I really screwed up guys--was looking at the 7.1 guide. The 7.1.4 UNIX
Guide has some decent information that gets you going in the right
direction. I ran the upgrade script and cycled the daemons.
Unfortunately, I see no events at TEC, nothing in wtdumprl, and nothing
in the /etc/Tivoli/tec cache files. I know TEC_ITS.rs exists because I
looked at it yesterday. Old tecint.conf:
ServerLocation=dsmrdux02
TecRuleName=Trap2Tec.rs
ServerPort=0
New tecint.conf:
ServerLocation=dsmrdux02
TecRuleName=TEC_ITS.rs
ServerPort=0
DefaultEventClass=TEC_ITS_BASE
BufferEvents=YES
UseStateCorrelation=YES
StateCorrelationConfigURL=file:///usr/OV/conf/nvsbcrule.xml
## The following four lines are for debugging the state correlation engine
# LogLevel=ALL
# TraceLevel=ALL
# LogFileName=/usr/OV/log/adptlog.out
# TraceFileName=/usr/OV/log/adpttrc.out
TFNC events are coming through. Any suggestions? Thank you for your
patience--Drew
-----Original Message-----
*From:* owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *James Shanks
*Sent:* Thursday, January 15, 2004 2:39 PM
*To:* nv-l@lists.us.ibm.com
*Subject:* RE: [nv-l] Has anyone implemented the full TEC
integration (correlation rules) NV 7.1.4 and TEC 3.9
Drew -
The phrase "nvserverd.baroc" does not appear anywhere in the 7.1.4
Admin Guide and the section Chris pointed to has revision bars on
every page indicating that is new and changed material. Are you
certain that you are reading the 7.1.4 version?
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
Sent by: owner-nv-l@lists.us.ibm.com
01/15/2004 02:59 PM
Please respond to nv-l
To: <nv-l@lists.us.ibm.com>
cc:
Subject: RE: [nv-l] Has anyone implemented the full
TEC integration (correlation rules) NV 7.1.4 and TEC 3.9
Thank you. I read this yesterday, but it's older information,
referencing nvserverd.baroc, when it's now netview.baroc. I guess
that's my point; there are fragments of information in different
documents. I only found the new files because I was pointed to the
release notes! You have to piece it together as best you can and
hope what you are reading is correct. I'm very grateful for you
folks on the list. If this new correlation works, it is material for
a chapter in a redbook or the next set of NV manauls.
-----Original Message-----*
From:* owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *Christopher Haynes*
Sent:* Thursday, January 15, 2004 11:51 AM*
To:* nv-l@lists.us.ibm.com*
Subject:* RE: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
Drew,
Check out the stuff starting at the bottom of page 110 of teh
NetView Administrator's Guide.
http://publib.boulder.ibm.com/tividd/td/netview/SC32-1246-00/en_US/PDF/duyl2mst.pdf
thanks,
Chris Haynes
haynesch@us.ibm.com
Tivoli Quality Assurance Manager
(919) 224-1217
*"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
Sent by: owner-nv-l@lists.us.ibm.com
01/15/2004 12:32 PM
Please respond to nv-l
To: <nv-l@lists.us.ibm.com>
cc:
Subject: RE: [nv-l] Has anyone implemented the full
TEC integration (correlation rules) NV 7.1.4 and TEC 3.9
No doubt I overlooked something between the KB and manuals--where
can I find this script? I did a find for TEC_* and tec_* no file
resembling that name. If you can also point me to where this is
documented, I would be grateful. Thanks James--Drew
-----Original Message-----*
From:* owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *James Shanks*
Sent:* Thursday, January 15, 2004 11:01 AM*
To:* nv-l@lists.us.ibm.com*
Subject:* RE: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
Drew -
I'm stumped about what is confusing to you.
There is no configuration for you to do, other than run the
tec_its_upgrade script and create a new tecint.conf (which happens
nicely if you rename your old one and create a new one from
serversetup).
The script changes the configuration of the NetView events in
trapd.conf so that they work with the new TEC rules. It makes
TEC_ITS_BASE the new default event class instead of the old
Nvserverd_Event class. And it removes severity as passed field,
because severity will be set dynamically by the new TEC rules, and
they cannot do that correctly if you are sending your choice of
severity instead. The NetView ruleset is the same one we shipped in
NetView 7.1.3 : TEC_ITS.rs. Bring it up in the NetView ruleset
editor and you'll see that it just picks out specific NetView events
and sends them to TEC. If you want additional events, from Cisco or
something, you'll have to add those, but those lie outside of the
new integration.
That's all there is to the NetView side.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
Sent by: owner-nv-l@lists.us.ibm.com
01/15/2004 11:24 AM
Please respond to nv-l
To: <nv-l@lists.us.ibm.com>
cc:
Subject: RE: [nv-l] Has anyone implemented the full TEC
integration (correlation rules) NV 7.1.4 and TEC 3.9
I started on it last night, and it does have some very useful
information. Unfortunately the NV side is where I am struggling the
most; namely the trap configurations and NV forwarding ruleset.
Until that is understood and confirmed configured correctly to match
what TEC expects it's tough to tell how well the TEC rule is
working. I just opened a sev 3 PMR; also offered to help write any
documentation that could be considered a guide. Like most IT folks,
I don't have the luxury of focusing on one project at a time, and
really need to slam and jam when solutions are deemed shrink wrap.
Thanks for looking into this!
-----Original Message-----*
From:* owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *Christopher Haynes*
Sent:* Thursday, January 15, 2004 9:57 AM*
To:* nv-l@lists.us.ibm.com*
Subject:* Re: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
Drew,
I don't know if you have looked at it yet but you might want to
check out the TEC 3.9 Rule Set Reference
http://publib.boulder.ibm.com/tividd/td/tec/SC32-1282-00/en_US/PDF/ecosmst.pdf
It goes into detail about what all the rulesets do (including
netview.rls)
thanks,
Chris Haynes
haynesch@us.ibm.com
Tivoli Quality Assurance Manager
(919) 224-1217
*"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
Sent by: owner-nv-l@lists.us.ibm.com
01/14/2004 08:09 PM
Please respond to nv-l
To: <nv-l@lists.us.ibm.com>
cc:
Subject: [nv-l] Has anyone implemented the full TEC
integration (correlation rules) NV 7.1.4 and TEC 3.9
If there is a single document, can someone point me to it? I've
found pieces and parts in the different manuals, but it's not
working out of box (as advertised by our sales team):
* Netview.baroc and netview.rls in rulebase
* Netview6000 traps in NV ruleset TEC adapter uses
* Netview6000 traps have TEC_ITS event classes mapped in xnmtrap
Events reach TEC, but severities do not make sense, and I'm
sure this means any change rules in the ruleset will not
execute. For example, TEC_ITS_INTERFACE_STATUS is HARMLESS at
TEC, yet message is interface xxx is down. However, I have a
SEGMENT_STATUS and NETWORK_STATUS event as WARNING in TEC, but
the message indicates they are up. The netview6000 traps are
set from previous versions where TEC classes were OV_. I
directly edited TEC classes for each trap in xnmtrap, but I
think this issue pertains to TEC slots that are not being
passed in the trap or matching what the TEC rule expects.
We are trying to replace TFNC, which has been worth every
penny. Do I need to feed the netview6000 MIB through mib2trap
again--and will this populate xnmtrap properly? What's the
name of the mibfile that contains the netview6000 OID?
Sorry for all the questions--since this integration crosses NV
and TEC boundaries, I'm not sure if a PMR will get me
anywhere. I think I'm getting close, but there has to be an
easier way.
Thanks--Drew
*/Drew Van Order/* */
ESM Architect/* */
(615) 882-7836 Office/* */
(888) 530-1012 Pager/*
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure,
copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and is
protected by law. If you are not the intended recipient, you should
delete this message. Any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.