[Top] [All Lists]

Re: [nv-l] Netview Polling

To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] Netview Polling
From: James Shanks <jshanks@us.ibm.com>
Date: Thu, 13 Jan 2005 14:41:26 -0500
Delivery-date: Thu, 13 Jan 2005 19:41:57 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <OF86AEC164.327E3A6A-ON80256F88.005F7163-80256F88.0064B70A@mmm.com>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com

I cannot answer the business about whether the flag should be "S" or "P" but Alan, you have a lot of other misconceptions about how NetView works that need to be cleared up. My belief is that the comments at the top of the oid_to_type file are correct, but I cannot say for certain as I don't work on that code. But the other parts of this issue, I do know about.

First, in regard to the traps sent by your remote devices with the loopback addresses in them. You have to provide the translation to the preferred address in an /etc/hosts file precisely because NetView does not know where they came from. All he is going to get is the address inside the trap and that's why what you currently see is the loopback. That's what your remote device sent. So if you cannot configure the device to send the address you want, then you have to override it in /etc/hosts or in DNS. Got it? Name resolution is the customer's responsibility. NetView only uses whatever you have set up.

Second, with regard to the sysObjectId. The NetView for Windows product is different from the NetView for UNIX one in that it maintains a BadOID smartset. In there will be devices which responded with a OID that is not defined in \usr\ov\conf\oid_to_type. The actual OID they responded with, the one that is not defined, is not used when the object is added to the database. Instead, a dummy OID of either or is used, so that this object can be added to the BadOIDs smartset. That's why that entry in the oid_to_type file says "IBM Unknown". It's just a placeholder. The Cisco 3700 has been given that OID because whatever it responded with is not currently defined. If you want to see what OID it did respond with then you need to set up the bad oid logging as an option on the netmon daemon. The new log will show you what OID that device responds with, the SNMP sysObjectId (like, etc), and the SNMP sysDescription. and that is what you have to put in oid_to_type. From this you decide on the vendor and the agent. Check to see if there is something appropriate in the fields files.If not, add them manually.

For each type of device in there (each unique SNMP sysObjectID), you need to manually update
-- the vendor list in \usr\ov\fields\C\ovw_fields,
-- the agent list in \usr\ov\fields\C\snmp_fields,
-- run 'ovw_fields' (to let Netview know about your changes),
-- then update the entries in the \usr\ov\conf\oid_to_type file.

When you edit the oid_to_type file, add one entry for each unique oid, no wildcarding. Include the vendor and agent EXACTLY as written in the fields files. For network devices, include the flag (G for router, H for hub or switch, B for bridge). G causes devices to be drawn at the top level of the map. H or B causes devices to be drawn at the Network level of the map (with the Segment). No flag causes it to be drawn at the Segment level, which is where they are now. You can 'promote' them to the higher level with these flags.

Then...close and open the map to get all of this information incorporate. Stop netmon. Delete the devices in that Smartset from ALL submaps. restart netmon, and they will all be rediscovered with the new information, and should NOT reappear in the Badoids Smartset, if you did it all correctly.
As Leslie says, "it is a badge of honor to have an empty Badoids Smartset!"

James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Inactive hide details for awatthey@mmm.comawatthey@mmm.com

          Sent by: owner-nv-l@lists.us.ibm.com

          01/13/2005 01:20 PM
          Please respond to





Re: [nv-l] Netview Polling


Thanks for this information.  However, am I doing the right thing here in
the right place?

You say add an S option but the Object ID of the router I've just located
is  According to the /usr/ov/conf/oid_to_type file,
that line has the options GS already.

Another router I've located has an Object ID of  The
oid_to_type file says this is 'IBM Unkown' yet the router is a Cisco 3700.
However, I would be able to add S to that line.

Also, the S character is not documented and the P character is documented
as causing the node to be polled using SNMP.

As far as populating the etc\hosts file.  I can certainly do that but my
problem is going to be finding out what routable IP address goes with which
trap IP address.  Is there no easy way of finding it in the database as it
must be there on an interface of something somewhere?  If I can find which
box it is on easily then I may save myself the trouble of populating the
etc\hosts file with static information that could easily become out of


            Leslie Clark                                                  
            m>                                                         To
            Sent by:                  nv-l@lists.us.ibm.com              
            owner-nv-l@lists.                                          cc
                                      Re: [nv-l] Netview Polling          
            13/01/2005 15:20                                              
            Please respond to                                            

You cannot stop netmon from discovering all addresses on a router, that's
its job. However, in the case where you don't have routing to those
addresses, you should just tell netmon to poll them via snmp. It will then
do an snmpget of the ifOperStatus of all of the interfaces, through the one
address you do have SNMP access to, and they will be nice and green.  You
can do this either by putting one address for each one in the seedfile with
$ in front of it, or, in the /usr/OV/conf/oid_to_type file, you can put add
the S flag to the OID for those types of routers. Stop/start netmon, and
you are all set.

Regarding Francois' advice to add name resolution for the trap sources, I
would add that when you do this, you want to make sure that the forward
resolution resolves to the address you reach it by. If you were using just
the hosts file, it would be like this:  MyRouter1  # the address that I can talk to  My Router1  # The loopback address of the router, where traps
come from

So when Netview discovers it by, it will name it MyRouter1. When
a trap comes in from, it will look that address up and assign it
to MyRouter1 in the events display. When you use menu functions on Netview
against the node MyRouter1, it will lookup the address and use

If the .5 address is already in your DNS, and you decide to add the .1
address to the etc\hosts file on the Windows box, you must also add the .5
address to the etc\hosts file because the hosts file will take


Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
(248) 552-4968 Voicemail, Fax, Pager

   Sent by:                                                              
   owner-nv-l@lists.us.ibm.co                                          To
   m                                                           nv-l@lists
   01/13/2005 04:35 AM                                         m          
         Please respond to                                                
               nv-l                                               Subject


I'm on Windows 2000 with Netview 7.1.4 FP2.

I've been doing some traces of what Netview is doing and I've seen quite a
lot of activity.  I was wondering how I could stop it.  I have 'discover
all networks' with @limit_discovery in my netmon.seed along with a list of
the ranges it should work with.

Basically we have various parts of the network outsourced.  I have
negotiated SNMP read access to all these routers.  Netview discovers these
routers quite happily but also discovers that they have lots of other
interfaces with strange IP addresses.  There is no routing in our network
to these addresses.  Even though I have limited the range of IP addresses
that Netview should discover via the NETMON.SEED file, it still insists on
PINGing and doing NBNS name lookups on these addresses.  Of course these
packets flow out of our default route and try to get to the Internet.  This
not only wastes bandwidth but gets our IDS people after me as they think a
box has a virus trying to get to all sorts of strange addresses which have
nothing to do with our organisation.

Is there an automatic method (forget manually unmanaging things) of
stopping netview from refering to anything not specified in the seed file.


GIF image

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web