-----Original
Message-----
From:
owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
Sent: Thursday, July
08, 2004 3:08 PM
To:
'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from
trapd.log
Thanks for the
detailed answer Bill.
I tried parsing
the trapd.conf file initially but gave up as I was "certain" there would
be a simpler way L
-----Original
Message-----
From:
owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of Evans,
Bill
Sent: Thursday,
July 08, 2004 1:44 PM
To:
'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] details from
trapd.log
Unless you're
using a different event browser than I am you are getting exactly the
same information as is in the trapd.log entry. Interpretation is
extracted from the trapd.conf file. The raw trap data is partially
interpreted before logging so you have to reverse engineer from the
description to the original Generic/Specific trap values. .
·
Look in the
header of the trapd.conf file for the enterprise name of the trap
origin.
·
The
Generic/Specific values are interpreted in the log and both the original
data and the interpretation are shown in the browser. A string and
explanation is shown in trapd.conf.
·
The source is
interpreted from its abbreviation. (N is Netmon, A is agent).
Interpretation is from the Administrators Reference under trapd.conf.
Trapd.log gives the interpreted agent enterprise name If the trap
is not from NetView and its components. Also if the trap is from
an agent, the detailed variables are in the log.
·
Severity is
from the trapd.conf encoding interpreted by the browser.
·
Category is
also taken from trapd.conf.
The key to
Trapd.conf (/usr/OV/conf/C/trapd.conf) is the OID-Generic-Specific
triplet. All the data is there in the configuration except the
translation of the source character.
For example,
this trap "1088606528 3 Wed Jun 30 10:42:08 2004
N043301.nmic.doe.gov N Interface Ethernet down." has
the binary date and its interpretation, followed by the name of the
device, the indicator that it's a NetView trap and the
description. The description is "Interface <variable>
down".
·
The "N" will
tell you to look in the NetView traps. "Interface" will narrow the field
and "Down" will take you to the specific trap. In this case:
IBM_NVIDWN_EV
{1.3.6.1.4.1.2.6.3} 6 58916867 N 3 0 "Status Events"
$3
EVENT_CLASS
TEC_ITS_INTERFACE_STATUS
BEGIN_SLOT_MAPPING
msg
$V3
ifstatus
DOWN
hostaddr
$V7
ifname
$V8
END_SLOT_MAPPING
SDESC
This event is
generated by IBM Tivoli NetView when
it
detects an interface is down
The data passed
with the event are:
1) ID of application sending the event
2) Name or IP address
3) Formatted description of the event
4) Timestamp of the event and objid of the object
5) Database name
6) Selection name
7) IP address
8) Interface name
EDESC
·
Ovobjprint on
the name (N043302.nmic.doe.gov) will give you a wealth of detail on the
device including the interfaces which will match the named one
("Ethernet").
Bill
Evans.
Tivoli NetView
Support for DOE
301-903-0057
-----Original
Message-----
From:
owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]
On Behalf Of Qureshi,
Fawad
Sent: Thursday,
July 08, 2004 12:04 PM
To:
'nv-l@lists.us.ibm.com'
Subject: [nv-l] details from
trapd.log
NV 7.1.3 /
AIX5.1
Double-clicking
on a trap/event in the event browser gives whole lot more information
then looking at the same trap in the trapd.log file. How can I get to
that level of information for an event that has already scrolled off the
event browser window but is still available in the trapd.log
file?
Cheers
Fawad
Qureshi