nv-l
[Top] [All Lists]

RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!

To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!
From: Larry Fagan <larrytechie@yahoo.com>
Date: Fri, 22 Jul 2005 08:42:29 -0700 (PDT)
Delivery-date: Fri, 22 Jul 2005 16:43:10 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=h9eSTEyu0aCmkdfMG8qZ25+CSDpBBZkPmPuC8tD8Q2GDZo0C8ve3mVBrUPory+f2vVs0PuNmWvANdzlQmWJtJ8Zq9jQETVm9jTQSbiydotsfSVpEsZPlUHkSTzPKMxkLC6TXdeVCZD7/IMOxPi5An5OMFv/37u9N9dTZnKAXQp8= ;
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <2BF0A5C54C5BBB4791F90F9E200AC9E101320670@omaexch05.csg.csgsystems.com>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
Guys,
Good news is that i got this working. I manually added
OID based on the traps i received and now the traps
are showing up on my console...
Now i need another help here.. Since there are way
tooo   many traps coming in so i decided to write a
rule in Netview... My rule is as below:
event stream ---->Trap settings (VPN OID)----> event
stream (NVATTR_3 equal to IKE/50)----> forward..
Am i doing this right? If so then it's not working.
I'm sure that NVATTR3=IKE/50 since in TEC nv_var3 is
showing up as IKE/50. Any ideas for this? Here is the
trap:
abcd u  [2] private.enterprises.3076.2.1.4.4.37.50
(OctetString): 275850053 07/22/2005 11:10:27.740
 SEV=5 IKE/50 RPT=346224 61.108.103.135 
Many Thanks as usual,
Larry


--- "Barr, Scott" <Scott_Barr@csgsystems.com> wrote:

> We just catch everything from enterprise 3076 in
> trapd.conf and have a
> ruleset that catches it and passes the data as an
> environment variable
> to the perl script that does the parsing.
> 
> I don't have an enterprise number. The oid is as you
> would expect
> 1.3.6.1.4.1.3076 but we never busted it down
> further. They are all
> generic trap 6 enterprise 0
> 
> 
> Sorry I can't be of more obvious help. This is not
> what I would call a
> fully integrated cisco product.
> 
> -----Original Message-----
> From: owner-nv-l@lists.us.ibm.com
> [mailto:owner-nv-l@lists.us.ibm.com]
> On Behalf Of Larry Fagan
> Sent: Thursday, July 21, 2005 2:59 PM
> To: nv-l@lists.us.ibm.com
> Subject: RE: [nv-l] Altiga Cisco VPN concentrator
> Trap defintions!
> 
> Thanks for the info guys.
> Our VPN team is forwarding particular events like
> below:
> 1121965582 7  Thu Jul 21 13:06:22 2005 
> USKEN06DVP132.us.schp.com ?  [2] private
> .enterprises.3076.2.1.4.4.37.50 (OctetString):
> 248355444 07/21/2005 13:08:03.480
>  SEV=5 IKE/50 RPT=312369 14.207.66.106 
> What the team is looking is for key word IKE/199. I
> can parse that once this is forwarded to TEC but the
> issue is what's the OID for this event?.
> thanks,
> Larry
> 
> --- "Barr, Scott" <Scott_Barr@csgsystems.com> wrote:
> 
> > I don't work on them anymore but I did in the
> past.
> > 
> > Cisco is pulling your leg.
> > 
> > In the syslog configuration on the device you can
> > set 9 levels of
> > logging from like 15 different topics. Then you
> can
> > specify what log
> > messages to turn into snmp events.
> > 
> > And then the fun begins.
> > 
> > Depending on your ios version, the concentrator
> > sends in all sorts of
> > different formats. In our case, we wanted to know
> > when tunnels came up
> > and down. Well it turned out that this actually
> was
> > in the user signon
> > log event. Our concentrator code supported both
> > concentrators for public
> > users and also for private connections. 
> > 
> > But the trap that comes in varies widely in
> spacing,
> > verbage and format.
> > We upgraded IOS versions and trashed the
> automation.
> > Worse yet, they all
> > come in as the same enterprise trap so you must
> have
> > some backend
> > parsing. 
> > 
> > Cisco is telling you that there are few traps
> > supported because I
> > believe the SNMP agent itself doesn't generate
> much
> > - all are syslog
> > traps that we worked with.
> > 
> > I'm going to email you what work I had done
> already
> > pending approval
> > from my previous manager. 
> > 
> > 
> > -----Original Message-----
> > From: owner-nv-l@lists.us.ibm.com
> > [mailto:owner-nv-l@lists.us.ibm.com]
> > On Behalf Of Larry Fagan
> > Sent: Thursday, July 21, 2005 1:51 PM
> > To: nv-l@lists.us.ibm.com
> > Subject: [nv-l] Altiga Cisco VPN concentrator Trap
> > defintions!
> > 
> > Hello All,
> > I'm looking for the above 3000 series Trap
> > defintions.
> > In the MIB provided to me from Cisco Site, i
> did'nt
> > find any traps defined in them. I also see in the
> > list
> > someone posted a reply from Cisco support saying
> > that
> > there is very limited traps defined for VPN's or
> > rather no traps at all. See link below.
> > 
> >
>
http://lists.skills-1st.co.uk/mharc/html/nv-l/2003-08/msg00006.html
> > 
> > 
> > Has anyone defined any traps for thess VPN's. I'm
> > trying if someone can help me here before i get to
> > deeply involved.Any hints will be greatly
> helpful.!
> > Many Thanks,
> > Larry
> > 
> > 
> > 
> >             
> >
> ____________________________________________________
> > Start your day with Yahoo! - make it your home
> page 
> > http://www.yahoo.com/r/hs 
> >  
> > 
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> 



                
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web