RE: [nv-l] trap DEFAULT FMT

[James Shanks <jshanks@us.ibm.com>]

One flaw with  Windows is that it does not come with a good scripting language.  UNIX is far superior in this regard.  You might want to see about installing PERL or REXX if you are going to get fancy.

In any case, I don't know what is failing for you because I don't know how you are trying to reference the passed variable in the bat file.  You pass them in just the way you say is failing.

Here's an example.  This script, email.bat was something I wrote and stuck in \usr\ov\bin to call the nvmail command from a trap:


C:\usr\ov\bin\nvmail -server tester.raleigh.ibm.com ^
-recipient jshanks@us.ibm.com -subject "urgent: test node down" -message " %1 is down!"

No matter what you pass, the first variable i %1 in your script, the second is %2, and so on.


To run it, you'd just type  "email   <whatever>"  on the command line.    To have it pass $2, the standard NetView hostname variable from a trap, you would use trap setting and have the command line say   c:\usr\ov\bin\email.bat  $2      If you wanted to pass more variables you can.  Just be aware that you have to enclose those which contain spaces (like $3) with quotation marks:    c:\usr\ov\bin\myscript.bat  $2 "$3" 

Hope this helps!


James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group

Brian Kraftchick <Brian.Kraftchick@odfl.com> Sent by: owner-nv-l-digest@lists.us.ibm.com 10/29/2003 10:25 AM Please respond to nv-l

To:        "'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>         cc:                 Subject:        RE: [nv-l] trap DEFAULT FMT

Looks like we are definitely going to have to go the route of running a batch or script to "get" that information from the device after the initial Link Down trap is received.  These particular devices don't offer the ability to include the interface description in it's generic Link Down trap.  So....from that I've been working on getting the trap definition for that particular trap to run the command to "snmpget" that information from a batch file......does anybody know how, or have any suggestions on how to pass the $A and $1 parameters into a batch file on Windows....I've played around with it some, but haven't been successful yet.  The documentation I've found in the NetView users guide mentions the ability to do this by adding those parameters in the command statement: Ex.  c:\test.bat "$A $1" ..... but this just "ain't" working.  Any ideas ?
 
Thanks as always !
-----Original Message-----
From: James Shanks [mailto:jshanks@us.ibm.com]
Sent: Monday, October 27, 2003 10:04 AM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] trap DEFAULT FMT


You are on the right track Brian.  You would indeed use the tecad_nv6k.cds to extract and map the information you want to send to TEC, provided that it is included in the original trap (usually as a variable).    If it is not, then the next best thing would be to find a way to reconfigure the trap sender so that it is.  If that cannot be done, then you do have other choices in NetView for Windows, but they involve more elaborate user programming. 

 You could, for example, launch a script whenever this trap is received (by configuring Trap Settings for it as a "Hidden Application").  You would probably need some scripting language on your Windows box like PERL or REXX to be able to do everything you want in your script, but if you had that, then you could have your script query the sender for the ifDesc of that interface using snmpget. You would pass your script the hostname or IP address of the sender as $A and the ifIndex as $1, and after you got your answer with snmpget, then you could issue a trap of your own devising using nvsnmptrap, and include the ifDesc as a variable.  This new trap would be the one you would catch in the tecad_nv6k adapter to send to TEC, while dropping the old one.  Do you see how that would work? 

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group

Brian Kraftchick <Brian.Kraftchick@odfl.com> Sent by: owner-nv-l-digest@lists.us.ibm.com 10/24/2003 04:14 PM Please respond to nv-l

To:        "'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>        cc:                Subject:        RE: [nv-l] trap DEFAULT FMT

Netview 7.1.2 on Win2K 
  
James, 
  
I can't thank you enough for taking the time to "pull me back" from the complexity that I was creating for myself.  I did as you suggested and ......voila....we have a meaningful event....well meaningful to me anyway. 
  
Philippe, 
  
Also excellent help....especially the last portion of your reply.....upon taking James advice, I was able to define the trap that was coming and play around with the description to get it to "mean" something to me.  The last part of your reply referenced being able to also gather something like the ifDescr value, which would give us the name of the interface in addition to it's ifIndex integer......this is what I am after next.   
  
Upon further inspection of trapd.log it appears that the traps that these devices are sending only contain 1 variable....the ifIndex integer (whose value happens to be 1) only.  So, being that I want to also know the actual name of the interface that is down (ifDescr)....should I look in the direction of configuring the router's traps to also provide this information as well (if this is possible) ?   If that were possible, my interest is then to be able to get that information into a slot in a TEC event...to get that same "meaninful" information there..... vs. just the vanilla "Link Down SNMP Trap" message without a hostname that it gets now.  James, I think you mentioned this in your e-mail with regards to this possibly being difficult, if at all possible, on the Windows platform/version of NetView.  I have played around with the tecad_nv6k.cds file some today and was able to understand somewha! t, the relationships and structure of h!
 ow the cds file gets the information and populates the event with that information......it looked to me like it might be possible.....so long as the original trap at least provided that information.  Any info here would help a WHOLE lot.....HA !   
  
Well, please reply with any thoughts either of you, or anyone else might have........I feel like I'm getting there....slowly but surely....but at least getting there !!!! 
  
Thanks again ! 
-----Original Message-----
From: James Shanks [mailto:jshanks@us.ibm.com]
Sent: Thursday, October 23, 2003 6:51 PM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] trap DEFAULT FMT


Relax.  You are making this too hard.  Just take a deep breath and look at Trap Settings.  Both bgp and bridge are the same way.  They don't use a vendor specific (1.3.6.1.4.1.x) OID but rather something under MIB-II (mib-2) "1.3.6.1.2.1.x".   You can do the same.  Just match what came in. 


Do you see an Enterprise definition for "1.3.6.1.2.1"?  I'll bet not because it is not an enterprise (it does not describe a vendor with a number assigned by IANA) so you'll have to invent one.  In Trap Settings click the "New" button for Enterprises.   What would you like to call it?  How about MIB-II or MIB-2  since that's what it stands for?  It doesn't matter what name you give it -- that's just an internal organizing convenience.   Now define the trap underneath.  Click "New" there too. Then pull down "TrapType" and click the correct trap.  How do we know which it should be?   

Part of your SNMP education should include the fact that the standard define six  generic types of traps and one for vendors to use.  They are these: 
Cold Start                     Generic Type 0                 Specific  Type 0         
Warm Start                Generic Type 1                Specific Type  0 
Link Down                Generic Type 2                Specific Type  0 
Link Up                        Generic Type 3                Specific Type  0 
Authentication Failure        Generic Type 4                Specific Type  0 
EGP Neighbor Loss        Generic Type 5                Specific Type  0 

everything else is vendor-specific 
<vendor's OID>                Generic Type 6                Specific  Type  <any interger> 


So click on Link Down and then define the rest of the trap any way you want.  Pick something other than "Log Only" for the Trap Category so that it displays in the Event Browser by default.  Then OK and you are done.     

Now, to answer your questions.  You are getting ahead of yourself.  NetView did not recognize your LInk Down trap because he did not have an enterprise OID defined for "1.3.6.1.2.1" because that is not a standard enterprise OID of the sort 1.3.6.1.4. 1.x.  It's just that simple.   Now you have defined one and the default wrapper will disappear. 

What information can you send to TEC about this?  Well, that depends on whether there are any additional variables included with the trap.  If there are, then you are in luck, if not, on Windows you are pretty much out of luck, since the Windows adapter doesn't permit much customization.  But we can discuss that at another time.   

As for map updates,  on Windows that too is limited.  Generally speaking, netmon owns all the objects shown on the map.  All of then.  He discovered them and he put them there.  He's the one who ultimately turns things colors by updating the databases and sending notice to ipmap (who owns all the symbols on the map) to make the color what it is.  Changing colors on receipt of your own traps, rather than letting netmon do it on his regular polling cycle, is rather a complex undertaking.  We can discuss that in another thread, at another time, too. 

But  it would be far better to adjust the polling cycles for these devices so that they are shorter and netmon is made aware of their problems more frequently, than to try to build in more overhead by constructing an elaborate mechanism to change object colors on the map a few seconds faster.  Remember the default polling cycle for netmon is every 5 minutes.  He's checking every interface in your network every five minutes.   If that's not soon enough,  I'd lower it for specific devices.  You just  alter the SNMP options. 




James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group

Brian Kraftchick <Brian.Kraftchick@odfl.com> Sent by: owner-nv-l-digest@lists.us.ibm.com 10/23/2003 05:38 PM Please respond to nv-l

To:        "NVList (E-mail)" <nv-l@lists.us.ibm.com>       cc:        Lisa Boles <Lisa.Boles@odfl.com>       Subject:        [nv-l] trap DEFAULT FMT

NetView 7.1.2 on Win2K 
 
Okay....James, you mentioned before that when I see a trap in trapd.log specified as "DEFAULT FMT" that this means that NetView did not know how to interpret the trap that was received and put a default "wrapper" around it and logged it and placed it as an event.  That's what I've been seeing for some time now with the traps that I am receiving from the Bay Networks (Nortel) Advanced Remote Node (ARN) routers.   We have one of these routers in our test lab with a Frame Relay connection to our office, and a configured internal ethernet interface for that router's LAN.  When I pull the cable on the ethernet interface, the router produces a trap and sends it to NetView.  According to our consultant, who configured the router to send a trap when something like that happens, the trap being sent is not  an Enterprise specific trap, and is simply a mgmt.mib-II.x.x.x .....link down type trap.  Thi! s is where my problem lies..!
 ! ...if the trap isn't Enterprise specific (wellfleet), but is of mgmt.mib-2.x.x.x type, how come NetView does not know what it is ?  When I see the event in the Event Viewer, I do see what "node" it came from, which is meaningful, but the description field states "DEFAULT FMT: mgmt.mib-2 (1.3.6.1.2.1) generic:2 specific:0", and the Enterprise column shows "1.3.6.1.2.1".  All of this I assume is because as James stated, NetView doesn't know what to do with the trap.........if it doesn't know....how does it know that this was a "Link Down" type of trap?  Does "generic:2" mean link down ????  And most importantly...when these are received, as I mentioned before, nothing in the NetView map gets updated....the status of that device (which is managed) should go to yellow, meaning that it has a problem...mainly, an interface down.  (Right now I have turned off all polling s! o that I can work only w!
 it! h traps and KNOW what is happening a! nd why.. .we are int!
 endi! ng
 on re lying on these and other backup devices to send traps when their are issues vs. just relying on polling).   In our situation, we need to know exactly when these devices have problems, vs. waiting for a polling period to check the device.  We do have the TEC adapter installed, but when the events above get there, they are very "vanilla"....stating simply that there is a Link Down.....drilling down into the attributes of the TEC event does tell you which device (ip address) sent the trap....but there's nothing in the "Host" attribute.....What the ultimate goal is, is to have that Event in TEC show up with the "message" attribute giving a Link Down message with the exact interface, and at least the router's IP address as the host.  Back on the NetView server, I understand that in the "Trap Settings" I can configure the event description, and I understand how to do that.....but WHAT trap definition wou! ld I be editin!
 g? &nbs! p;the Link Down trap under the NetView enterprise ??????? 
 
 
  
Brian Kraftchick 
Network Administrator 
Old Dominion Freight Line 
Ph: (336) 822-5938 
Fax: (336) 822-5149 
E-mail: brian.kraftchick@odfl.com 
Web Site: www.odfl.com