oops..
forgot to say this..
event streamm--->trap setting(VPN OID)--->event
attribute (3 equals to IKE_50)---->forward..
Forgot it was IKE_50 in echo var logfile. This don't
work either..
Larry
--- Larry Fagan <larrytechie@yahoo.com> wrote:
> James,
> I tried running a echovar script and the variable
> for
> IKE/50 is var3 as per the log. See below:
> Fri Jul 22 14:04:52 EDT 2005
> count = 6
> specific = 0
> agent = abcd.com
> time = 2005/07/22 14:04:52
> var1 = 100855218
> var2 = 279082368 07_22_2005 14_06_43\.860 SEV_5
> IKE_50 RPT_349234 24\.16\.127\.
> 228 Group _vpn_ User _mevan_Connection terminated
> for
> peer mevan\.Reason
> _ IPSec SA Idle TimeoutRemote Proxy
> 192\.168\.36\.172_
> Local Proxy 165\.179\.0\.
> 0
> var3 = IKE_50
> var4 = 7
> var5 = _
> var6 = 1
> var7 =
> var8 =
> var9 =
>
> And you are right. I'm sorry. it was a typo. That's
> event attribute and not stream. Now my rule is this:
> event stream---->trap Settings(VPN OID)---->event
> attribute(3 equals comparison IKE/50)----> forward.
> This does'nt work either. Am i missing something...
> I also tried using IKE\/50 but nope.. no luck..
> Many thanks,
> Larry
>
> --- James Shanks <jshanks@us.ibm.com> wrote:
>
> > Larry, if this is what you see in the log
> > abcd u [2]
> > private.enterprises.3076.2.1.4.4.37.50
> > (OctetString): 275850053 07/22/2005 11:10:27.740
> > SEV=5 IKE/50 RPT=346224 61.108.103.135
> > Then this is varbind 2, not varbind 3, which is
> what
> > the [2] is telling
> > you.
> >
> > And the variable is equal to the entire string
> > "275850053 07/22/2005 11:10:27.740 SEV=5
> > IKE/50 RPT=346224
> > 61.108.103.135"
> > so to use an Event Attribute ruleset node to pick
> > ou just "IKE/50" your
> > ruleset would have to specify varbind 2.5, the
> > fifth word of variable 2,
> > as equal to IKE/50. You have to type the 2.5 into
> > the attribute window
> > since it is not a scrolling option.
> >
> > That is what you meant, wasn't it, when you said,
> > My rule is as below:
> > event stream ---->Trap settings (VPN OID)---->
> event
> > stream (NVATTR_3 equal
> > to IKE/50)----> forward?
> >
> > That "event stream (NVATTR_3 equal to IKE/50" was
> > supposed to be "event
> > attribute"? Well, as I read this, it should be
> > "event attribute
> > Attribute: 2.5 Comparison: equal to Value: IKE/50"
> >
> > If that doesn't help, try another ruleset first
> > which echoes all the
> > varbinds out in an action node as an interim step
> so
> > you can see what they
> > are
> > event stream ---->Trap settings (VPN
> OID)---->
> > action (echovar
> > script)
> > This is the echovar script I use:
> > #!/bin/ksh
> > #
> > # The purpose of this script is to echo variables
> to
> > a file
> > # to test nvcorrd and actionsvr
> > #
> > echo `date` >> /usr/OV/log/echovar.out
> > echo "count = " $NVATTR_COUNT >>
> > /usr/OV/log/echovar.out
> > echo "specific = " $NVS >>
> /usr/OV/log/echovar.out
> > echo "agent = " $NVA >> /usr/OV/log/echovar.out
> > echo "time = " $NVT >> /usr/OV/log/echovar.out
> > echo "var1 = " $NVATTR_1 >>
> /usr/OV/log/echovar.out
> > echo "var2 = " $NVATTR_2 >>
> /usr/OV/log/echovar.out
> > echo "var3 = " $NVATTR_3 >>
> /usr/OV/log/echovar.out
> > echo "var4 = " $NVATTR_4 >>
> /usr/OV/log/echovar.out
> > echo "var5 = " $NVATTR_5 >>
> /usr/OV/log/echovar.out
> > echo "var6 = " $NVATTR_6 >>
> /usr/OV/log/echovar.out
> > echo "var7 = " $NVATTR_7 >>
> /usr/OV/log/echovar.out
> > echo "var8 = " $NVATTR_8 >>
> /usr/OV/log/echovar.out
> > echo "var9 = " $NVATTR_9 >>
> /usr/OV/log/echovar.out
> > #
> >
> > HTH
> >
> > James Shanks
> > Level 3 Support for Tivoli NetView for UNIX and
> > Windows
> > Tivoli Software / IBM Software Group
> >
> >
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
|