nv-l
[Top] [All Lists]

RE: [nv-l] details from trapd.log

To: "'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>
Subject: RE: [nv-l] details from trapd.log
From: "Allison, Jason (JALLISON)" <JALLISON@arinc.com>
Date: Thu, 8 Jul 2004 15:42:06 -0400
Delivery-date: Thu, 08 Jul 2004 20:56:36 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
I'm not sure of the ramifications of this since I don't really own the code or its Intellectual Property ... ;).  If there is a desire, I certainly could ask.
 
 

Jason Allison
Principal Engineer
ARINC Incorporated
Office:  (410) 266-2006
FAX:  (410) 573-3026

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
Sent: Thursday, July 08, 2004 3:36 PM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] details from trapd.log

Jason, if you are willing, the Netview users group would be happy to make your code available to others, um, like me ;)


From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Allison, Jason (JALLISON)
Sent: Thursday, July 08, 2004 2:19 PM
To: nv-l@lists.us.ibm.com; nv-l@lists.us.ibm.com
Subject: RE: [nv-l] details from trapd.log

You could write your own logging facility using the API if this was mission critical.  This allows you to format the output in anyway you want.  The facility I wrote stores all events in a special format that when seeded into a post processor, will playback those events in either real time or all at once.  I found this to be very useful when I needed to reproduce an event that took and hour to setup in the development and test labs.  This way I only needed to archive it once and I could play it back whenever I wanted.  This also lended itself to development and maintenance of regression test scenarios.  I also wrote in random field generation which helps tests unknown/improbable scenarios.
 
damn traps ... ill never escape them!
 
 

Jason Allison
Principal Engineer
ARINC Incorporated 

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
Sent: Thursday, July 08, 2004 3:08 PM
To: 'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from trapd.log

Thanks for the detailed answer Bill.

 

I tried parsing the trapd.conf file initially but gave up as I was "certain" there would be a simpler way L

 

Fawad

 

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Evans, Bill
Sent: Thursday, July 08, 2004 1:44 PM
To: 'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from trapd.log

 

Unless you're using a different event browser than I am you are getting exactly the same information as is in the trapd.log entry.  Interpretation is extracted from the trapd.conf file.  The raw trap data is partially interpreted before logging so you have to reverse engineer from the description to the original Generic/Specific trap values. . 

·         Look in the header of the trapd.conf file for the enterprise name of the trap origin.   

·         The Generic/Specific values are interpreted in the log and both the original data and the interpretation are shown in the browser.  A string and explanation is shown in trapd.conf.

·         The source is interpreted from its abbreviation. (N is Netmon, A is agent).  Interpretation is from the Administrators Reference under trapd.conf.  Trapd.log gives the interpreted agent enterprise name If the trap is not from NetView and its components.  Also if the trap is from an agent, the detailed variables are in the log.   

·         Severity is from the trapd.conf encoding interpreted by the browser.

·         Category is also taken from trapd.conf.   

 

The key to Trapd.conf (/usr/OV/conf/C/trapd.conf) is the OID-Generic-Specific triplet.  All the data is there in the configuration except the translation of the source character.  

 

For example, this trap "1088606528 3  Wed Jun 30 10:42:08 2004 N043301.nmic.doe.gov    N Interface Ethernet down." has the binary date and its interpretation, followed by the name of the device, the indicator that it's a NetView trap and the description.  The description is "Interface <variable> down". 

·         The "N" will tell you to look in the NetView traps. "Interface" will narrow the field and "Down" will take you to the specific trap.  In this case:

 

IBM_NVIDWN_EV {1.3.6.1.4.1.2.6.3} 6 58916867 N 3 0 "Status Events"

$3

EVENT_CLASS TEC_ITS_INTERFACE_STATUS

BEGIN_SLOT_MAPPING

 msg $V3

 ifstatus DOWN

 hostaddr $V7

 ifname $V8

END_SLOT_MAPPING

SDESC

This event is generated by IBM Tivoli NetView when

it detects an interface is down

 

The data passed with the event are:

    1) ID of application sending the event

    2) Name or IP address

    3) Formatted description of the event

    4) Timestamp of the event and objid of the object

    5) Database name

    6) Selection name

    7) IP address

    8) Interface name

EDESC

·         Ovobjprint on the name (N043302.nmic.doe.gov) will give you a wealth of detail on the device including the interfaces which will match the named one ("Ethernet").    

Bill Evans.
Tivoli NetView Support for DOE
301-903-0057

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Qureshi, Fawad
Sent: Thursday, July 08, 2004 12:04 PM
To: 'nv-l@lists.us.ibm.com'
Subject: [nv-l] details from trapd.log

 

NV 7.1.3 / AIX5.1

 

Double-clicking on a trap/event in the event browser gives whole lot more information then looking at the same trap in the trapd.log file. How can I get to that level of information for an event that has already scrolled off the event browser window but is still available in the trapd.log file?

 

Cheers

 

Fawad Qureshi

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web