|
Absolutely !!! Friday was the day of epiphany....HA!.
This stuff is making soooo much more sense. I've already talked with our
WAN manager this morning about trying to get those devices configured to
send the ifDescr variable with the trap, if they can. And if not, I'm
already exploring using a Perl script to get that information......both you and
Philippe have had the same suggestion.........oh the power you feel when you
have the right information from the right people.....things are certainly
looking UP !!!! You mentioned the possibility of using $A and $1 as
variables in the script used as the "Hidden Application"....so I am to
assume that those variables are valid within the script I would call since the
script would be running withing the "realm" of the defined trap that it would be
working off of ?
As has
been the case with most of the questions I submit to the list, the answers to
this one have also led me down another path that brings up another
question. Within the tecad_nv6k.cds file, I see things like SELECT, FETCH,
and MAP. From what I can gather by just looking at it.....the SELECT area
seems to be an instantiation of a series of numbered ATTR variables linked
to pieces of information from the trap (like ifIndex, ifDescr, and many others),
which are then used in the MAP section to "map" those variables using $V1, $V2,
etc. to specific slots of a TEC event. I also see the FETCH area, which
has numbered statements that appear to "grab" other information....like "1:
IPNAME($AGENT_ADDR)"...so that this information can also be "mapped" to a slot
in the TEC event using $F1, $F2, etc. as the variable........if this is in fact
what it is doing, where is it fetching this information from ? It appears
by the way it's layed out that it is from somewhere other than the trap
itself....so I'm assuming from NetView. This would be great if it's true,
because from that....then I can populate the hostname slot of the event that
gets sent to TEC with a meaningful name........right now, these "Link UP SNMP
trap" and "Link DOWN SNMP trap" events don't have anything in the hostname
field. The do have the IP address in the adapter_host slot, but that isn't
as meaningful to our Help Desk as would be the hostname.
-----Original Message-----
From:
James Shanks [mailto:jshanks@us.ibm.com]
Sent: Monday, October 27,
2003 10:04 AM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l]
trap DEFAULT FMT
You are on the right track Brian.
You would indeed use the tecad_nv6k.cds to extract and map the
information you want to send to TEC, provided that it is included in the
original trap (usually as a variable). If it is not, then the
next best thing would be to find a way to reconfigure the trap sender so that
it is. If that cannot be done, then you do have other choices in NetView
for Windows, but they involve more elaborate user programming.
You could, for example,
launch a script whenever this trap is received (by configuring Trap Settings
for it as a "Hidden Application"). You would probably need some
scripting language on your Windows box like PERL or REXX to be able to do
everything you want in your script, but if you had that, then you could have
your script query the sender for the ifDesc of that interface using snmpget.
You would pass your script the hostname or IP address of the sender as $A and
the ifIndex as $1, and after you got your answer with snmpget, then you could
issue a trap of your own devising using nvsnmptrap, and include the ifDesc as
a variable. This new trap would be the one you would catch in the
tecad_nv6k adapter to send to TEC, while dropping the old one. Do you
see how that would work?
James Shanks
Level 3 Support for
Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software
Group
|
| Brian Kraftchick
<Brian.Kraftchick@odfl.com>
Sent by: owner-nv-l-digest@lists.us.ibm.com
10/24/2003 04:14 PM
Please respond to nv-l
|
To:
"'nv-l@lists.us.ibm.com'"
<nv-l@lists.us.ibm.com>
cc:
Subject: RE: [nv-l] trap DEFAULT
FMT
|
Netview 7.1.2 on Win2K
James,
I can't thank you enough for taking the time to "pull me
back" from the complexity that I was creating for myself. I did as you
suggested and ......voila....we have a meaningful event....well meaningful to
me anyway.
Philippe,
Also excellent help....especially the last portion of your
reply.....upon taking James advice, I was able to define the trap that was
coming and play around with the description to get it to "mean" something to
me. The last part of your reply referenced being able to also gather
something like the ifDescr value, which would give us the name of the
interface in addition to it's ifIndex integer......this is what I am after
next.
Upon further inspection of trapd.log it
appears that the traps that these devices are sending only contain 1
variable....the ifIndex integer (whose value happens to be 1) only. So,
being that I want to also know the actual name of the interface that is down
(ifDescr)....should I look in the direction of configuring the router's traps
to also provide this information as well (if this is possible) ? If
that were possible, my interest is then to be able to get that information
into a slot in a TEC event...to get that same "meaninful" information
there..... vs. just the vanilla "Link Down SNMP Trap" message without a
hostname that it gets now. James, I think you mentioned this in your
e-mail with regards to this possibly being difficult, if at all possible, on
the Windows platform/version of NetView. I have played around with the
tecad_nv6k.cds file some today and was able to understand somewha! t, the
relationships and structure of how the cds file gets the information and
populates the event with that information......it looked to me like it might
be possible.....so long as the original trap at least provided that
information. Any info here would help a WHOLE lot.....HA !
Well, please reply with any thoughts either of you, or
anyone else might have........I feel like I'm getting there....slowly but
surely....but at least getting there !!!!
Thanks again !
-----Original
Message-----
From: James Shanks
[mailto:jshanks@us.ibm.com]
Sent: Thursday, October 23, 2003 6:51
PM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] trap
DEFAULT FMT
Relax. You
are making this too hard. Just take a deep breath and look at Trap
Settings. Both bgp and bridge are the same way. They don't use a
vendor specific (1.3.6.1.4.1.x) OID but rather something under MIB-II (mib-2)
"1.3.6.1.2.1.x". You can do the same. Just match what came
in.
Do you see an Enterprise definition for
"1.3.6.1.2.1"? I'll bet not because it is
not an enterprise (it does not describe a vendor with a number assigned by
IANA) so you'll have to invent one. In Trap Settings click the "New"
button for Enterprises. What would you like to call it?
How about MIB-II or MIB-2
since that's what it stands for? It doesn't matter what name you
give it -- that's just an internal organizing convenience. Now define
the trap underneath. Click "New" there too. Then pull down "TrapType"
and click the correct trap. How do we know which it should be?
Part of your SNMP education should include the fact
that the standard define six generic types of traps and one for vendors
to use. They are these:
Cold Start
Generic Type 0
Specific Type 0
Warm Start
Generic Type 1
Specific Type 0
Link Down
Generic Type 2
Specific Type 0
Link Up
Generic Type 3
Specific Type
0
Authentication Failure
Generic Type 4
Specific Type 0
EGP Neighbor Loss
Generic Type 5
Specific Type 0
everything else is
vendor-specific
<vendor's OID>
Generic Type 6
Specific Type <any interger>
So click on Link Down and then define the rest of the trap any way
you want. Pick something other than "Log Only" for the Trap Category so
that it displays in the Event Browser by default. Then OK and you are
done.
Now, to answer
your questions. You are getting ahead of yourself. NetView did not
recognize your LInk Down trap because he did not have an enterprise OID
defined for "1.3.6.1.2.1" because that is not a standard enterprise OID of the
sort 1.3.6.1.4. 1.x. It's just that simple. Now you have defined
one and the default wrapper will disappear.
What information can you
send to TEC about this? Well, that depends on whether there are any
additional variables included with the trap. If there are, then you are
in luck, if not, on Windows you are pretty much out of luck, since the Windows
adapter doesn't permit much customization. But we can discuss that at
another time.
As for map updates, on
Windows that too is limited. Generally speaking, netmon owns all the
objects shown on the map. All of then. He discovered them and he
put them there. He's the one who ultimately turns things colors by
updating the databases and sending notice to ipmap (who owns all the symbols
on the map) to make the color what it is. Changing colors on receipt of
your own traps, rather than letting netmon do it on his regular polling cycle,
is rather a complex undertaking. We can discuss that in another thread,
at another time, too.
But it would be far better
to adjust the polling cycles for these devices so that they are shorter and
netmon is made aware of their problems more frequently, than to try to build
in more overhead by constructing an elaborate mechanism to change object
colors on the map a few seconds faster. Remember the default polling
cycle for netmon is every 5 minutes. He's checking every interface in
your network every five minutes. If that's not soon enough, I'd
lower it for specific devices. You just alter the SNMP
options.
James Shanks
Level 3 Support for
Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software
Group
|
| Brian Kraftchick
<Brian.Kraftchick@odfl.com>
Sent by:
owner-nv-l-digest@lists.us.ibm.com
10/23/2003 05:38 PM
Please respond to nv-l
|
To:
"NVList (E-mail)"
<nv-l@lists.us.ibm.com>
cc:
Lisa Boles
<Lisa.Boles@odfl.com>
Subject: [nv-l] trap DEFAULT
FMT
|
NetView 7.1.2 on
Win2K
Okay....James, you mentioned before that when I see a
trap in trapd.log specified as "DEFAULT FMT" that this means that NetView did
not know how to interpret the trap that was received and put a default
"wrapper" around it and logged it and placed it as an event. That's what
I've been seeing for some time now with the traps that I am receiving from the
Bay Networks (Nortel) Advanced Remote Node (ARN) routers. We have one
of these routers in our test lab with a Frame Relay connection to our office,
and a configured internal ethernet interface for that router's LAN. When
I pull the cable on the ethernet interface, the router produces a trap and
sends it to NetView. According to our consultant, who configured the
router to send a trap when something like that happens, the trap being sent is
not an Enterprise specific trap, and is simply a
mgmt.mib-II.x.x.x .....link down type trap. Thi! s is where my problem
lies..! ...if the trap isn't Enterprise specific (wellfleet), but is of
mgmt.mib-2.x.x.x type, how come NetView does not know what it is ? When
I see the event in the Event Viewer, I do see what "node" it came from, which
is meaningful, but the description field states "DEFAULT FMT: mgmt.mib-2
(1.3.6.1.2.1) generic:2 specific:0", and the Enterprise column shows
"1.3.6.1.2.1". All of this I assume is because as James stated, NetView
doesn't know what to do with the trap.........if it doesn't know....how does
it know that this was a "Link Down" type of trap? Does "generic:2" mean
link down ???? And most importantly...when these are received, as I
mentioned before, nothing in the NetView map gets updated....the status of
that device (which is managed) should go to yellow, meaning that it has a
problem...mainly, an interface down. (Right now I have turned off all
polling s! o that I can work only wit! h traps and KNOW what is happening a!
nd why.. .we are intendi! ng on re lying on these and other backup devices to
send traps when their are issues vs. just relying on polling). In our
situation, we need to know exactly when these devices have problems, vs.
waiting for a polling period to check the device. We do have the TEC
adapter installed, but when the events above get there, they are very
"vanilla"....stating simply that there is a Link Down.....drilling down into
the attributes of the TEC event does tell you which device (ip address) sent
the trap....but there's nothing in the "Host" attribute.....What the ultimate
goal is, is to have that Event in TEC show up with the "message" attribute
giving a Link Down message with the exact interface, and at least the router's
IP address as the host. Back on the NetView server, I understand that in
the "Trap Settings" I can configure the event description, and I understand
how to do that.....but WHAT trap definition wou! ld I be editing? &nbs!
p;the Link Down trap under the NetView enterprise ???????
Brian Kraftchick
Network Administrator
Old Dominion Freight Line
Ph: (336) 822-5938
Fax: (336) 822-5149
E-mail: brian.kraftchick@odfl.com
Web Site: www.odfl.com
|