nv-l
[Top] [All Lists]

Re: Ruleset Problems (differing severities for the same trap)

To: nv-l@lists.tivoli.com
Subject: Re: Ruleset Problems (differing severities for the same trap)
From: James Shanks <James_Shanks@TIVOLI.COM>
Date: Mon, 6 Dec 1999 14:00:44 -0500
Short answer: to have some traps treated differently than others, based upon
originating host name, use two (or more) formats in trapd.conf.

In trapd.conf you have the option of creating a node list, so you can copy a
trap and set its severity (color) to whatever you want for the default.  Then in
the copy (which you name anything you want) you create the node list and set the
severity of that trap to be whatever you want.  If the incoming trap is not from
the one of the nodes in the node list, then the default trap format will be used
the display the trap in the event window, and that is the severity which will be
passed along with the trap in your ruleset (you can access this value in an
Event Node if you wish).


To create a node list, you have two choices.
(1) for a short list, just edit trapd.conf with xnmtrap and when you have made
your copy of the trap you are interested in, and in the box marked "Source" type
in the fully-qualified hostname or IP address of the node you want and press the
add button.  Do this as often as you need to, but in practice you will want to
keep this to about ten nodes or less.
(2) for a long list, which you can manipulate outside of trapd.conf, edit with
xnmtrap just like for the short list but in the "Source" box put the
full-qualified path of a file in which you listed (one per line) the IP address
or fully-qualified hostname of the nodes you wish included.

If you follow option (2), then whenever this list is updated you must either
re-cycle trapd, or issue
     event -e FMTCHG
to cause trapd to re-read his configuration

There is context help available from the on-line books for all the fields in
xnmtrap.  Just put your cursor on the box you want, click once to select it, and
then click "Help".  The on-line book describing the help for this field will
open automatically (though perhaps a little slowly).




James Shanks
Tivoli (NetView for UNIX) L3 Support



"Clay David (rti1dwc)" <rti1dwc@ISMD.UPS.COM> on 12/06/99 01:41:17 PM

Please respond to Discussion of IBM NetView and POLYCENTER Manager on NetView
      <NV-L@UCSBVM.UCSB.EDU>

To:   NV-L@UCSBVM.UCSB.EDU
cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  Re: Ruleset Problems




Thanks again. That will work fine for me. Another question of course----I am
using the netview6000 enterprise node down event to asisst me in watching
these critical devices on my network. The node event actually display when
anything on the map "goes down" as minor which is ok for most of the network
nodes. But when I have switches on my network go down I want them to display
in the events as critical nodes and be the color red....How dos one when
using the netview 6000 enterprise node down event have it use the minor
attribute for most of the network nodes but not all such as nodes which are
switches/bridges and display them as critical and the color red?

Thanks,
Dave

-----Original Message-----
From: James Shanks [mailto:James_Shanks@TIVOLI.COM]
Sent: Friday, December 03, 1999 5:15 PM
To: NV-L@UCSBVM.UCSB.EDU
Subject: Re: Ruleset Problems


How about adding an event attribute node after the trap setting which
specifies
the hostname?  If the trap is a NetView one, then the hostname will be in
var2.
If not, you may want to use "origin" for vendor traps.

 You can also use multiple event attribute nodes in a parallel fashion if
you
only have a few.  Or you could run a script in an in-line action which does
a
grep for the value of NVATTR_2 against a list of important nodes that you
maintain elsewhere.
Or finally, you could make a collection of the important nodes and query
membership in that after the trap setting.  This latter will be the most cpu
and
time intensive when it runs, but is neat from a coding stand point.

Your choice.  As with any programming exercise, there are lots of ways to
skin
this cat.

James Shanks
Tivoli (NetView for UNIX) L3 Support



"Clay David (rti1dwc)" <rti1dwc@ISMD.UPS.COM> on 12/03/99 05:05:33 PM

Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView
      <NV-L@UCSBVM.UCSB.EDU>

To:   NV-L@UCSBVM.UCSB.EDU
cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  Re: Ruleset Problems




I am afraid to ask but which template do you use if you want to have a page
sent to me for a specific node on the map when it is not reachable? I am
using the trap settings which give me the ability to watch for "any" down
node but I want it only to send the page if the down node is a particular
device. ie. my router device which would have a name of atm_scp1 and IP
address 10.68.16.xxx. I can't seem to find the right combination to do this.

Thanks,
Dave

-----Original Message-----
From: James Shanks [mailto:James_Shanks@TIVOLI.COM]
Sent: Friday, December 03, 1999 4:00 PM
To: NV-L@UCSBVM.UCSB.EDU
Subject: Re: Ruleset Problems


One of then is "NetView down" and the other is "Node Down".  The former is
only
issued if  netmon cannot contact the mgragentd daemon on a box it has
discovered
to have NetView (mgragentd) running on it.  The latter is for any box where
none
of the interfaces can be pinged.   It is easy to get confused but you won't
again.  A tip is to always check on actual specific trap id.  I don't
remember
"NetView down" (though it is easy to look up) but I cannot for get that
58916865
is "Node  Down".

The "IBM_xxxx"  nomenclature refers to how the trap is named in trapd.conf.
You
see that name in the ruleset Trap Settings Node because it reads trapd.conf.
Other places the  "IBM_" part is left off, because it is understood, I
guess.
You don't see it in our doc very often and it is not used in the event
command
syntax  (event -l   will give you a list of events that command will
simulate).
Sorry if that ambiguity took you by surprise.

James Shanks
Tivoli (NetView for UNIX) L3 Support



"Clay David (rti1dwc)" <rti1dwc@ISMD.UPS.COM> on 12/03/99 03:39:53 PM

Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView
      <NV-L@UCSBVM.UCSB.EDU>

To:   NV-L@UCSBVM.UCSB.EDU
cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  Re: Ruleset Problems




I double checked my config and I was actually using the IBMDOWN_NV selection
for the trap setting. I then selected IBM_NVNDWN_EV and it seem to work
fine. My question is what is the difference between the two and in the
documentation for internal netview traps, none of them show the IBM_xxxxx
parameter that seem to be available as selectable when configuring the trap
selection for the netview6000 enterprise trap definitions? Thanks again for
your help.

Dave

-----Original Message-----
From: James Shanks [mailto:James_Shanks@TIVOLI.COM]
Sent: Friday, December 03, 1999 2:13 PM
To: NV-L@UCSBVM.UCSB.EDU
Subject: Re: Ruleset Problems


Offhand, no.  But I do know how to find out.   You can issue the trace
command,
nvcdebug -d all , and after that nvcorrd will trace his activity to the
nvcorrd.alog and .blog   The traces are not documented any where but you
should
see what the enterprise Id is on the incoming traps and whether the ruleset
resolves that to FALSE or to TRUE as a match.    Perhaps that will give you
a
clue.    If you can ovstop netmon while you do this, even better, as there
will
be much less data in the trace.

But don't worry if the trace is a bit daunting.  You can always open a
problem
to Support and get help reading it.

James Shanks
Tivoli (NetView for UNIX) L3 Support



"Clay David (rti1dwc)" <rti1dwc@ISMD.UPS.COM> on 12/03/99 02:06:53 PM

Please respond to Discussion of IBM NetView and POLYCENTER Manager on
NetView
      <NV-L@UCSBVM.UCSB.EDU>

To:   NV-L@UCSBVM.UCSB.EDU
cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  Ruleset Problems




Hello Everyone,

I am having a problem with getting a page sent out when a device goes down
that's being monitored in my map. Basically I have configured the ruleset
with the following parameters: event stream--->trap settings ( set using
netview6000 NDWN_EV )-->forward-->pager. I than create a dynamic workspace
and attach the ruleset to it. When I create the event it never displays  the
event in the dynamic workspace or pages me. It does display in the event
window. If I modify the trap setting to look for a link down for a
proprietary trap definition, it works fine and even pages me like it should.
It seems as though the IBM_NDWN_EV doesn't get recognized for this ruleset
for some reason. I have double checked the enterprise trap OID value being
generated and it is the one for IBM_NDWN_EV. Does anyone have an ideas what
I am doing wrong?


<Prev in Thread] Current Thread [Next in Thread>
  • Re: Ruleset Problems (differing severities for the same trap), James Shanks <=

Archive operated by Skills 1st Ltd

See also: The NetView Web