Greetings,
I'd like to eliminate some branches from my correlation rulesets--for
example, sending a TEC event in response to a simple trap. Hertofore,
I've done this with "trap settings" nodes followed by "Forward"
nodes--and the size of the ruleset soon became well, very large for
the wide variety of traps we're supporting.
I've recently learned that you can configure this simple forwarding of
traps as TEC events without loading down the ruleset correlation
engine--but would like to know how. In the Event Configuration
settings, I know how to assign TEC slots, and event message formats.
I'm just not sure what external command string to specify on that
window (Options>EVent Configuration> Trap Customization SNMP, select a
trap, then ModifyEvent)
Question 1) "Forward trap" setting -- what does this do?
Question 2) "Command for Automatic Action" - I'm sure that wpostemsg
or postemsg is involved, but I think I just need an example that shows
how/what environment variables are required or implied so the TEC
adapter passes a TEC event with the message slots populated as
desired.
Question 3) What daemon forks off the action in Command for Automatic
Action? Actionsrv? Or something else?
TIA for any insight or advice.
--
|