To: | nv-l@lists.us.ibm.com |
---|---|
Subject: | RE: [nv-l] trap DEFAULT FMT |
From: | James Shanks <jshanks@us.ibm.com> |
Date: | Mon, 27 Oct 2003 10:03:57 -0500 |
Delivery-date: | Mon, 27 Oct 2003 15:26:36 +0000 |
Envelope-to: | nv-l-archive@lists.skills-1st.co.uk |
Reply-to: | nv-l@lists.us.ibm.com |
Sender: | owner-nv-l-digest@lists.us.ibm.com |
You are on the right track Brian. You would indeed use the tecad_nv6k.cds to extract and map the information you want to send to TEC, provided that it is included in the original trap (usually as a variable). If it is not, then the next best thing would be to find a way to reconfigure the trap sender so that it is. If that cannot be done, then you do have other choices in NetView for Windows, but they involve more elaborate user programming. You could, for example, launch a script whenever this trap is received (by configuring Trap Settings for it as a "Hidden Application"). You would probably need some scripting language on your Windows box like PERL or REXX to be able to do everything you want in your script, but if you had that, then you could have your script query the sender for the ifDesc of that interface using snmpget. You would pass your script the hostname or IP address of the sender as $A and the ifIndex as $1, and after you got your answer with snmpget, then you could issue a trap of your own devising using nvsnmptrap, and include the ifDesc as a variable. This new trap would be the one you would catch in the tecad_nv6k adapter to send to TEC, while dropping the old one. Do you see how that would work? James Shanks Level 3 Support for Tivoli NetView for UNIX and Windows Tivoli Software / IBM Software Group
Netview 7.1.2 on Win2K James, I can't thank you enough for taking the time to "pull me back" from the complexity that I was creating for myself. I did as you suggested and ......voila....we have a meaningful event....well meaningful to me anyway. Philippe, Also excellent help....especially the last portion of your reply.....upon taking James advice, I was able to define the trap that was coming and play around with the description to get it to "mean" something to me. The last part of your reply referenced being able to also gather something like the ifDescr value, which would give us the name of the interface in addition to it's ifIndex integer......this is what I am after next. Upon further inspection of trapd.log it appears that the traps that these devices are sending only contain 1 variable....the ifIndex integer (whose value happens to be 1) only. So, being that I want to also know the actual name of the interface that is down (ifDescr)....should I look in the direction of configuring the router's traps to also provide this information as well (if this is possible) ? If that were possible, my interest is then to be able to get that information into a slot in a TEC event...to get that same "meaninful" information there..... vs. just the vanilla "Link Down SNMP Trap" message without a hostname that it gets now. James, I think you mentioned this in your e-mail with regards to this possibly being difficult, if at all possible, on the Windows platform/version of NetView. I have played around with the tecad_nv6k.cds file some today and was able to understand somewha! t, the relationships and structure of how the cds file gets the information and populates the event with that information......it looked to me like it might be possible.....so long as the original trap at least provided that information. Any info here would help a WHOLE lot.....HA ! Well, please reply with any thoughts either of you, or anyone else might have........I feel like I'm getting there....slowly but surely....but at least getting there !!!! Thanks again ! -----Original Message----- From: James Shanks [mailto:jshanks@us.ibm.com] Sent: Thursday, October 23, 2003 6:51 PM To: nv-l@lists.us.ibm.com Subject: Re: [nv-l] trap DEFAULT FMT Relax. You are making this too hard. Just take a deep breath and look at Trap Settings. Both bgp and bridge are the same way. They don't use a vendor specific (1.3.6.1.4.1.x) OID but rather something under MIB-II (mib-2) "1.3.6.1.2.1.x". You can do the same. Just match what came in. Do you see an Enterprise definition for "1.3.6.1.2.1"? I'll bet not because it is not an enterprise (it does not describe a vendor with a number assigned by IANA) so you'll have to invent one. In Trap Settings click the "New" button for Enterprises. What would you like to call it? How about MIB-II or MIB-2 since that's what it stands for? It doesn't matter what name you give it -- that's just an internal organizing convenience. Now define the trap underneath. Click "New" there too. Then pull down "TrapType" and click the correct trap. How do we know which it should be? Part of your SNMP education should include the fact that the standard define six generic types of traps and one for vendors to use. They are these: Cold Start Generic Type 0 Specific Type 0 Warm Start Generic Type 1 Specific Type 0 Link Down Generic Type 2 Specific Type 0 Link Up Generic Type 3 Specific Type 0 Authentication Failure Generic Type 4 Specific Type 0 EGP Neighbor Loss Generic Type 5 Specific Type 0 everything else is vendor-specific <vendor's OID> Generic Type 6 Specific Type <any interger> So click on Link Down and then define the rest of the trap any way you want. Pick something other than "Log Only" for the Trap Category so that it displays in the Event Browser by default. Then OK and you are done. Now, to answer your questions. You are getting ahead of yourself. NetView did not recognize your LInk Down trap because he did not have an enterprise OID defined for "1.3.6.1.2.1" because that is not a standard enterprise OID of the sort 1.3.6.1.4. 1.x. It's just that simple. Now you have defined one and the default wrapper will disappear. What information can you send to TEC about this? Well, that depends on whether there are any additional variables included with the trap. If there are, then you are in luck, if not, on Windows you are pretty much out of luck, since the Windows adapter doesn't permit much customization. But we can discuss that at another time. As for map updates, on Windows that too is limited. Generally speaking, netmon owns all the objects shown on the map. All of then. He discovered them and he put them there. He's the one who ultimately turns things colors by updating the databases and sending notice to ipmap (who owns all the symbols on the map) to make the color what it is. Changing colors on receipt of your own traps, rather than letting netmon do it on his regular polling cycle, is rather a complex undertaking. We can discuss that in another thread, at another time, too. But it would be far better to adjust the polling cycles for these devices so that they are shorter and netmon is made aware of their problems more frequently, than to try to build in more overhead by constructing an elaborate mechanism to change object colors on the map a few seconds faster. Remember the default polling cycle for netmon is every 5 minutes. He's checking every interface in your network every five minutes. If that's not soon enough, I'd lower it for specific devices. You just alter the SNMP options. James Shanks Level 3 Support for Tivoli NetView for UNIX and Windows Tivoli Software / IBM Software Group
NetView 7.1.2 on Win2K Okay....James, you mentioned before that when I see a trap in trapd.log specified as "DEFAULT FMT" that this means that NetView did not know how to interpret the trap that was received and put a default "wrapper" around it and logged it and placed it as an event. That's what I've been seeing for some time now with the traps that I am receiving from the Bay Networks (Nortel) Advanced Remote Node (ARN) routers. We have one of these routers in our test lab with a Frame Relay connection to our office, and a configured internal ethernet interface for that router's LAN. When I pull the cable on the ethernet interface, the router produces a trap and sends it to NetView. According to our consultant, who configured the router to send a trap when something like that happens, the trap being sent is not an Enterprise specific trap, and is simply a mgmt.mib-II.x.x.x .....link down type trap. Thi! s is where my problem lies..! ...if the trap isn't Enterprise specific (wellfleet), but is of mgmt.mib-2.x.x.x type, how come NetView does not know what it is ? When I see the event in the Event Viewer, I do see what "node" it came from, which is meaningful, but the description field states "DEFAULT FMT: mgmt.mib-2 (1.3.6.1.2.1) generic:2 specific:0", and the Enterprise column shows "1.3.6.1.2.1". All of this I assume is because as James stated, NetView doesn't know what to do with the trap.........if it doesn't know....how does it know that this was a "Link Down" type of trap? Does "generic:2" mean link down ???? And most importantly...when these are received, as I mentioned before, nothing in the NetView map gets updated....the status of that device (which is managed) should go to yellow, meaning that it has a problem...mainly, an interface down. (Right now I have turned off all polling s! o that I can work only wit! h traps and KNOW what is happening a! nd why.. .we are intendi! ng on re lying on these and other backup devices to send traps when their are issues vs. just relying on polling). In our situation, we need to know exactly when these devices have problems, vs. waiting for a polling period to check the device. We do have the TEC adapter installed, but when the events above get there, they are very "vanilla"....stating simply that there is a Link Down.....drilling down into the attributes of the TEC event does tell you which device (ip address) sent the trap....but there's nothing in the "Host" attribute.....What the ultimate goal is, is to have that Event in TEC show up with the "message" attribute giving a Link Down message with the exact interface, and at least the router's IP address as the host. Back on the NetView server, I understand that in the "Trap Settings" I can configure the event description, and I understand how to do that.....but WHAT trap definition wou! ld I be editing? &nbs! p;the Link Down trap under the NetView enterprise ??????? Brian Kraftchick Network Administrator Old Dominion Freight Line Ph: (336) 822-5938 Fax: (336) 822-5149 E-mail: brian.kraftchick@odfl.com Web Site: www.odfl.com |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | RE: [nv-l] False down event in trapd.log, anand anupam |
---|---|
Next by Date: | [nv-l] WG: configuration of traps, Mildeberger, Thorsten |
Previous by Thread: | RE: [nv-l] trap DEFAULT FMT, Brian Kraftchick |
Next by Thread: | RE: [nv-l] trap DEFAULT FMT, Brian Kraftchick |
Indexes: | [Date] [Thread] [Top] [All Lists] |
Archive operated by Skills 1st Ltd
See also: The NetView Web