Thanks for the
detailed answer Bill.
I tried parsing
the trapd.conf file initially but gave up as I was "certain" there would
be a simpler way L
-----Original
Message-----
From:
owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Evans, Bill
Sent: Thursday, July 08, 2004 1:44
PM
To:
'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from
trapd.log
Unless you're
using a different event browser than I am you are getting exactly the same
information as is in the trapd.log entry. Interpretation is
extracted from the trapd.conf file. The raw trap data is partially
interpreted before logging so you have to reverse engineer from the
description to the original Generic/Specific trap values. .
·
Look
in the header of the trapd.conf file for the enterprise name of the trap
origin.
·
The
Generic/Specific values are interpreted in the log and both the original
data and the interpretation are shown in the browser. A string and
explanation is shown in trapd.conf.
·
The
source is interpreted from its abbreviation. (N is Netmon, A is
agent). Interpretation is from the Administrators Reference under
trapd.conf. Trapd.log gives the interpreted agent enterprise name If
the trap is not from NetView and its components. Also if the trap is
from an agent, the detailed variables are in the log.
·
Severity is from
the trapd.conf encoding interpreted by the browser.
·
Category is also
taken from trapd.conf.
The
key to Trapd.conf (/usr/OV/conf/C/trapd.conf) is the OID-Generic-Specific
triplet. All the data is there in the configuration except the
translation of the source character.
For
example, this trap "1088606528 3 Wed Jun 30 10:42:08 2004
N043301.nmic.doe.gov N Interface Ethernet down." has the
binary date and its interpretation, followed by the name of the device,
the indicator that it's a NetView trap and the description. The
description is "Interface <variable> down".
·
The "N" will tell
you to look in the NetView traps. "Interface" will narrow the field and
"Down" will take you to the specific trap. In this case:
IBM_NVIDWN_EV
{1.3.6.1.4.1.2.6.3} 6 58916867 N 3 0 "Status Events"
$3
EVENT_CLASS
TEC_ITS_INTERFACE_STATUS
BEGIN_SLOT_MAPPING
msg
$V3
ifstatus
DOWN
hostaddr
$V7
ifname
$V8
END_SLOT_MAPPING
SDESC
This
event is generated by IBM Tivoli NetView when
it
detects an interface is down
The
data passed with the event are:
1) ID of application sending the event
2) Name or IP address
3) Formatted description of the event
4) Timestamp of the event and objid of the object
5) Database name
6) Selection name
7) IP address
8) Interface name
EDESC
·
Ovobjprint on the
name (N043302.nmic.doe.gov) will give you a wealth of detail on the device
including the interfaces which will match the named one
("Ethernet").
Bill
Evans.
Tivoli NetView
Support for DOE
301-903-0057
-----Original
Message-----
From:
owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Qureshi,
Fawad
Sent: Thursday,
July 08, 2004 12:04 PM
To:
'nv-l@lists.us.ibm.com'
Subject: [nv-l] details from
trapd.log
NV 7.1.3 /
AIX5.1
Double-clicking on a
trap/event in the event browser gives whole lot more information then
looking at the same trap in the trapd.log file. How can I get to that
level of information for an event that has already scrolled off the event
browser window but is still available in the trapd.log
file?
Cheers
Fawad
Qureshi