nv-l
[Top] [All Lists]

Re: [NV-L] Override Severity in Tivoli Enterprise Console

To: <nv-l@lists.ca.ibm.com>
Subject: Re: [NV-L] Override Severity in Tivoli Enterprise Console
From: "Jon Austin" <austinj@email.chop.edu>
Date: Wed, 22 Aug 2007 11:37:34 -0400
Delivery-date: Wed, 22 Aug 2007 17:38:08 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
List-help: <mailto:nv-l-request@lists.ca.ibm.com?subject=help>
List-id: Tivoli NetView Discussions <nv-l.lists.ca.ibm.com>
List-post: <mailto:nv-l@lists.ca.ibm.com>
List-subscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=subscribe>
List-unsubscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=unsubscribe>
Reply-to: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sender: nv-l-bounces@lists.ca.ibm.com
Not exacly. Note this ATTR/Value Example:

1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );

This is the same as saying : Enterprise number equals
1.3.6.1.4.1.2.6.3

We have a copy of Netscout integration for TEC in-house so some
of my references are pretty specific.......

The Netscout integration has a trap nGeniusAnalyticsAlarm, which has
a severity varbind in $12 (nsAnalyticsSeverity). This would be a value
of 
1,2,3. For argument sake, let's say those should map to TEC FATAL,
CRITICAL, WARNING severities. 

If I'm reading the documentation correctly (and I may not be), You'd
add
the following ATTR/Value to each of the S-F-M groups:

<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"1")   # Map to
FATAL
<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"2")   # MAP to
CRITICAL
<number>:ATTR(=,"nsAnalyticsSeverity), VALUE(PREFIX,"3")   # MAP to
WARNING

Then you'd have the severity settings in the MAP section: 
severity FATAL  # Value in Select section = 1
severity CRITICAL # Value in Select section = 2
severity WARNING  # Value in Select section = 3


 
>>> mds@helices.org 8/22/2007 9:06 AM >>>
* Jon Austin <austinj@email.chop.edu> [2007:08:21:13:10:52-0400]
scribed:
> There's a viable solution here for the netscout folks......
>  
> You can define that VALUE matching for the varbind containing the
> severity, and then use that to map in the TEC severity enumeration.
> I'm pretty sure you can reuse the same TEC Class on multiple
> Select-Fetch-Map groups, as long as your combination of SELECT/VALUE
> conditions is unique. 
> 
> So you create 3 copies of the S-F-M group.  On each one set up a
VALUE
> qualifier to catch severity 1, 2 or 3, Explicitly set the MAP value
> for the severity slot 
>    (mapping to TEC's severities of FATAL, CRITICAL, MINOR, 
>     WARNING, UNKNOWN, or HARMLESS). 
> 
> This way you still have a single TEC Class, but you have the
severity
> of the TEC event aligned with the severity varbind from netscout.
<snip />


Like this:


CLASS TEC_ITS_NODE_STATUS
    SELECT
        1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
        2: $SPECIFIC = 58916864;
        3: ATTR(=, "nvObject" );
        4: ATTR(=, "nvEventDescr" );
        5: ATTR(=, "nvApplNbr" );
        6: ATTR(=, "VB_2");
        7: ATTR(=, "VB_3");
        8: ATTR(=, "VB_4");
    FETCH
        1: IPADDR($V3);
    MAP
        category    = $V5;
        hostname    = $V3;
        msg         = $V4;
        nodestatus  = 1;              # UP
        nvhostname  = $ADAPTER_IP;
        origin      = $F1;
        severity    = HARMLESS;
        varbind2    = $V6;
        varbind3    = $V7;
        varbind4    = $V8;
END

CLASS TEC_ITS_NODE_STATUS
    SELECT
        1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
        2: $SPECIFIC = 58916865;
        3: ATTR(=, "nvObject" );
        4: ATTR(=, "nvEventDescr" );
        5: ATTR(=, "nvApplNbr" );
        6: ATTR(=, "VB_2");
        7: ATTR(=, "VB_3");
        8: ATTR(=, "VB_4");
    FETCH
        1: IPADDR($V3);
    MAP
        category    = $V5;
        hostname    = $V3;
        msg         = $V4;
        nodestatus  = 2;              # DOWN
        nvhostname  = $ADAPTER_IP;
        origin      = $F1;
        severity    = CRITICAL;
        varbind2    = $V6;
        varbind3    = $V7;
        varbind4    = $V8;
END

CLASS TEC_ITS_NODE_STATUS
    SELECT
        1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
        2: $SPECIFIC = 50790400;
        3: ATTR(=, "nvObject" );
        4: ATTR(=, "nvEventDescr" );
        5: ATTR(=, "nvApplNbr" );
        6: ATTR(=, "VB_2");
        7: ATTR(=, "VB_3");
        8: ATTR(=, "VB_4");
    FETCH
        1: IPADDR($V3);
    MAP
        category    = $V5;
        hostname    = $V3;
        msg         = $V4;
        nodestatus  = 3;              # MARGINAL
        nvhostname  = $ADAPTER_IP;
        origin      = $F1;
        severity    = MINOR;
        varbind2    = $V6;
        varbind3    = $V7;
        varbind4    = $V8;
END



-- 
Best Regards,

mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--


Jon Austin
Tivoli/Unix Administrator
Information Systems
Children's Hospital of Philadelphia
267-426-0433
austinj@email.chop.edu
_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web