This is what is in trapd.conf. rfFaxServer {1.3.6.1.4.1.3529.2.1}
Using the mib browser to try and locate the actual msg that is being
generated was not successful either. The msg that I am looking for is
generated by the app and does actually post to the Microsoft event log on
the host machine, but appears nowhere else except the trap itself.
Beacause the events come out with the same generic and specific trap ids I
want to match the message and then just block them from being processed.
Entire event to Netview Control Desk
Tue Sep 13 08:15:28 2005 pmsrfax1.bcbsmn A rfFaxServer 6 2 4 args:
LGSD:Library already loaded.
SPECIFIC : 2 (hex: 2)
GENERIC : 6
CATEGORY : Status Events
ENTERPRISE : rfFaxServer 1.3.6.1.4.1.3529.2.1
SOURCE : Agent (A)
HOSTNAME : server.domain.com
SEVERITY : Minor
LOGGEDTIME : 0
The specifcs I want to match on are everything after the last colon (:) in
the msg " LGSD:Library already loaded."
This changes per alert but the specific 2 and generic 6 do not. The vendor
is no help and I'm stuck
Thanks for any help you can provide.
Regards,
Mike Noonkesser
Office 651-662-1012
Fax 651-662-2279
James Shanks <jshanks@us.ibm.com>
Sent by: owner-nv-l@lists.us.ibm.com
09/13/2005 09:31 AM
Please respond to
nv-l@lists.us.ibm.com
To
nv-l@lists.us.ibm.com
cc
Subject
Re: [nv-l] Filter editor question
So what trap variable contains the message? trapd.conf will tell you.
And what do you want to do when you have a match?
A filter only alters the display of an event window. A ruleset may have
an
action attached. Presumably you could just use an Event Attribute node in
a ruleset to match the varbind number of the trap to the correct string
and
connect it to an Action, some script you write. But a better ruleset
would
be Trap Settings for the correct enterprise first.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Michael_Noonkesse
r@bluecrossmn.com
Sent by: To
owner-nv-l@lists. nv-l@lists.us.ibm.com
us.ibm.com cc
Subject
09/13/2005 10:22 [nv-l] Filter editor question
AM
Please respond to
nv-l
Hello List!
Running Netview 7.1.3 on Solaris 8
I am trying build a filter/ruleset that will match on criteria specified
in the message field of the trap.
Tue Sep 13 08:15:28 2005 server_name.domain.com A rfFaxServer 6 2 4 args:
LGSD:Library already loaded.
The last portion of the line above is what I need to match because the
software vendor has most of their traps with the same specific and generic
trap ids for numerous meaningful traps with the same severity(no idea why)
The message is the only thing that is specific to the different traps
being generated.
Or if anyone has done a fine job monitoring Captaris Rightfax please share
!
Regards,
Mike Noonkesser
----------------------------
Important news about email communications:
If our business rules identify sensitive information, you will receive a
ZixMail Secure Message with a link to view your message. First-time
recipients will be asked to create a password before they are granted
access. To learn more about ZixMail, ZixCorp Secure Email Message Center,
and other ZixCorp offerings, please go to
http://userawareness.zixcorp.com/secure4/index.php
----------------------------
The information contained in this communication may be confidential,
and is intended only for the use of the recipient(s) named above.
If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, or
copying of this communication, or any of its contents, is strictly
prohibited. If you have received this communication in error,
please return it to the sender immediately and delete the original
message and any copy of it from your computer system. If you have
any questions concerning this message, please contact the sender.
Unencrypted, unauthenticated Internet e-mail is inherently insecure.
Internet messages may be corrupted or incomplete, or may incorrectly
identify the sender.
----------------------------
Important news about email communications:
If our business rules identify sensitive information, you will receive a
ZixMail Secure Message with a link to view your message. First-time recipients
will be asked to create a password before they are granted access. To learn
more about ZixMail, ZixCorp Secure Email Message Center, and other ZixCorp
offerings, please go to http://userawareness.zixcorp.com/secure4/index.php
----------------------------
The information contained in this communication may be confidential,
and is intended only for the use of the recipient(s) named above.
If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, or
copying of this communication, or any of its contents, is strictly
prohibited. If you have received this communication in error,
please return it to the sender immediately and delete the original
message and any copy of it from your computer system. If you have
any questions concerning this message, please contact the sender.
Unencrypted, unauthenticated Internet e-mail is inherently insecure.
Internet messages may be corrupted or incomplete, or may incorrectly
identify the sender.
|