nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [nv-l] Off Subject [syslog]

2003-01-17 16:48:09
Subject: Re: [nv-l] Off Subject [syslog]
From: Stephen Hochstetler <shochste AT us.ibm DOT com>
To: nv-l AT lists.tivoli DOT com
Date: Fri, 17 Jan 2003 12:39:36 -0600 



Hi Don,

Been a while since I have seen you!  A long time ago setup some Cisco
Firewalls to send their syslogs to a NetView server.
When I think about what the issues are for storms I think of....

1) space.   If the syslog gets full, it MUST not impact your NetView
server.    Just make sure it can't fill up /var

2) get some easy control of syslog--> trap generation.   Put some pull-down
menus on your NetView map that let you turn off/on that function.   The
other way to do it is that all traps must go through a MLM before going to
NetView.   You can setup trap filters on that MLM as well as having
pull-down menus on NetView that control trap forwarding from NetView.
This is nice because you can stop the trap forwarding from the MLM which
protects your NetView, but the MLM will still be logging the traps in case
you need to go back and do some post emergency analysis of those trap logs.
It gives you a chance to build a filter just to block the traps from the
offending device and turn back on basic forwarding.  Then you can tail the
log and see when your changes to the device has worked....at which point
you can disable the storm filter.

3) the last piece is to get a reminder popup in place that pops up every 10
minutes that reminds you that you have trap forwarding or trap generation
stopped.    This keeps you from leaving it off and going home after a storm
has been resolved.

Kind regards,
Stephen Hochstetler              shochste AT us.ibm DOT com
International Technical Support Organization at IBM
11400 Burnet Road   Austin, TX  78758
Office - 512-838-6198 (t/l 678)       FAX - 512-838-6931
------------------------------------------------------------
http://www.redbooks.ibm.com



---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe AT lists.tivoli DOT com
For additional commands, e-mail: nv-l-help AT lists.tivoli DOT com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [nv-l] How to handle HSRP addresses in DNS., McGuire Larry G
Next by Date:  [nv-l] Off Subject [syslog], Davis, Donald
Previous by Thread:  Re: [nv-l] Off Subject [syslog], Leslie Clark
Next by Thread:  [nv-l] Off Subject [syslog], Davis, Donald
Indexes:  [Date] [Thread] [Top] [All Lists]