Not exacly. Note this ATTR/Value Example:
1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
This is the same as saying : Enterprise number equals
1.3.6.1.4.1.2.6.3
We have a copy of Netscout integration for TEC in-house so some
of my references are pretty specific.......
The Netscout integration has a trap nGeniusAnalyticsAlarm, which has
a severity varbind in $12 (nsAnalyticsSeverity). This would be a value
of
1,2,3. For argument sake, let's say those should map to TEC FATAL,
CRITICAL, WARNING severities.
If I'm reading the documentation correctly (and I may not be), You'd
add
the following ATTR/Value to each of the S-F-M groups:
<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"1") # Map to
FATAL
<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"2") # MAP to
CRITICAL
<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"3") # MAP to
WARNING
Then you'd have the severity settings in the MAP section:
severity FATAL # Value in Select section = 1
severity CRITICAL # Value in Select section = 2
severity WARNING # Value in Select section = 3
>>> mds@helices.org 8/22/2007 9:06 AM >>>
* Jon Austin <austinj@email.chop.edu> [2007:08:21:13:10:52-0400]
scribed:
> There's a viable solution here for the netscout folks......
>
> You can define that VALUE matching for the varbind containing the
> severity, and then use that to map in the TEC severity enumeration.
> I'm pretty sure you can reuse the same TEC Class on multiple
> Select-Fetch-Map groups, as long as your combination of SELECT/VALUE
> conditions is unique.
>
> So you create 3 copies of the S-F-M group. On each one set up a
VALUE
> qualifier to catch severity 1, 2 or 3, Explicitly set the MAP value
> for the severity slot
> (mapping to TEC's severities of FATAL, CRITICAL, MINOR,
> WARNING, UNKNOWN, or HARMLESS).
>
> This way you still have a single TEC Class, but you have the
severity
> of the TEC event aligned with the severity varbind from netscout.
<snip />
Like this:
CLASS TEC_ITS_NODE_STATUS
SELECT
1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
2: $SPECIFIC = 58916864;
3: ATTR(=, "nvObject" );
4: ATTR(=, "nvEventDescr" );
5: ATTR(=, "nvApplNbr" );
6: ATTR(=, "VB_2");
7: ATTR(=, "VB_3");
8: ATTR(=, "VB_4");
FETCH
1: IPADDR($V3);
MAP
category = $V5;
hostname = $V3;
msg = $V4;
nodestatus = 1; # UP
nvhostname = $ADAPTER_IP;
origin = $F1;
severity = HARMLESS;
varbind2 = $V6;
varbind3 = $V7;
varbind4 = $V8;
END
CLASS TEC_ITS_NODE_STATUS
SELECT
1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
2: $SPECIFIC = 58916865;
3: ATTR(=, "nvObject" );
4: ATTR(=, "nvEventDescr" );
5: ATTR(=, "nvApplNbr" );
6: ATTR(=, "VB_2");
7: ATTR(=, "VB_3");
8: ATTR(=, "VB_4");
FETCH
1: IPADDR($V3);
MAP
category = $V5;
hostname = $V3;
msg = $V4;
nodestatus = 2; # DOWN
nvhostname = $ADAPTER_IP;
origin = $F1;
severity = CRITICAL;
varbind2 = $V6;
varbind3 = $V7;
varbind4 = $V8;
END
CLASS TEC_ITS_NODE_STATUS
SELECT
1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
2: $SPECIFIC = 50790400;
3: ATTR(=, "nvObject" );
4: ATTR(=, "nvEventDescr" );
5: ATTR(=, "nvApplNbr" );
6: ATTR(=, "VB_2");
7: ATTR(=, "VB_3");
8: ATTR(=, "VB_4");
FETCH
1: IPADDR($V3);
MAP
category = $V5;
hostname = $V3;
msg = $V4;
nodestatus = 3; # MARGINAL
nvhostname = $ADAPTER_IP;
origin = $F1;
severity = MINOR;
varbind2 = $V6;
varbind3 = $V7;
varbind4 = $V8;
END
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
Jon Austin
Tivoli/Unix Administrator
Information Systems
Children's Hospital of Philadelphia
267-426-0433
austinj@email.chop.edu
_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|