Re-send
Ray,
Coming in late on this one, however, lets see if I am understanding
things correctly.....
Looking at your TEC event output, someone has obviously created TEC
event definitions for a TEC class TEC_ITS_WireLess - it will be in a TEC
configuration file ending in ".baroc". Within NetView, under Options -> Trap
Customization, someone has configured a TRAP from your
cderMIBNotifPrefix enterprise, generic trap 6, specific trap 1. It
looks like in the slot mapping panel you have the TEC msg slot being
filled with lots of stuff, including all the TRAP variables (or
varbinds). This seems unnecessary and rather confusing as all the
varbinds (1 through 7 in this case) are sent individually in TEC slots
nv_var1, nv_var2,..... nv_var6 or the 6th varbind seems to have lots of
info in it.
Not sure what out of this lot you are wanting to compare to then call
them duplicates or not?? The basic mechanism in TEC is that, wherever
your TEC_ITS_WireLess class is defined, any slot (or attribute - both
terms are used) can have the dup_detect flag set. On it's own, this
does absolutely nothing. With a TEC rule that says to find a
"duplicate" event, a search is done through the TEC Event Cache for any
previous event of the same class (ie TEC_ITS_WireLess) AND with
identical values for any/all slots that have the dup_detect flag set.
(Be aware that this dup_detect flag may be inherited from a parent TEC
class - for example if TEC_ITS_WireLess inherits from TEC_ITS_BASE and
TEC_ITS_BASE has dup_detect on the hostname slot, then TEC_ITS_WireLess
will also have the dup_detect flag set on hostname).
So.... if any of the existing TEC slots are what you want to compare for
duplicates, like your nv_var3 for example, then put the dup_detect flag
on nv_var3 and write a TEC rule that does either a first_duplicate
search or an all_duplicates search and then do whatever you need to do -
drop the old event / change the severity / whatever.
If the text that you want to use to determine duplicates is buried as
PART of a TRAP varbind, I would then customise this TRAP so that a
script is run at NetView to parse out the useful information. I would
then have this script create a new TRAP with as many separate varbinds
as you need to send the useful info to TEC. After that, previous
discussion applies.....
Cheers,
Jane
James Shanks wrote:
Ray,
I was hoping someone else would respond, especially since this is
really a TEC issue rather than a NetView one.
Have you tried the TEC forum? I think that's the tme10 forum on this
same server (someone please correct me if I am wrong about that).
These two events don't look anything alike. The msg fields have
dozens of elements not in common, yet you are saying that TEC treats
these as identical? So why isn't msg enough to distinguish them?
If not that, why not nv_var1 or nv_var6? Those all look unique to
me. So I cannot believe that there is not an easy way to get TEC to
distinguish these two. If you can't get an answer any other way, then
I would open a problem to TEC itself. Surely they deal with such
issues every day.
Sorry but my TEC skills are weak and your problem description still
baffles me.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com
03/18/2004 04:22 PM
Please respond to
nv-l
To
nv-l@lists.us.ibm.com
cc
Subject
Re: [nv-l] Wireless Network Management and cisco mibs
James,
I may have been diving into this in the wrong direction. I am sitting
here with our TEC guru and we are looking at the traps that are
created by the wlse. I responded to an email for CiscoTAC to help
explain the different arguments the wlse appliance generates. But
here is what we are looking and hoping to identify one or more of the
7 arguments in the trap as unique for the dup detect TEC Rules. The
following is captured from wtdumprl on the TEC server.
===========================
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_host=x.x.64.81;category=1;date="03/18/04
11:47:05 AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix 6 1
7 args: [1] cderExceptionEntry.cderExcepId.14619 (OctetString): 37
[2] cderExceptionEntry.cderExcepHostAddressType.14619 (Integer): 1
[3] cderExceptionEntry.cderExcepHostAddress.14619 (OctetString):
x.x.122.14 [4] cderExcepPriorityDescription.14619 (OctetString): OK
[5] cderExc
ptionEntry.cderExcepTime.14619 (Ticks): 846701154 [6]
cderExceptionEntry.cderExcepData.14619 (OctetString): Fau
ltId 37 DeviceId 254 DeviceIP x.x.122.14 DeviceName x.x.122.14 MO RF
Port awc0 Change Packet Error is in
OK state (0%) ChangeSeverity OK StateChange PacketErrors is OK
AlarmState Cleared OverallSeverity OK DeviceType
AccessPoint [7] cderExceptionEntry.cderExcepReportedBy.14619
(OctetString): FaultNotifier@CAPLEWLSE.clorox.com
";nv_enterprise=cderMIBNotifPrefix;nv_generic=6;nv_specific=1;nv_var1="37";nv_var2=1;nv_var3="x.x.122.14";n
v_var4="OK";nv_var5=846701154;nv_var6="FaultId 37
DeviceId 254
DeviceIP x.x.122.14
DeviceName x.x.122.14
MO RF Port awc0
Change Packet Error is in OK state (0%)
ChangeSeverity OK
StateChange PacketErrors is OK
AlarmState Cleared
OverallSeverity OK
DeviceType AccessPoint
";nv_var7="FaultNotifier@CAPLEWLSE.clorox.com";END
### END EVENT ###
PROCESSED
1~7067605~1~1079639225(Mar 18 11:47:05 2004)
### EVENT ###
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_hos
t=x.x.64.81;category=1;date="03/18/04 11:47:05
AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix 6 1
7 args: [1] cderExceptionEntry.cderExcepId.14618 (OctetString): 28
[2] cderExceptionEntry.cderExcepHostAddress
Type.14618 (Integer): 1 [3]
cderExceptionEntry.cderExcepHostAddress.14618 (OctetString):
x.x.122.13 [4] cd
erExcepPriorityDescription.14618 (OctetString): P2 [5]
cderExceptionEntry.cderExcepTime.14618 (Ticks): 84670114
9 [6] cderExceptionEntry.cderExcepData.14618 (OctetString): FaultId
28 DeviceId 253 DeviceIP x.x.122.13 Dev
iceName ohpai7103.clorox.com MO RF Port awc0 Change Packet Error is in
Overloaded state (50%) ChangeSeverity P2
StateChange PacketErrors is Overloaded AlarmState Active
OverallSeverity P1 DeviceType AccessPoint [7] cderExce
ptionEntry.cderExcepReportedBy.14618 (OctetString):
FaultNotifier@CAPLEWLSE.clorox.com ";nv_enterprise=cderMIBNo
tifPrefix;nv_generic=6;nv_specific=1;nv_var1="28";nv_var2=1;nv_var3="x.x.122.13";nv_var4="P2";nv_var5=846701
149;nv_var6="FaultId 28
DeviceId 253
DeviceIP x.x.122.13
DeviceName ohpai7103.clorox.com
MO RF Port awc0
Change Packet Error is in Overloaded state (50%)
ChangeSeverity P2
StateChange PacketErrors is Overloaded
AlarmState Active
OverallSeverity P1
DeviceType AccessPoint
";nv_var7="FaultNotifier@CAPLEWLSE.clorox.com";END
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
*James Shanks <jshanks@us.ibm.com>*
Sent by: owner-nv-l@lists.us.ibm.com
03/18/2004 11:37 AM
Please respond to nv-l
To: nv-l@lists.us.ibm.com
cc:
Fax to:
Subject: Re: [nv-l] Wireless Network Management and
cisco mibs
Ray, you know more than you think you do.
But I'm still confused, so maybe you should posts a couple of concrete
examples.
But for the sake of argument let's say you have a trap coming into
NetView with OID .1.3.6.1.4.1.9.9.224 and it has three variables. The
first is threshold, the second rogue app, and the third is clients
associated. Presumably these variables go over to TEC as different
slots, along with hostname, and the usual stuff. So if your device
sends a trap A, which says P1=500, P2=agent1, and P3=client1, client2,
client3; and then it sends trap B, which says P1=600, P2=agent3, and
P3=client4, client5, client6; how are these not different slot
values?
Also, I have the dup-detect thing backwards. You say dup_detect= yes
for some field so that TEC *doesn't* trash events which are otherwise
duplicates *except* for that field. We use dup-detect for hostnames
for example, so that a Node Up for host A is not tossed because we
get one for host B. So I'm having a hard time seeing how that would
not do the same thing for these events.
If it truly is the case that all the fields are the same, then my
question is, "how do you tell the events apart in NetView?" By
timestamp? In that case, you could always have ovactiond kick off
a script which adds that, and forwards to TEC with postemsg, or uses
snmptrap to send an event of your own design, which you then froward
to TEC instead of the original.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com
03/18/2004 01:53 PM
Please respond to
nv-l
To nv-l@lists.us.ibm.com
cc
Subject Re: [nv-l] Wireless Network Management and cisco mibs
yep that one came up.
The dup detect rules are based on slot values and these are based on
the varbind arguments that are forwarded. Since the subtree
224.1.x.x.x does not parse into slots the dup does not see them as
separate events.
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
*James Shanks <jshanks@us.ibm.com>*
Sent by: owner-nv-l@lists.us.ibm.com
03/18/2004 10:39 AM
Please respond to nv-l
To: nv-l@lists.us.ibm.com
cc:
Fax to:
Subject: Re: [nv-l] Wireless Network Management and cisco
mibs
I'm not certain but I think the solution to your problem is in TEC.
Now my TEC skills are not hot, but they have a duplicate detection
thing going on over there, which is configurable. Have you asked them
about turning it off? If memory serves me, then somewhere in your TEC
rules you can say dup_detect = no and then the events are treated as
individual just like they were sent.
Anyone else?
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com
03/18/2004 01:26 PM
Please respond to
nv-l
To nv-l@lists.us.ibm.com
cc
Subject [nv-l] Wireless Network Management and cisco mibs
go easy I have only been using NV for 6 months.
I am attempting to Configure the Cisco's Wireless LAN Solution Engine
to forward traps to NetView and then have NetView forward Events to
the TEC Console.
NV 7.1.3 fp02 on Solaris, TEC 3.7, WLSE release 2.5fcs which
manages the 1150 and 1200 series access points.
I searched the archives and found entries for monitoring access points
dated 2001. These entries referenced the 350 ap's and spoke of 802.11
mibs. This unfortunately did not shed light on my problem.
The wlse refers to cisco-device-exception-reporting-mib.my. This
creates the oid .1.3.6.1.4.1.9.9.224 ciscoMgmt. I was having trouble
running mib2trap and opened a pmr. Support guided me thru extracting
the 224. trap from the mib and enlightened me on how wonderful cisco
mibs are.
The Problem is;
wlse appliance options allow you to identify and forward events of
interest to a north-bound trap receiver. Everything from rogue ap
detection to RF thresholds. These can be setup with a P1, P2, P3 and
so on. When these event traps are forwarded they all come under the
ciscoMgmt 224 oid. (This is where I am learning, be kind) The
?varbind? arguments? for the additional 224.1.x.x.whatever that allow
one to parse the ?varbind? trap ? arguments ? for the different P1
threshold, P1 rogue ap detect, P1 clients associated. All come under
the top level 224. trap.
This is fine if the staff were only looking at the NV event browser.
Since I am forwarding these events to TEC what happens is the
duplicate arguments do not work since all the messages come from wlse
and the 224ciscoMgmt oid. So every event that comes after the first
one overwrites the previous.
Is there another way to do this? Or shall I take Cisco TAC up on
there offer to work with NetView Support and identify and then
creating a more complete mib that parses the varbind arguments for the
WLSE Appliance?
Any Ideas? Or am I totally off base here and someone is about to take
me to school? (which I probably need)
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2004 Jane Curry <jane.curry@skills-1st.co.uk>. All rights
reserved.
|