Every trap message has at least five sub-fields, while some of them can provide a dozen or more additional event-specific variables.
The five fields that are always present are the
1. textual event message
2. the user ID of the process that triggered the event
3. the computer name of the event system
4. a numeric representation of the event "type"
5. and a numeric representation of the event "category", in that order.
The experimental number usually reflects the the IP address of the trap source or the Orion server.
What if experimental number reflected is the IP Address of a Switch/Router rather than SNMP server? What are the possible reasons? Why?
what does it mean when the experimental value shows the ip address of the trap source and what if it shows the ip address of the snmp server? thanks!