RE: Can you send traps based on syslog messages from local NetVew/AIX box?

["James Shanks" <jshanks@us.ibm.com>]

This is a multipart message in MIME format.

It is possible to flood NetView with traps, but that's not an easy  number 
to arrive at since it depends on so many things.
The issue is not the peak, but how long it is for, and what application 
queue buffer size you are using in trapd, and so on. 
Unsolicited traps from other network devices are usually the culprit when 
it does happen, so it is best to keep and eye on things and only send 
those which you really intend to do something about.    Besides, that is 
good advice if only because needless traps chew up bandwidth real users 
need.  I have seen people do studies and be stunned that they have taken 
as much as 30% of their available bandwidth to send traps nobody wanted.

But  with regard to trapgend, he has a throttle built-in.  By default he 
will only send the same trap once per minute.  You can alter this value if 
you need to, but that's one safeguard NetView has to prevent overloading. 

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
 





"Barr, Scott" <Scott_Barr@csgsystems.com>
Sent by: owner-nv-l@tkg.com
11/01/2001 01:23 PM
Please respond to IBM NetView Discussion

 
        To:     "'IBM NetView Discussion'" <nv-l@tkg.com>
        cc: 
        Subject:        RE: [NV-L] Can you send traps based on syslog messages 
from local 
NetVew/AIX box?

 

It may be possible to flood NetView with traps, but if it is, I have not
been able to do it. I recently had a problem where 80+ NT servers were
sending in 5 authenication failure traps a second simultaneously, and I 
did
not even notice it because they were LOG ONLY traps. Other environments 
may
be less tolerant of this. These traps also had to pass through a ruleset
correlation. I don't know how much of a problem this would be for most
folks.

-----Original Message-----
From: Linda Parry [mailto:lparry@MetLife.com]
Sent: Thursday, November 01, 2001 12:13 PM
To: IBM NetView Discussion
Subject: RE: [NV-L] Can you send traps based on syslog messages from
local NetVew/AIX box?



With certain devices you can restrict which syslog messages are actually
sent so you do not get an over abundance of typical error messages.  Check
the device documentation.  Last thing you want to do is flood netview with
too many unneccessary syslog "traps".







"Barr, Scott" <Scott_Barr@csgsystems.com>@tkg.com on 11/01/2001 12:32:34 
PM

Please respond to "IBM NetView Discussion" <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Can you send traps based on syslog messages from 
local
      NetVew/AIX box?


TRAPGEND is a utility I believe shipped with AIX NetView that will send
traps - HOWEVER, if you are using Cisco gear, SYSLOG traps are already 
sent
to the Netview Box, there is no need to scrape them out of the log. You
need
the Cisco Log mib and traps. Check your snmp config and see if SYSLOG 
traps
are enabled. In general, there is NO log message cut that does not also
equate to a trap. Your work is probably already done.

-----Original Message-----
From: Steve Damron [mailto:swdamron@us.ibm.com]
Sent: Thursday, November 01, 2001 11:19 AM
To: nv-l@tkg.com
Subject: [NV-L] Can you send traps based on syslog messages from local
NetVew/AIX box?


Is it possible to generate traps based on AIX syslog messages.   I have a
Ciscoworks box as well as switches sending syslog messages  to the NetView
box (AIX 4.3.3, NV 6.02).  NetView's AIX syslog filters out critical 
syslog
messages to a special log.  The reason we are doing this, is because 
syslog
provides more information than is available by just generating traps from
the switches (like coil errors).  I also don't want Ciscoworks to generate
traps based on it's syslog because this would be a ton of junk traps which
I don't want hitting NetView.

My only idea so far is to write a script to search the syslog log on the
NetView box, but I was hoping there is a better cleaner way to do this.  I
have read about trapgend and smux and have the impression that this is 
only
for AIX errors and does not apply to just any syslog message -  if not I'm
not sure how to add this functionality to trapgend??.


_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l







_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l



It is possible to flood NetView with traps, but that's not an easy  number to arrive at since it depends on so many things.
The issue is not the peak, but how long it is for, and what application queue buffer size you are using in trapd, and so on.  
Unsolicited traps from other network devices are usually the culprit when it does happen, so it is best to keep and eye on things and only send those which you really intend to do something about.    Besides, that is good advice if only because needless traps chew up bandwidth real users need.  I have seen people do studies and be stunned that they have taken as much as 30% of their available bandwidth to send traps nobody wanted.

But  with regard to trapgend, he has a throttle built-in.  By default he will only send the same trap once per minute.  You can alter this value if you need to, but that's one safeguard NetView has to prevent overloading.  

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group

"Barr, Scott" <Scott_Barr@csgsystems.com> Sent by: owner-nv-l@tkg.com 11/01/2001 01:23 PM Please respond to IBM NetView Discussion

To:        "'IBM NetView Discussion'" <nv-l@tkg.com>         cc:                 Subject:        RE: [NV-L] Can you send traps based on syslog messages from local         NetVew/AIX box?

It may be possible to flood NetView with traps, but if it is, I have not
been able to do it. I recently had a problem where 80+ NT servers were
sending in 5 authenication failure traps a second simultaneously, and I did
not even notice it because they were LOG ONLY traps. Other environments may
be less tolerant of this. These traps also had to pass through a ruleset
correlation. I don't know how much of a problem this would be for most
folks.

-----Original Message-----
From: Linda Parry [mailto:lparry@MetLife.com]
Sent: Thursday, November 01, 2001 12:13 PM
To: IBM NetView Discussion
Subject: RE: [NV-L] Can you send traps based on syslog messages from
local NetVew/AIX box?



With certain devices you can restrict which syslog messages are actually
sent so you do not get an over abundance of typical error messages.  Check
the device documentation.  Last thing you want to do is flood netview with
too many unneccessary syslog "traps".







"Barr, Scott" <Scott_Barr@csgsystems.com>@tkg.com on 11/01/2001 12:32:34 PM

Please respond to "IBM NetView Discussion" <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Can you send traps based on syslog messages from local
      NetVew/AIX box?


TRAPGEND is a utility I believe shipped with AIX NetView that will send
traps - HOWEVER, if you are using Cisco gear, SYSLOG traps are already sent
to the Netview Box, there is no need to scrape them out of the log. You
need
the Cisco Log mib and traps. Check your snmp config and see if SYSLOG traps
are enabled. In general, there is NO log message cut that does not also
equate to a trap. Your work is probably already done.

-----Original Message-----
From: Steve Damron [mailto:swdamron@us.ibm.com]
Sent: Thursday, November 01, 2001 11:19 AM
To: nv-l@tkg.com
Subject: [NV-L] Can you send traps based on syslog messages from local
NetVew/AIX box?


Is it possible to generate traps based on AIX syslog messages.   I have a
Ciscoworks box as well as switches sending syslog messages  to the NetView
box (AIX 4.3.3, NV 6.02).  NetView's AIX syslog filters out critical syslog
messages to a special log.  The reason we are doing this, is because syslog
provides more information than is available by just generating traps from
the switches (like coil errors).  I also don't want Ciscoworks to generate
traps based on it's syslog because this would be a ton of junk traps which
I don't want hitting NetView.

My only idea so far is to write a script to search the syslog log on the
NetView box, but I was hoping there is a better cleaner way to do this.  I
have read about trapgend and smux and have the impression that this is only
for AIX errors and does not apply to just any syslog message -  if not I'm
not sure how to add this functionality to trapgend??.


_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l







_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l