Yup--4.1. I'm going to try remarking out the state correlation comments
per Jane's suggestion and see what happens. I've got a PMR going as
well!
Thanks--Drew
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of Paul
Sent: Thursday, January 15, 2004 5:03 PM
To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
D0h, I read the whole thread and never scrolled over the
subject, three lashes and all that. Anyhow, are you
running framework or not?
Paul
Van Order, Drew (US - Hermitage) wrote:
> I really screwed up guys--was looking at the 7.1 guide. The 7.1.4 UNIX
> Guide has some decent information that gets you going in the right
> direction. I ran the upgrade script and cycled the daemons.
> Unfortunately, I see no events at TEC, nothing in wtdumprl, and
nothing
> in the /etc/Tivoli/tec cache files. I know TEC_ITS.rs exists because I
> looked at it yesterday. Old tecint.conf:
>
> ServerLocation=dsmrdux02
> TecRuleName=Trap2Tec.rs
> ServerPort=0
>
> New tecint.conf:
>
> ServerLocation=dsmrdux02
> TecRuleName=TEC_ITS.rs
> ServerPort=0
> DefaultEventClass=TEC_ITS_BASE
> BufferEvents=YES
> UseStateCorrelation=YES
> StateCorrelationConfigURL=file:///usr/OV/conf/nvsbcrule.xml
> ## The following four lines are for debugging the state correlation
engine
> # LogLevel=ALL
> # TraceLevel=ALL
> # LogFileName=/usr/OV/log/adptlog.out
> # TraceFileName=/usr/OV/log/adpttrc.out
>
>
> TFNC events are coming through. Any suggestions? Thank you for your
> patience--Drew
>
> -----Original Message-----
> *From:* owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *James Shanks
> *Sent:* Thursday, January 15, 2004 2:39 PM
> *To:* nv-l@lists.us.ibm.com
> *Subject:* RE: [nv-l] Has anyone implemented the full TEC
> integration (correlation rules) NV 7.1.4 and TEC 3.9
>
>
> Drew -
>
> The phrase "nvserverd.baroc" does not appear anywhere in the 7.1.4
> Admin Guide and the section Chris pointed to has revision bars on
> every page indicating that is new and changed material. Are you
> certain that you are reading the 7.1.4 version?
>
> James Shanks
> Level 3 Support for Tivoli NetView for UNIX and Windows
> Tivoli Software / IBM Software Group
>
>
> *"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
> Sent by: owner-nv-l@lists.us.ibm.com
>
> 01/15/2004 02:59 PM
> Please respond to nv-l
>
>
> To: <nv-l@lists.us.ibm.com>
> cc:
> Subject: RE: [nv-l] Has anyone implemented the full
> TEC integration (correlation rules) NV 7.1.4 and TEC 3.9
>
>
>
>
> Thank you. I read this yesterday, but it's older information,
> referencing nvserverd.baroc, when it's now netview.baroc. I guess
> that's my point; there are fragments of information in different
> documents. I only found the new files because I was pointed to the
> release notes! You have to piece it together as best you can and
> hope what you are reading is correct. I'm very grateful for you
> folks on the list. If this new correlation works, it is material
for
> a chapter in a redbook or the next set of NV manauls.
> -----Original Message-----*
> From:* owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *Christopher
Haynes*
> Sent:* Thursday, January 15, 2004 11:51 AM*
> To:* nv-l@lists.us.ibm.com*
> Subject:* RE: [nv-l] Has anyone implemented the full TEC
integration
> (correlation rules) NV 7.1.4 and TEC 3.9
>
>
> Drew,
> Check out the stuff starting at the bottom of page 110 of
teh
> NetView Administrator's Guide.
>
>
http://publib.boulder.ibm.com/tividd/td/netview/SC32-1246-00/en_US/PDF/d
uyl2mst.pdf
>
>
>
>
> thanks,
> Chris Haynes
> haynesch@us.ibm.com
> Tivoli Quality Assurance Manager
> (919) 224-1217
>
>
> *"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
> Sent by: owner-nv-l@lists.us.ibm.com
>
> 01/15/2004 12:32 PM
> Please respond to nv-l
>
>
> To: <nv-l@lists.us.ibm.com>
> cc:
> Subject: RE: [nv-l] Has anyone implemented the full
> TEC integration (correlation rules) NV 7.1.4 and TEC 3.9
>
>
>
>
>
> No doubt I overlooked something between the KB and manuals--where
> can I find this script? I did a find for TEC_* and tec_* no file
> resembling that name. If you can also point me to where this is
> documented, I would be grateful. Thanks James--Drew
> -----Original Message-----*
> From:* owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *James Shanks*
> Sent:* Thursday, January 15, 2004 11:01 AM*
> To:* nv-l@lists.us.ibm.com*
> Subject:* RE: [nv-l] Has anyone implemented the full TEC
integration
> (correlation rules) NV 7.1.4 and TEC 3.9
>
>
> Drew -
>
> I'm stumped about what is confusing to you.
> There is no configuration for you to do, other than run the
> tec_its_upgrade script and create a new tecint.conf (which happens
> nicely if you rename your old one and create a new one from
> serversetup).
>
> The script changes the configuration of the NetView events in
> trapd.conf so that they work with the new TEC rules. It makes
> TEC_ITS_BASE the new default event class instead of the old
> Nvserverd_Event class. And it removes severity as passed field,
> because severity will be set dynamically by the new TEC rules, and
> they cannot do that correctly if you are sending your choice of
> severity instead. The NetView ruleset is the same one we shipped
in
> NetView 7.1.3 : TEC_ITS.rs. Bring it up in the NetView ruleset
> editor and you'll see that it just picks out specific NetView
events
> and sends them to TEC. If you want additional events, from Cisco
or
> something, you'll have to add those, but those lie outside of the
> new integration.
>
> That's all there is to the NetView side.
>
> James Shanks
> Level 3 Support for Tivoli NetView for UNIX and Windows
> Tivoli Software / IBM Software Group
> *"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
> Sent by: owner-nv-l@lists.us.ibm.com
>
> 01/15/2004 11:24 AM
> Please respond to nv-l
>
>
> To: <nv-l@lists.us.ibm.com>
> cc:
> Subject: RE: [nv-l] Has anyone implemented the full
TEC
> integration (correlation rules) NV 7.1.4 and TEC 3.9
>
>
>
>
>
>
> I started on it last night, and it does have some very useful
> information. Unfortunately the NV side is where I am struggling
the
> most; namely the trap configurations and NV forwarding ruleset.
> Until that is understood and confirmed configured correctly to
match
> what TEC expects it's tough to tell how well the TEC rule is
> working. I just opened a sev 3 PMR; also offered to help write any
> documentation that could be considered a guide. Like most IT
folks,
> I don't have the luxury of focusing on one project at a time, and
> really need to slam and jam when solutions are deemed shrink wrap.
>
> Thanks for looking into this!
> -----Original Message-----*
> From:* owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com] *On Behalf Of *Christopher
Haynes*
> Sent:* Thursday, January 15, 2004 9:57 AM*
> To:* nv-l@lists.us.ibm.com*
> Subject:* Re: [nv-l] Has anyone implemented the full TEC
integration
> (correlation rules) NV 7.1.4 and TEC 3.9
>
>
> Drew,
> I don't know if you have looked at it yet but you might want
to
> check out the TEC 3.9 Rule Set Reference
>
>
http://publib.boulder.ibm.com/tividd/td/tec/SC32-1282-00/en_US/PDF/ecosm
st.pdf
>
>
> It goes into detail about what all the rulesets do (including
> netview.rls)
>
> thanks,
> Chris Haynes
> haynesch@us.ibm.com
> Tivoli Quality Assurance Manager
> (919) 224-1217
> *"Van Order, Drew \(US - Hermitage\)" <dvanorder@deloitte.com>*
> Sent by: owner-nv-l@lists.us.ibm.com
>
> 01/14/2004 08:09 PM
> Please respond to nv-l
>
>
> To: <nv-l@lists.us.ibm.com>
> cc:
> Subject: [nv-l] Has anyone implemented the full TEC
> integration (correlation rules) NV 7.1.4 and TEC 3.9
>
>
>
>
>
>
>
> If there is a single document, can someone point me to it? I've
> found pieces and parts in the different manuals, but it's not
> working out of box (as advertised by our sales team):
>
> * Netview.baroc and netview.rls in rulebase
> * Netview6000 traps in NV ruleset TEC adapter uses
> * Netview6000 traps have TEC_ITS event classes mapped in
xnmtrap
> Events reach TEC, but severities do not make sense, and I'm
> sure this means any change rules in the ruleset will not
> execute. For example, TEC_ITS_INTERFACE_STATUS is HARMLESS
at
> TEC, yet message is interface xxx is down. However, I have a
> SEGMENT_STATUS and NETWORK_STATUS event as WARNING in TEC,
but
> the message indicates they are up. The netview6000 traps are
> set from previous versions where TEC classes were OV_. I
> directly edited TEC classes for each trap in xnmtrap, but I
> think this issue pertains to TEC slots that are not being
> passed in the trap or matching what the TEC rule expects.
>
> We are trying to replace TFNC, which has been worth every
> penny. Do I need to feed the netview6000 MIB through
mib2trap
> again--and will this populate xnmtrap properly? What's the
> name of the mibfile that contains the netview6000 OID?
>
> Sorry for all the questions--since this integration crosses
NV
> and TEC boundaries, I'm not sure if a PMR will get me
> anywhere. I think I'm getting close, but there has to be an
> easier way.
>
> Thanks--Drew
>
> */Drew Van Order/* */
> ESM Architect/* */
> (615) 882-7836 Office/* */
> (888) 530-1012 Pager/*
>
> This message (including any attachments) contains
confidential
> information intended for a specific individual and purpose,
> and is protected by law. If you are not the intended
> recipient, you should delete this message. Any disclosure,
> copying, or distribution of this message, or the taking of
any
> action based on it, is strictly prohibited.
>
> This message (including any attachments) contains
confidential
> information intended for a specific individual and purpose,
> and is protected by law. If you are not the intended
> recipient, you should delete this message. Any disclosure,
> copying, or distribution of this message, or the taking of
any
> action based on it, is strictly prohibited.
>
> This message (including any attachments) contains
confidential
> information intended for a specific individual and purpose,
> and is protected by law. If you are not the intended
> recipient, you should delete this message. Any disclosure,
> copying, or distribution of this message, or the taking of
any
> action based on it, is strictly prohibited.
>
> This message (including any attachments) contains
confidential
> information intended for a specific individual and purpose,
> and is protected by law. If you are not the intended
> recipient, you should delete this message. Any disclosure,
> copying, or distribution of this message, or the taking of
any
> action based on it, is strictly prohibited.
>
>
> This message (including any attachments) contains confidential
> information intended for a specific individual and purpose, and is
> protected by law. If you are not the intended recipient, you should
> delete this message. Any disclosure, copying, or distribution of this
> message, or the taking of any action based on it, is strictly
prohibited.
>
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message. Any
disclosure, copying, or distribution of this message, or the taking of any
action based on it, is strictly prohibited.
|