Re: [NV-L] Override Severity in Tivoli Enterprise Console

To:	<nv-l@lists.ca.ibm.com>
Subject:	Re: [NV-L] Override Severity in Tivoli Enterprise Console
From:	"Jon Austin" <austinj@email.chop.edu>
Date:	Tue, 21 Aug 2007 13:10:52 -0400
Delivery-date:	Tue, 21 Aug 2007 19:12:29 +0100
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
List-help:	<mailto:nv-l-request@lists.ca.ibm.com?subject=help>
List-id:	Tivoli NetView Discussions <nv-l.lists.ca.ibm.com>
List-post:	<mailto:nv-l@lists.ca.ibm.com>
List-subscribe:	<http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=subscribe>
List-unsubscribe:	<http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=unsubscribe>
Reply-to:	Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sender:	nv-l-bounces@lists.ca.ibm.com

There's a viable solution here for the netscout folks......
 
You can define that VALUE matching for the varbind
containing the severity, and then use that to map in the TEC severity
enumeration. 
I'm pretty sure you can reuse the same TEC Class on multiple
Select-Fetch-Map
groups, as long as your combination of SELECT/VALUE conditions is
unique. 

So you create 3 copies of the S-F-M group. 
On each one set up a VALUE qualifier to catch severity 1, 2 or 3, 
Explicitly set the MAP value for the severity slot 
   (mapping to TEC's severities of FATAL, CRITICAL, MINOR, 
    WARNING, UNKNOWN, or HARMLESS). 

This way you still have a single TEC Class, but you 
have the severity of the TEC event aligned with the severity
varbind from netscout.



Jon Austin
Tivoli/Unix Administrator
Information Systems
Children's Hospital of Philadelphia


>>> mds@helices.org 8/21/2007 11:02 AM >>>
* "Gupta, Narendra" <guptan@netscout.com> [2007:08:20:10:03:21-0400]
scribed:
> Hi,
> 
> We have our network application that forwards the SNMP alarms to
TEC.
> One of the varbind contains the severity(1 or 2 or 3 etc).  How we
can
> map that severity to TEC severities in CDS files. Please advice.
> 
> Thanks,
> 
> Narendra Gupta

Following is one (1) example (from tecad_nv6k.cds) that we have been
using for several years.

BEFORE:

CLASS TEC_ITS_FATAL_ERROR
  SELECT
    1: ATTR(=,$ENTERPRISE) , VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" ) ;
    2: $SPECIFIC = 58851330 ;
    3: ATTR(=, "nvObject" ) ;
    4: ATTR(=, "nvEventDescr" ) ;
    5: ATTR(=, "nvApplNbr" ) ;
  FETCH
    1: IPADDR($V3);
  MAP
    origin = $F1 ;
    hostname = $V3 ;
    msg = $V4 ;
    category = $V5 ;
    nvhostname = $ADAPTER_IP ; # Required for ALL TEC_ITS events
END


AFTER:

CLASS TEC_ITS_FATAL_ERROR
    SELECT
        1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
        2: $SPECIFIC = 58851330;
        3: ATTR(=, "nvObject" );
        4: ATTR(=, "nvEventDescr" );
        5: ATTR(=, "nvApplNbr" );
    FETCH
        1: IPADDR($V3);
    MAP
        category    = $V5;
        hostname    = $V3;
        msg         = $V4;
        nvhostname  = $ADAPTER_IP;
        origin      = $F1;
        severity    = CRITICAL;
END


What do you think?

-- 
Best Regards,

mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)

<Prev in Thread]	Current Thread	[Next in Thread>
[NV-L] Override Severity in Tivoli Enterprise Console, Gupta, Narendra Re: [NV-L] Override Severity in Tivoli Enterprise Console, James Shanks RE: [NV-L] Override Severity in Tivoli Enterprise Console, Gupta, Narendra RE: [NV-L] Override Severity in Tivoli Enterprise Console, James Shanks Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif Re: [NV-L] Override Severity in Tivoli Enterprise Console, Jon Austin <= Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif Re: [NV-L] Override Severity in Tivoli Enterprise Console, Jon Austin [NV-L] NetView File Permissions, ss cc Re: [NV-L] NetView File Permissions, James Shanks Re: [NV-L] NetView File Permissions, ss cc

Previous by Date:	RE: [NV-L] ESE.automation and event forwarding, Blane.Robertson
Next by Date:	Re: [NV-L] ESE.automation and event forwarding, Leslie Clark
Previous by Thread:	Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif
Next by Thread:	Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif
Indexes:	[Date] [Thread] [Top] [All Lists]