nv-l
[Top] [All Lists]

Re: [nv-l] Wireless Network Management and cisco mibs

To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] Wireless Network Management and cisco mibs
From: Paul <pstroud@bellsouth.net>
Date: Fri, 19 Mar 2004 13:01:21 -0500
Delivery-date: Fri, 19 Mar 2004 18:21:24 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
Re-send

Ray,
Coming in late on this one, however, lets see if I am understanding things correctly.....

Looking at your TEC event output, someone has obviously created TEC event definitions for a TEC class TEC_ITS_WireLess - it will be in a TEC configuration file ending in ".baroc". Within NetView, under Options -> Trap Customization, someone has configured a TRAP from your cderMIBNotifPrefix enterprise, generic trap 6, specific trap 1. It looks like in the slot mapping panel you have the TEC msg slot being filled with lots of stuff, including all the TRAP variables (or varbinds). This seems unnecessary and rather confusing as all the varbinds (1 through 7 in this case) are sent individually in TEC slots nv_var1, nv_var2,..... nv_var6 or the 6th varbind seems to have lots of info in it.

Not sure what out of this lot you are wanting to compare to then call them duplicates or not?? The basic mechanism in TEC is that, wherever your TEC_ITS_WireLess class is defined, any slot (or attribute - both terms are used) can have the dup_detect flag set. On it's own, this does absolutely nothing. With a TEC rule that says to find a "duplicate" event, a search is done through the TEC Event Cache for any previous event of the same class (ie TEC_ITS_WireLess) AND with identical values for any/all slots that have the dup_detect flag set. (Be aware that this dup_detect flag may be inherited from a parent TEC class - for example if TEC_ITS_WireLess inherits from TEC_ITS_BASE and TEC_ITS_BASE has dup_detect on the hostname slot, then TEC_ITS_WireLess will also have the dup_detect flag set on hostname).

So.... if any of the existing TEC slots are what you want to compare for duplicates, like your nv_var3 for example, then put the dup_detect flag on nv_var3 and write a TEC rule that does either a first_duplicate search or an all_duplicates search and then do whatever you need to do - drop the old event / change the severity / whatever.

If the text that you want to use to determine duplicates is buried as PART of a TRAP varbind, I would then customise this TRAP so that a script is run at NetView to parse out the useful information. I would then have this script create a new TRAP with as many separate varbinds as you need to send the useful info to TEC. After that, previous discussion applies.....

Cheers,
Jane

James Shanks wrote:


Ray,

I was hoping someone else would respond, especially since this is really a TEC issue rather than a NetView one. Have you tried the TEC forum? I think that's the tme10 forum on this same server (someone please correct me if I am wrong about that).

These two events don't look anything alike. The msg fields have dozens of elements not in common, yet you are saying that TEC treats these as identical? So why isn't msg enough to distinguish them? If not that, why not nv_var1 or nv_var6? Those all look unique to me. So I cannot believe that there is not an easy way to get TEC to distinguish these two. If you can't get an answer any other way, then I would open a problem to TEC itself. Surely they deal with such issues every day.

Sorry but my TEC skills are weak and your problem description still baffles me.


James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group


*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com

03/18/2004 04:22 PM
Please respond to
nv-l


        
To
        nv-l@lists.us.ibm.com
cc
        
Subject
        Re: [nv-l] Wireless Network Management and cisco mibs



        






James,
I may have been diving into this in the wrong direction. I am sitting here with our TEC guru and we are looking at the traps that are created by the wlse. I responded to an email for CiscoTAC to help explain the different arguments the wlse appliance generates. But here is what we are looking and hoping to identify one or more of the 7 arguments in the trap as unique for the dup detect TEC Rules. The following is captured from wtdumprl on the TEC server.
===========================
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_host=x.x.64.81;category=1;date="03/18/04 11:47:05 AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix 6 1 7 args: [1] cderExceptionEntry.cderExcepId.14619 (OctetString): 37 [2] cderExceptionEntry.cderExcepHostAddressType.14619 (Integer): 1 [3] cderExceptionEntry.cderExcepHostAddress.14619 (OctetString): x.x.122.14 [4] cderExcepPriorityDescription.14619 (OctetString): OK [5] cderExc ptionEntry.cderExcepTime.14619 (Ticks): 846701154 [6] cderExceptionEntry.cderExcepData.14619 (OctetString): Fau ltId 37 DeviceId 254 DeviceIP x.x.122.14 DeviceName x.x.122.14 MO RF Port awc0 Change Packet Error is in OK state (0%) ChangeSeverity OK StateChange PacketErrors is OK AlarmState Cleared OverallSeverity OK DeviceType AccessPoint [7] cderExceptionEntry.cderExcepReportedBy.14619 (OctetString): FaultNotifier@CAPLEWLSE.clorox.com ";nv_enterprise=cderMIBNotifPrefix;nv_generic=6;nv_specific=1;nv_var1="37";nv_var2=1;nv_var3="x.x.122.14";n
v_var4="OK";nv_var5=846701154;nv_var6="FaultId 37
DeviceId 254
DeviceIP x.x.122.14
DeviceName x.x.122.14
MO RF Port awc0
Change Packet Error is in OK state (0%)
ChangeSeverity OK
StateChange PacketErrors is OK
AlarmState Cleared
OverallSeverity OK
DeviceType AccessPoint
";nv_var7="FaultNotifier@CAPLEWLSE.clorox.com";END

### END EVENT ###
PROCESSED

1~7067605~1~1079639225(Mar 18 11:47:05 2004)
### EVENT ###
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_hos t=x.x.64.81;category=1;date="03/18/04 11:47:05 AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix 6 1 7 args: [1] cderExceptionEntry.cderExcepId.14618 (OctetString): 28 [2] cderExceptionEntry.cderExcepHostAddress Type.14618 (Integer): 1 [3] cderExceptionEntry.cderExcepHostAddress.14618 (OctetString): x.x.122.13 [4] cd erExcepPriorityDescription.14618 (OctetString): P2 [5] cderExceptionEntry.cderExcepTime.14618 (Ticks): 84670114 9 [6] cderExceptionEntry.cderExcepData.14618 (OctetString): FaultId 28 DeviceId 253 DeviceIP x.x.122.13 Dev iceName ohpai7103.clorox.com MO RF Port awc0 Change Packet Error is in Overloaded state (50%) ChangeSeverity P2 StateChange PacketErrors is Overloaded AlarmState Active OverallSeverity P1 DeviceType AccessPoint [7] cderExce ptionEntry.cderExcepReportedBy.14618 (OctetString): FaultNotifier@CAPLEWLSE.clorox.com ";nv_enterprise=cderMIBNo tifPrefix;nv_generic=6;nv_specific=1;nv_var1="28";nv_var2=1;nv_var3="x.x.122.13";nv_var4="P2";nv_var5=846701
149;nv_var6="FaultId 28
DeviceId 253
DeviceIP x.x.122.13
DeviceName ohpai7103.clorox.com
MO RF Port awc0
Change Packet Error is in Overloaded state (50%)
ChangeSeverity P2
StateChange PacketErrors is Overloaded
AlarmState Active
OverallSeverity P1
DeviceType AccessPoint
";nv_var7="FaultNotifier@CAPLEWLSE.clorox.com";END



Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363


        *James Shanks <jshanks@us.ibm.com>*
Sent by: owner-nv-l@lists.us.ibm.com

03/18/2004 11:37 AM
Please respond to nv-l

To: nv-l@lists.us.ibm.com cc: Fax to: Subject: Re: [nv-l] Wireless Network Management and cisco mibs






Ray, you know more than you think you do. But I'm still confused, so maybe you should posts a couple of concrete examples.

But for the sake of argument let's say you have a trap coming into NetView with OID .1.3.6.1.4.1.9.9.224 and it has three variables. The first is threshold, the second rogue app, and the third is clients associated. Presumably these variables go over to TEC as different slots, along with hostname, and the usual stuff. So if your device sends a trap A, which says P1=500, P2=agent1, and P3=client1, client2, client3; and then it sends trap B, which says P1=600, P2=agent3, and P3=client4, client5, client6; how are these not different slot values? Also, I have the dup-detect thing backwards. You say dup_detect= yes for some field so that TEC *doesn't* trash events which are otherwise duplicates *except* for that field. We use dup-detect for hostnames for example, so that a Node Up for host A is not tossed because we get one for host B. So I'm having a hard time seeing how that would not do the same thing for these events. If it truly is the case that all the fields are the same, then my question is, "how do you tell the events apart in NetView?" By timestamp? In that case, you could always have ovactiond kick off a script which adds that, and forwards to TEC with postemsg, or uses snmptrap to send an event of your own design, which you then froward to TEC instead of the original.



James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com

03/18/2004 01:53 PM
Please respond to
nv-l


        
To      nv-l@lists.us.ibm.com
cc      
Subject         Re: [nv-l] Wireless Network Management and cisco mibs





        








yep that one came up.

The dup detect rules are based on slot values and these are based on the varbind arguments that are forwarded. Since the subtree 224.1.x.x.x does not parse into slots the dup does not see them as separate events.



Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363

        *James Shanks <jshanks@us.ibm.com>*
Sent by: owner-nv-l@lists.us.ibm.com

03/18/2004 10:39 AM
Please respond to nv-l

To: nv-l@lists.us.ibm.com cc: Fax to: Subject: Re: [nv-l] Wireless Network Management and cisco mibs








I'm not certain but I think the solution to your problem is in TEC. Now my TEC skills are not hot, but they have a duplicate detection thing going on over there, which is configurable. Have you asked them about turning it off? If memory serves me, then somewhere in your TEC rules you can say dup_detect = no and then the events are treated as individual just like they were sent.

Anyone else?

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
*ray.smith@clorox.com*
Sent by: owner-nv-l@lists.us.ibm.com

03/18/2004 01:26 PM
Please respond to
nv-l


        
To      nv-l@lists.us.ibm.com
cc      
Subject         [nv-l] Wireless Network Management and cisco mibs







        










go easy I have only been using NV for 6 months.


I am attempting to Configure the Cisco's Wireless LAN Solution Engine to forward traps to NetView and then have NetView forward Events to the TEC Console. NV 7.1.3 fp02 on Solaris, TEC 3.7, WLSE release 2.5fcs which manages the 1150 and 1200 series access points.

I searched the archives and found entries for monitoring access points dated 2001. These entries referenced the 350 ap's and spoke of 802.11 mibs. This unfortunately did not shed light on my problem.

The wlse refers to cisco-device-exception-reporting-mib.my. This creates the oid .1.3.6.1.4.1.9.9.224 ciscoMgmt. I was having trouble running mib2trap and opened a pmr. Support guided me thru extracting the 224. trap from the mib and enlightened me on how wonderful cisco mibs are.

The Problem is;
wlse appliance options allow you to identify and forward events of interest to a north-bound trap receiver. Everything from rogue ap detection to RF thresholds. These can be setup with a P1, P2, P3 and so on. When these event traps are forwarded they all come under the ciscoMgmt 224 oid. (This is where I am learning, be kind) The ?varbind? arguments? for the additional 224.1.x.x.whatever that allow one to parse the ?varbind? trap ? arguments ? for the different P1 threshold, P1 rogue ap detect, P1 clients associated. All come under the top level 224. trap.

This is fine if the staff were only looking at the NV event browser. Since I am forwarding these events to TEC what happens is the duplicate arguments do not work since all the messages come from wlse and the 224ciscoMgmt oid. So every event that comes after the first one overwrites the previous.

Is there another way to do this? Or shall I take Cisco TAC up on there offer to work with NetView Support and identify and then creating a more complete mib that parses the varbind arguments for the WLSE Appliance?

Any Ideas? Or am I totally off base here and someone is about to take me to school? (which I probably need)


Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363



--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2004 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights 
reserved.





<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web