nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!

from [Larry Fagan] [Permanent Link][Original]
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!
From: Larry Fagan <larrytechie@yahoo.com>
Date: Fri, 22 Jul 2005 11:46:10 -0700 (PDT)
Delivery-date: Fri, 22 Jul 2005 19:47:00 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=INWfBoyOdI/D/Lbofi/LEH1pcO4CtvoOub/ZzPQLql1+Ey9SRskPNrSjCKQlOw7hxziUS3lPagJH8SZIJmHRQdlVjvcQhMewgSQhw5fnp4/Dyc5gIURaNXuzbjbx4znR2mu07p/5EQGtac8UQXyOCG9KffBKn7iPahg9I29M7gQ= ;
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <OF5D24257D.91F34272-ON85257046.0065D812-85257046.00668D86@us.ibm.com>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com 
Ok... Now i got this working.. phew!... The issue was
when i saved the rule set, the old values still exist.
This i came to know when i went back and checked in
/usr/OV/conf/rulesets/vpn.rs. I created a fresh and
now all works so sweet.. i was at this since two
days...
I really appreciate guys in here for helping out...
YOU ALL ARE SIMPLY GREATTTTT.. I can have a good
weekend now and you all too...
Larry


--- James Shanks <jshanks@us.ibm.com> wrote:

> Larry ,
> 
> OK so there is a varbind 3.
> Try IKE_50 as the script shows.
> I think he issue here may be
> AdditionalLegalTrapCharacters.  Those you
> don't specify in the environment variable get
> replaced by underscores.
> If that still doesn't work, please open a PMR so
> someone can give you some
> personal help;
> 
> HTH
> 
> James Shanks
> Level 3 Support  for Tivoli NetView for UNIX and
> Windows
> Tivoli Software / IBM Software Group
> 
> 
>                                                     
>                       
>              Larry Fagan                            
>                       
>              <larrytechie@yaho                      
>                       
>              o.com>                                 
>                    To 
>              Sent by:                 
> nv-l@lists.us.ibm.com               
>              owner-nv-l@lists.                      
>                    cc 
>              us.ibm.com                             
>                       
>                                                     
>               Subject 
>                                        RE: [nv-l]
> Altiga Cisco VPN         
>              07/22/2005 02:22          concentrator
> Trap defintions!       
>              PM                                     
>                       
>                                                     
>                       
>                                                     
>                       
>              Please respond to                      
>                       
>                    nv-l                             
>                       
>                                                     
>                       
>                                                     
>                       
> 
> 
> 
> 
> James,
> I tried running a echovar script and the variable
> for
> IKE/50 is var3 as per the log. See below:
> Fri Jul 22 14:04:52 EDT 2005
> count =  6
> specific =  0
> agent =  abcd.com
> time =  2005/07/22 14:04:52
> var1 =  100855218
> var2 =  279082368 07_22_2005 14_06_43\.860 SEV_5
> IKE_50 RPT_349234 24\.16\.127\.
> 228 Group _vpn_ User _mevan_Connection terminated
> for
> peer mevan\.Reason
> _ IPSec SA Idle TimeoutRemote Proxy
> 192\.168\.36\.172_
> Local Proxy 165\.179\.0\.
> 0
> var3 =  IKE_50
> var4 =  7
> var5 =  _
> var6 =  1
> var7 =
> var8 =
> var9 =
> 
> And you are right. I'm sorry. it was a typo. That's
> event attribute and not stream. Now my rule is this:
> event stream---->trap Settings(VPN OID)---->event
> attribute(3 equals comparison IKE/50)----> forward.
> This does'nt work either. Am i missing something...
> I also tried using IKE\/50 but nope.. no luck..
> Many thanks,
> Larry
> 
> --- James Shanks <jshanks@us.ibm.com> wrote:
> 
> > Larry, if this is what you see in the log
> >       abcd u  [2]
> > private.enterprises.3076.2.1.4.4.37.50
> > (OctetString): 275850053 07/22/2005 11:10:27.740
> >  SEV=5 IKE/50 RPT=346224 61.108.103.135
> > Then this is varbind 2, not varbind 3, which is
> what
> > the [2] is telling
> > you.
> >
> > And the  variable is equal to the entire string
> >       "275850053 07/22/2005 11:10:27.740  SEV=5
> > IKE/50 RPT=346224
> > 61.108.103.135"
> > so to use an Event Attribute ruleset node  to pick
> > ou just  "IKE/50"  your
> > ruleset would have to specify  varbind 2.5, the
> > fifth word of variable 2,
> > as equal to IKE/50.  You have to type the 2.5 into
> > the attribute window
> > since it is not a scrolling option.
> >
> > That is what you meant, wasn't it, when you said,
> > My rule is as below:
> > event stream ---->Trap settings (VPN OID)---->
> event
> > stream (NVATTR_3 equal
> > to IKE/50)----> forward?
> >
> > That "event stream (NVATTR_3 equal to IKE/50"  was
> > supposed to be "event
> > attribute"?   Well, as I read this, it should be
> > "event attribute
> > Attribute: 2.5 Comparison: equal to Value: IKE/50"
> >
> > If that doesn't help, try another ruleset first
> > which echoes all the
> > varbinds out in an action node as an interim step
> so
> > you can see what they
> > are
> >       event stream ---->Trap settings (VPN
> OID)---->
> > action (echovar
> > script)
> > This is the echovar script I use:
> > #!/bin/ksh
> > #
> > # The purpose of this script is to echo variables
> to
> > a file
> > #  to test nvcorrd and actionsvr
> > #
> > echo `date`  >> /usr/OV/log/echovar.out
> > echo "count = " $NVATTR_COUNT >>
> > /usr/OV/log/echovar.out
> > echo "specific = " $NVS >> 
> /usr/OV/log/echovar.out
> > echo "agent = " $NVA >>  /usr/OV/log/echovar.out
> > echo "time = " $NVT >>  /usr/OV/log/echovar.out
> > echo "var1 = " $NVATTR_1 >>
> /usr/OV/log/echovar.out
> > echo "var2 = " $NVATTR_2 >>
> /usr/OV/log/echovar.out
> > echo "var3 = " $NVATTR_3 >>
> /usr/OV/log/echovar.out
> > echo "var4 = " $NVATTR_4 >>
> /usr/OV/log/echovar.out
> > echo "var5 = " $NVATTR_5 >>
> /usr/OV/log/echovar.out
> > echo "var6 = " $NVATTR_6 >>
> /usr/OV/log/echovar.out
> > echo "var7 = " $NVATTR_7 >>
> /usr/OV/log/echovar.out
> > echo "var8 = " $NVATTR_8 >>
> /usr/OV/log/echovar.out
> > echo "var9 = " $NVATTR_9 >>
> /usr/OV/log/echovar.out
> > #
> >
> > HTH
> >
> > James Shanks
> > Level 3 Support  for Tivoli NetView for UNIX and
> > Windows
> > Tivoli Software / IBM Software Group
> >
> >
> 
> 
> 
> 
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
> 
> 
> 
> 



                
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!, James Shanks
Next by Date:  [nv-l] Tivoli Implementation plattform, X X
Previous by Thread:  RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!, James Shanks
Next by Thread:  RE: [nv-l] Altiga Cisco VPN concentrator Trap defintions!, Barr, Scott
Indexes:  [Date] [Thread] [Top] [All Lists]

Archive operated by Skills 1st Ltd

See also: The NetView Web