Re: [nv-l] Formatting trap message

[Demis Gonçalves <demisgc@ig.com.br>]

Hi James, im able to see the var5 content in the event browser details and in the trapd.log. But im think better use another way to capture this event. As you say is very difficult to customize the things on the Windows version than Unix, so i will use the tec adapter to read windows event log for that.

 

If you want i can send you some print screens and trapd.log for you.

 

Thanks,

 

 

Demis

----- Original Message -----

From: James Shanks

To: nv-l@lists.us.ibm.com

Sent: Wednesday, December 29, 2004 6:52 PM

Subject: Re: [nv-l] Formatting trap message

I am still rather confused. You are using NetView for Windows? That makes this issue more difficult since the Event Browser there is not as customizable as the one on UNIX.

How are you able to see "the content of var 5"? Does this stuff below appear in the trapd.log or in the Event Details panel from the Event Browser or what?
Computer: DERATSPO044C
Date: 29/12/2004
Time: 16:26:41
Severity: Critical
Source: Norton AntiVirus Corporate Edition
Virus: Trojan.ByteVerify
Actual Action: Leave Alone

If you see only "Alert:Virus Found" in the main browser window, but the rest of the variable text in the trapd.log or Event Details, then my suspicion is that Norton has imbedded newline characters within the trap variable itself, to create this tabular format, and that is the source of this formatting issue. The NetView for Windows Event Browser will only display a limited amount of the event description in the main browser window, and once a newline character is reached, that would be the end of it. You'd be forced to use Event Details to see it from the browser.

Alternatively you could follow Don's advice and generate a new trap of your own, but as this is Windows, it would not be put in ESE.automation. You'd have it activated in nvcord as part of his start-up, like other NetView for Windows rulesets. That too is more difficult on Windows than on UNIX, since you don't have a graphical editor to build a custom ruleset with. You may find that the effort involved is too high to make this worthwhile.

James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Demis Gonçalves <demisgc@ig.com.br>

Demis Gonçalves <demisgc@ig.com.br>
Sent by: owner-nv-l@lists.us.ibm.com

12/29/2004 02:35 PM

Please respond to
nv-l

To	<nv-l@lists.us.ibm.com>
cc
Subject	Re: [nv-l] Formatting trap message

Thanks James, you explained exactly what i wanted to know. My system run on Windows. I would like to use the description of the varbind 5 to format a message description, but now i know that it´s impossible. If i use the $5 to format the message it only display to me Alert: Virus Found and dont show the content of var5. I´ll try other things to capture this message!

Once more thanks!

Demis
----- Original Message -----
From: James Shanks
To: nv-l@lists.us.ibm.com
Sent: Wednesday, December 29, 2004 5:12 PM
Subject: Re: [nv-l] Formatting trap message

I don't quite see you problem, so perhaps you should explain what you are trying to ultimately do, and whether this is on Windows or UNIX.

Is what you put in bold actually part of the trap as shown in trapd.log?
If so, then varbind 5 contains all that information, so simply formatting the message as $5 should display it as that same string.

But there is no way to get trapd to do more with it the variable than just that. The data type is "octet string" and that's all that trapd will do with it, display the string. There is no mechanism to substring the varbind and display just part of it in the log or the events window.

Of course, if what you ultimately want to do is send parts of the staring in an pager alert, or e-mail message, then you would be using a ruleset or command for automatic action, and those offer the possibility of extracting the sub-elements of the string for further processing.


James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Demis Gonçalves <demisgc@ig.com.br>

Demis Gonçalves <demisgc@ig.com.br>
Sent by: owner-nv-l@lists.us.ibm.com

12/29/2004 01:44 PM

Please respond to
nv-l

To	"NV" <nv-l@lists.us.ibm.com>
cc
Subject	[nv-l] Formating trap message

Hi people, i have a Norton Server sending traps to my Netview server. I´m trying to format the trap message but i have found some limitations! The information that i need to format my message is the bold in the trap below, but on netview i only can format the traps 1 - 7. How do i do to use the information inside de trap 5?



[1] private.enterprises.343.2.5.1.1.12.0 (OctetString): SRRF08SRV09
[2] private.enterprises.343.2.5.1.1.8.0 (Integer): 1104344801
[3] private.enterprises.343.2.5.1.1.9.0 (Integer): 0
[4] private.enterprises.343.2.5.1.1.10.0 (OctetString): Intel Alert Management System II
[5] private.enterprises.343.2.5.1.1.11.0 (OctetString): Alert: Virus Found
Computer: DERATSPO044C
Date: 29/12/2004
Time: 16:26:41
Severity: Critical
Source: Norton AntiVirus Corporate Edition
Virus: Trojan.ByteVerify
Actual Action: Leave Alone
[6] private.enterprises.343.2.5.1.1.7.0 (Integer): 16
[7] private.enterprises.343.2.5.1.1.13.0 (Integer): 0

TIA,

===========================
Demis Gonçalves
Sr. Support Analyst
NetControl Network Management
São Paulo - Brazil
Mobile: 55 11 9904-9684
===========================