New-suspect event flood possible in trapd

Description

I thought this was fixed, but apparently it is still an issue.

If new-suspect-on-traps is set to true in the trapd configuration file, it is possible to create a number of duplicate nodes if multiple traps from an unknown interface occur at the same time. Currently, when a trap comes it, it checks a table of known IP addresses to see if the trap should be generated. That table is generated from existing devices. However, if OpenNMS receives, say, three traps from an unknown IP in a short amount of time, it will generate three newSuspect events causing three nodes to be added.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Seth Leger January 4, 2017 at 12:12 PM

In OpenNMS 19, Trapd (and Syslogd) will still trigger multiple newSuspect events if many traps are received in a short amount of time. However, Provisiond will only process the first event and create a single node so no duplicate nodes will be created.

The major problem here is the duplicate nodes and since that is fixed, I'm going to mark this issue as fixed.

Benjamin Reed May 2, 2012 at 4:48 PM

Looks like a potential problem, but looking at the code it's not a simple fix without redoing some of how that IP manager works.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

PagerDuty

Created December 20, 2011 at 11:16 AM
Updated January 4, 2017 at 12:12 PM
Resolved January 4, 2017 at 12:12 PM