Re: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9

[Leslie Clark <lclark@us.ibm.com>]

It appears to me that my overrides in trapd.conf  using the 'severity' pulldown no longer affect severity. There is some logic built in to the new ruleset on TEC that deliberately adjusts severity for reasons that are not yet clear to me. We all need to read that ruleset carefully. It has a lot of documentation in it. I suspect that the severity of mere 'interface down' events is low in the grand scheme of things. That scheme would accomodate escalation over time, and correlation with events from other sources, for instance. Someone will correct me if I am wrong, but it appears to me that you would need to adjust severity either in the tec slot mappings in trapd.conf, or in the TEC ruleset itself. I'm not planning to do that until I understand it better. 

If you want a default trapd.conf file, there is one on the installed system under /usr/OV/newconfig something or other. 

I would try using the default trapd.conf and the default netview ruleset, and the default tec ruleset for a little bit and look for the pattern. I've seen it work fine at one site, but that was only for a couple of days. 

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit

"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com> Sent by: owner-nv-l@lists.us.ibm.com 01/14/2004 08:09 PM Please respond to nv-l

To:        <nv-l@lists.us.ibm.com>         cc:                 Subject:        [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9

If there is a single document, can someone point me to it? I've found pieces and parts in the different manuals, but it's not working out of box (as advertised by our sales team):

• Netview.baroc and netview.rls in rulebase
• Netview6000 traps in NV ruleset TEC adapter uses
• Netview6000 traps have TEC_ITS event classes mapped in xnmtrap
  

  Events reach TEC, but severities do not make sense, and I'm sure this means any change rules in the ruleset will not execute. For example, TEC_ITS_INTERFACE_STATUS is HARMLESS at TEC, yet message is interface xxx is down. However, I have a SEGMENT_STATUS and NETWORK_STATUS event as WARNING in TEC, but the message indicates they are up. The netview6000 traps are set from previous versions where TEC classes were OV_. I directly edited TEC classes for each trap in xnmtrap, but I think this issue pertains to TEC slots that are not being passed in the trap or matching what the TEC rule expects.

  We are trying to replace TFNC, which has been worth every penny. Do I need to feed the netview6000 MIB through mib2trap again--and will this populate xnmtrap properly? What's the name of the mibfile that contains the netview6000 OID?

  Sorry for all the questions--since this integration crosses NV and TEC boundaries, I'm not sure if a PMR will get me anywhere. I think I'm getting close, but there has to be an easier way.

  Thanks--Drew

  
  

  Drew Van Order
  ESM Architect
  (615) 882-7836 Office
  (888) 530-1012 Pager

  This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.