Thanks a lot to all that contributed on this post. We also had the same warning alarms for a device that was trying to report SNMP traps to iMC every minute (we had hundreds of these alarms). Even if you specify the OID of the alarm in iMC by going to Alarm > Trap Management > Trap Definition (by adding the OID in the "Trap OID" field and doing a Query), click on Modify, and try to include the source IP address in the trap description with the $a macro as indicated in the ? at the right of the description, the source IP address that you will get is the local IP address 127.0.0.1, not the source IP address from the device that is sending the SNMP traps
The only way where we could identify the source IP address of these SNMP traps, is by installing tcpdump in the iMC server (for Windows, you can use TCPDUMP for Windows that you can download from http://www.microolap.com/products/network/tcpdump/), and capture packets for some time using this filter:
tcpdump -D //To identify the interface ID on which you need to capture packets
tcpdump -i <Interface ID> udp port 161 -w <Filename where you want to save the packet capture>.pcap //To capture the packets
Then you can copy the packet capture file to a device with Wireshark installed (you can download Wireshark from https://www.wireshark.org/download.html), open the capture file, and on the menu at the top go to Statistics > Conversations. On the tab called "IPv4", on the Address A column, identify any unknown IP addresses. These should be most likely the ones that are trying to report SNMP traps to iMC, and have not being added in iMC. You can then define a filter in Wireshark for these unknown IP addresses by doing a right-click on those Conversations, and select Apply as filter > Selected > A - B, then on the filtered packets, you can identify the SNMP version, the SNMP community string, and the OID (indicated as enterprise)
Once the IP address from the device that is sending the SNMP traps is identified, you can:
1. If you manage this device and want to receive SNMP traps in iMC: Add it to iMC
2. If you manage this device but you do not want to receive SNMP traps in iMC, or manage it using iMC: Configure the device to stop sending SNMP traps
3. If this is a rogue device or you do not manage it: Configure the firewalls between this device and iMC to drop these packets
I hope that this helps solving similar issues
#imc#unmanaged#alarm