Thanks for the detailed answer Bill.
I tried parsing the trapd.conf file
initially but gave up as I was "certain" there would be a simpler
way L
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] On
Behalf Of Evans, Bill
Sent: Thursday, July 08, 2004 1:44
PM
To: 'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from
trapd.log
Unless you're using a
different event browser than I am you are getting exactly the same information
as is in the trapd.log entry. Interpretation is extracted from the
trapd.conf file. The raw trap data is partially interpreted before
logging so you have to reverse engineer from the description to the original
Generic/Specific trap values. .
·
Look in the header of the
trapd.conf file for the enterprise name of the trap origin.
·
The Generic/Specific values
are interpreted in the log and both the original data and the interpretation
are shown in the browser. A string and explanation is shown in
trapd.conf.
·
The source is interpreted
from its abbreviation. (N is Netmon, A is agent). Interpretation is from the
Administrators Reference under trapd.conf. Trapd.log gives the
interpreted agent enterprise name If the trap is not from NetView and its
components. Also if the trap is from an agent, the detailed variables are
in the log.
·
Severity is from the trapd.conf
encoding interpreted by the browser.
·
Category is also taken
from trapd.conf.
The key to Trapd.conf
(/usr/OV/conf/C/trapd.conf) is the OID-Generic-Specific triplet. All the
data is there in the configuration except the translation of the source
character.
For example, this trap
"1088606528
3 Wed Jun 30 10:42:08 2004 N043301.nmic.doe.gov N
Interface Ethernet down." has the binary date and its interpretation,
followed by the name of the device, the indicator that it's a NetView trap and
the description. The description is "Interface <variable>
down".
· The "N" will tell you to look in the NetView traps.
"Interface" will narrow the field and "Down" will take you
to the specific trap. In this case:
IBM_NVIDWN_EV
{1.3.6.1.4.1.2.6.3} 6 58916867 N 3 0 "Status Events"
$3
EVENT_CLASS
TEC_ITS_INTERFACE_STATUS
BEGIN_SLOT_MAPPING
msg
$V3
ifstatus
DOWN
hostaddr
$V7
ifname
$V8
END_SLOT_MAPPING
SDESC
This event
is generated by IBM Tivoli NetView when
it
detects an interface is down
The data
passed with the event are:
1) ID of application sending the event
2) Name or IP address
3) Formatted description of the event
4) Timestamp of the event and objid of the object
5) Database name
6) Selection name
7) IP address
8) Interface name
EDESC
· Ovobjprint on the name (N043302.nmic.doe.gov) will give you a
wealth of detail on the device including the interfaces which will match the
named one ("Ethernet").
Bill Evans.
Tivoli NetView Support for DOE
301-903-0057
-----Original Message-----
From: owner-nv-l@lists.us.ibm.com
[mailto:owner-nv-l@lists.us.ibm.com] On
Behalf Of Qureshi, Fawad
Sent: Thursday, July 08, 2004 12:04
PM
To: 'nv-l@lists.us.ibm.com'
Subject: [nv-l] details from
trapd.log
NV 7.1.3 / AIX5.1
Double-clicking on a trap/event in
the event browser gives whole lot more information then looking at the same trap
in the trapd.log file. How can I get to that level of information for an event
that has already scrolled off the event browser window but is still available
in the trapd.log file?
Cheers
Fawad Qureshi