KBI 310342 Shutting Down Service Because Of A Failure To Startup SNMP Trap Monitoring Thread

Version

All versions of Argent for Compliance

Date

13 Feb 2013

Summary

Argent for Compliance service stops and user observes specific logging in SVC_LOG as the example below:

“Shutting down service because of failure to start up SNMP trap monitoring thread”.

Technical Background

Argent for Compliance is a product inside the Argent Advanced Technology (AT) suite. One of its features is to archive SNMP Trap messages for auditing purposes.

SNMP Trap messages travel on UDP port 162. The message mainly comes from IP devices like switches and routers. Trap messages are sent only when the sender is configured to do so — Argent for Compliance is the listener.

Indeed, another product in the Argent AT, Argent for SNMP can also be a listener. Argent for Compliance and Argent for SNMP can coexist and the listener allows the sharing of UDP 162.

There are circumstances where UDP could be taken, for example:

1. An existing Argent Extended Technology (XT) product (e.g. Superseded Argent SNMP Monitor)

2. A 3rd party application.

Resolution

Identify what process is occupying the UDP 162. For example using command

netstat -abn -udp

If the UDP 162 port is taken by Argent Extended Technology products, consider migrating to Argent Advanced Technology (Contact Argent Support for more information)

If the UDP 162 port is taken by 3rd party application, stop the application or remove it. The idea is to free up the UDP port and then restart the Argent for Compliance Service.

The service should stay “started”.

If we do not need the Traps listener in Argent for Compliance, we can disable it by modifying the registry, as below:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Argent\ARGENT_FOR_COMPLIANCE

Change the key (NO_TRAP_LISTENER = 1), default is 0.

After modifying the key, restart the Argent for Compliance service. It should stay “started” now.