5 Replies Latest reply on Nov 12, 2008 10:30 PM by ajay4321

    SNMP Trap - Hex (?)

      I have hosts configured to send SNMP traps to ipMonitor on logon failures.  ipMonitor then sends e-mail with the trap contents.  However, some of the e-mails I receive are in hex format.  Is there a way to fix this?  I noticed in the log some weird characters are coming through that might be causing the problem... (Logon Process:\tÈù²)

      Here is an example e-mail:

       

      hex:  4c 6f 67 6f 6e 20 46 61 69 6c 75 72 65 3a 0d 0a 0d 0a 09 52 65 61 73 6f 6e 3a 09 09 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 64 75 72 69 6e 67 20 6c 6f 67 6f 6e 0d 0a 0d 0a 09 55 73 65 72 20 4e 61 6d 65 3a 09 0d 0a 0d 0a 09 44 6f 6d 61 69 6e 3a 09 09 0d 0a 0d 0a 09 4c 6f 67 6f 6e 20 54 79 70 65 3a 09 33 0d 0a 0d 0a 09 4c 6f 67 6f 6e 20 50 72 6f 63 65 73 73 3a 09 c8 f9 b2 0d 0a 0d 0a 09 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 50 61 63 6b 61 67 65 3a 09 4e 54 4c 4d 0d 0a 0d 0a 09 57 6f 72 6b 73 74 61 74 69 6f 6e 20 4e 61 6d 65 3a 09 0d 0a 0d 0a 09 53 74 61 74 75 73 20 63 6f 64 65 3a 09 30 78 38 30 30 39 30 33 30 38 0d 0a 0d 0a 09 53 75 62 73 74 61 74 75 73 20 63 6f 64 65 3a 09 30 78 30 0d 0a 0d 0a 09 43 61 6c 6c 65 72 20 55 73 65 72 20 4e 61 6d 65 3a 09 2d 0d 0a 0d 0a 09 43 61 6c 6c 65 72 20 44 6f 6d 61 69 6e 3a 09 2d 0d 0a 0d 0a 09 43 61 6c 6c 65 72 20 4c 6f 67 6f 6e 20 49 44 3a 09 2d 0d 0a 0d 0a 09 43 61 6c 6c 65 72 20 50 72 6f 63 65 73 73 20 49 44 3a!

        09 2d 0d 0a 0d 0a 09 54 72 61 6e 73 69 74 65 64 20 53 65 72 76 69 63 65 73 3a 09 2d 0d 0a 0d 0a 09 53 6f 75 72 63 65 20 4e 65 74 77 6f 72 6b 20 41 64 64 72 65 73 73 3a 09 2d 0d 0a 0d 0a 09 53 6f 75 72 63 65 20 50 6f 72 74 3a 09 2d 0d 0a 0d 0a

       

      Here is the snmptrap.log entry for that trap:

      1.3.6.1.4.1.311.1.13.1.9999.1.0: TYPE[4] TEXT "Logon Failure:\r\n\r\n\tReason:\t\tAn error occurred during logon\r\n\r\n\tUser Name:\t\r\n\r\n\tDomain:\t\t\r\n\r\n\tLogon Type:\t3\r\n\r\n\tLogon Process:\tÈù²\r\n\r\n\tAuthentication Package:\tNTLM\r\n\r\n\tWorkstation Name:\t\r\n\r\n\tStatus code:\t0x80090308\r\n\r\n\tSubstatus code:\t0x0\r\n\r\n\tCaller User Name:\t-\r\n\r\n\tCaller Domain:\t-\r\n\r\n\tCaller Logon ID:\t-\r\n\r\n\tCaller Process ID:\t-\r\n\r\n\tTransited Services:\t-\r\n\r\n\tSource Network Address:\t-\r\n\r\n\tSource Port:\t-\r\n\r\n"