web administrator page

I am going to check on that direction to see how to solve this ...

Thanks

Olivier

Rafal Szeremeta · ‎11-29-2012

No problem Oliver.

I will look it up. I think best would be if you could open a TAC case in parallel.

Cheers

Rafal

rosaho · ‎07-13-2015

This discussion has been modified to comply to the CSC terms of use conditions.