I have finally got around to doing more testing with this. I have tried
coding nvsbcrule.xml with both a duplicate and with a collector rule.
The only difference seems to be that the repeat count for a duplicate
rule is zero (which is reasonable - it is defined as suppressing
duplicates). A collector rule you also get an event with the msg slot
set to "Authentication Trap Summary" but the repeat count of this event
is however many occurred in the interval. However, I am still seeing
all the individual events AS WELL.
I had also been doing testing on SCE in a TEC gateway so I simply
cut-and-paste my rule from nvsbcrule.xml and paste it into my TEC
Gateway tecroot.xml. I generated wpostemsg events, filling all the
TEC_ITS_BASE events attributes as they are filled by NetView (simply by
getting them from a wtdumprl). The SCE in the gateway did the same with
repeat counts as described above for duplicate and collector rules BUT I
did NOT get the original events.
This says to me that the SCE in nvserverd is not implementing duplicate
and collector rules correctly by suppressing events. Not tested in
tecad_nv6k yet.....
Any other thoughts or inputs before I try raising a PMR?
Cheers,
Jane
Jane Curry wrote:
I have TEC 3.9 FP2 and NetView 7.1.4 FP3 on a SuSE 9.1 Professional
system.
I have added 1 extra state correlation engine ( SCE ) rule to the
provided nvsbrule.xml rules file that comes with NetView:
<rule id="netview.dupAuthRemove">
<eventType>TEC_ITS_BASE</eventType>
<duplicate timeInterval="60000">
<cloneable attributeSet="hostname"/>
<predicate>
<![CDATA[
&nv_generic == "4"
]]>
</predicate>
</duplicate>
<triggerActions>
<action function="TECSummary" singleInstance="false">
<parameters>
SET:msg="Authentication Trap Summary"
</parameters>
</action>
</triggerActions>
</rule>
I am generating 8 traps that match this and I am seeing an event with
the message "Authentication Trap Summary" so the rule is obviously
firing but I am ALSO seeing all the individual events too. They all
come from the same hostname inside 60 seconds. The summary event has
a repeat count of 0.
I have tracing and logging turned on for the state correlation but
can't see anything helpful in there.
Anyone else seen this or can see what I have done wrong? I just have
a vague idea I had heard of a bug with the duplicate SCE rule - mebbe
on Linux???
Cheers,
Jane
--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2005 Jane Curry <jane.curry@skills-1st.co.uk>. All rights
reserved.
|