sorry for posting the same question again, but this point is crucial to me:
all events and traps are logged in ovevents.log.
the one and only way to prevent a trap going into this log is to unmanage
the node.
from there they go to trapd.log. no filtering possible.
filters and rules apply for event-display and forwarding to other systems
(nv-backup, nv-client, tec) only.
xnmtrap (nolog, nodisplay) prevents only a trap from beeing displayed,
netview internal events are logged anyway.
the events-display (max 1000) shows traps from ovevents.log (max. 2MB).
configurable via /usr/OV/app-defaults/Nvevents:
nvevents.maxNumEvents : 1000
nvevents.maxLoadEvents : 1000
nvevents.correlationRule : block.rs
the events-history (max 1000) shows trapd.log.
/usr/OV/app-defaults/nvela
nvela.maxLoadEvents : 1000
szenario:
1500 clients are powered on every morning
netview receives 3000 traps (node up, link up)
nvevents.log is cycled (old ovevent.log.BAK is overwritten) as is max.
contains 2MB
i can't view history events as max events is 1000. (no: the UserHelpDesk
uses webinterface and has no access to browse the file trapd.log)
-> the status-traps from arcserve backup processes are lost, as they
occur during the night.
is there any escape from losing vital information? (besides setting nodes
to unmanaged)
BTW
i testet following rules, and surprisingly they seem to do the same job:
Event Stream (block) -> Trap Setting (Not equal to Specific 58916864) ->
query database collection (origin in "server") -> Forward event
Event Stream (pass) -> Trap Setting (equal to Specific 58916864) ->
query database collection (origin not in "server") -> Block event
any ideas why both rules are working and filter the same traps (the
event-display is identical)?
Mit freundlichen Gruessen - Yours sincerely
Giscard Fuchs
CompuNet Berlin
System Engineering
Mariendorfer Damm 1-3, 12099 Berlin, Germany
Phone: +49 30 70785-147, Fax: +49 30 70785-130, Mobile: 0172/8212409
Internet: giscard.fuchs @ gecits-eu.com
|