nv-l
[Top] [All Lists]

[nv-l] Re: [tme10] [EC] State C0rrelation Engine duplicate rule doesn't

To: tme10@lists.us.ibm.com, NetView mailing list <nv-l@lists.us.ibm.com>
Subject: [nv-l] Re: [tme10] [EC] State C0rrelation Engine duplicate rule doesn't suppress duplicates
From: Jane Curry <jane.curry@skills-1st.co.uk>
Date: Mon, 06 Jun 2005 19:50:56 +0100
Delivery-date: Mon, 06 Jun 2005 19:52:02 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <4230B817.80704@skills-1st.co.uk>
References: <4230B817.80704@skills-1st.co.uk>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
User-agent: Mozilla Thunderbird 0.5 (X11/20040208)
I have finally got around to doing more testing with this. I have tried coding nvsbcrule.xml with both a duplicate and with a collector rule. The only difference seems to be that the repeat count for a duplicate rule is zero (which is reasonable - it is defined as suppressing duplicates). A collector rule you also get an event with the msg slot set to "Authentication Trap Summary" but the repeat count of this event is however many occurred in the interval. However, I am still seeing all the individual events AS WELL.

I had also been doing testing on SCE in a TEC gateway so I simply cut-and-paste my rule from nvsbcrule.xml and paste it into my TEC Gateway tecroot.xml. I generated wpostemsg events, filling all the TEC_ITS_BASE events attributes as they are filled by NetView (simply by getting them from a wtdumprl). The SCE in the gateway did the same with repeat counts as described above for duplicate and collector rules BUT I did NOT get the original events.

This says to me that the SCE in nvserverd is not implementing duplicate and collector rules correctly by suppressing events. Not tested in tecad_nv6k yet.....

Any other thoughts or inputs before I try raising a PMR?

Cheers,
Jane

Jane Curry wrote:

I have TEC 3.9 FP2 and NetView 7.1.4 FP3 on a SuSE 9.1 Professional system. I have added 1 extra state correlation engine ( SCE ) rule to the provided nvsbrule.xml rules file that comes with NetView:
<rule id="netview.dupAuthRemove">
   <eventType>TEC_ITS_BASE</eventType>
   <duplicate timeInterval="60000">
   <cloneable attributeSet="hostname"/>
     <predicate>
       <![CDATA[
        &nv_generic == "4"
       ]]>
     </predicate>
   </duplicate>
   <triggerActions>
       <action function="TECSummary" singleInstance="false">
         <parameters>
            SET:msg="Authentication Trap Summary"
         </parameters>
       </action>
   </triggerActions>
 </rule>

I am generating 8 traps that match this and I am seeing an event with the message "Authentication Trap Summary" so the rule is obviously firing but I am ALSO seeing all the individual events too. They all come from the same hostname inside 60 seconds. The summary event has a repeat count of 0.

I have tracing and logging turned on for the state correlation but can't see anything helpful in there.

Anyone else seen this or can see what I have done wrong? I just have a vague idea I had heard of a bug with the duplicate SCE rule - mebbe on Linux???

Cheers,
Jane


--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2005 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights 
reserved.


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web