Re: [nv-l] Wireless Network Management and cisco mibs
2004-03-19 11:10:44
Ray,
I was hoping someone else would respond,
especially since this is really a TEC issue rather than a NetView one.
Have you tried the TEC forum? I
think that's the tme10 forum on this same server (someone please correct
me if I am wrong about that).
These two events don't look anything
alike. The msg fields have dozens of elements not in common, yet
you are saying that TEC treats these as identical? So why isn't msg
enough to distinguish them? If not that, why not nv_var1 or
nv_var6? Those all look unique to me. So I cannot believe
that there is not an easy way to get TEC to distinguish these two. If
you can't get an answer any other way, then I would open a problem to TEC
itself. Surely they deal with such issues every day.
Sorry but my TEC skills are weak and
your problem description still baffles me.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
ray.smith AT clorox DOT com
Sent by: owner-nv-l AT lists.us.ibm DOT com
03/18/2004 04:22 PM
|
To
| nv-l AT lists.us.ibm DOT com
|
cc
|
|
Subject
| Re: [nv-l] Wireless Network
Management and cisco mibs |
|
James,
I may have been diving into this in the wrong direction. I am sitting here
with our TEC guru and we are looking at the traps that are created by the
wlse. I responded to an email for CiscoTAC to help explain the different
arguments the wlse appliance generates. But here is what we are looking
and hoping to identify one or more of the 7 arguments in the trap as unique
for the dup detect TEC Rules. The following is captured from wtdumprl
on the TEC server.
===========================
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_host=x.x.64.81;category=1;date="03/18/04
11:47:05 AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix
6 1 7 args: [1] cderExceptionEntry.cderExcepId.14619 (OctetString):
37 [2] cderExceptionEntry.cderExcepHostAddressType.14619 (Integer):
1 [3] cderExceptionEntry.cderExcepHostAddress.14619 (OctetString):
x.x.122.14 [4] cderExcepPriorityDescription.14619 (OctetString):
OK [5] cderExc
ptionEntry.cderExcepTime.14619 (Ticks): 846701154 [6] cderExceptionEntry.cderExcepData.14619
(OctetString): Fau
ltId 37 DeviceId 254 DeviceIP x.x.122.14 DeviceName x.x.122.14 MO RF Port
awc0 Change Packet Error is in
OK state (0%) ChangeSeverity OK StateChange PacketErrors is OK AlarmState
Cleared OverallSeverity OK DeviceType
AccessPoint [7] cderExceptionEntry.cderExcepReportedBy.14619 (OctetString):
FaultNotifier AT CAPLEWLSE.clorox DOT com
";nv_enterprise=cderMIBNotifPrefix;nv_generic=6;nv_specific=1;nv_var1="37";nv_var2=1;nv_var3="x.x.122.14";n
v_var4="OK";nv_var5=846701154;nv_var6="FaultId 37
DeviceId 254
DeviceIP x.x.122.14
DeviceName x.x.122.14
MO RF Port awc0
Change Packet Error is in OK state (0%)
ChangeSeverity OK
StateChange PacketErrors is OK
AlarmState Cleared
OverallSeverity OK
DeviceType AccessPoint
";nv_var7="FaultNotifier AT CAPLEWLSE.clorox DOT com";END
### END EVENT ###
PROCESSED
1~7067605~1~1079639225(Mar 18 11:47:05 2004)
### EVENT ###
TEC_ITS_WireLess;source=nvserverd;sub_source=A;origin=x.x.64.155;hostname="caplewlse.clorox.com";adapter_hos
t=x.x.64.81;category=1;date="03/18/04 11:47:05 AM";severity=WARNING;status=OPEN;msg="cderMIBNotifPrefix
6 1
7 args: [1] cderExceptionEntry.cderExcepId.14618 (OctetString): 28
[2] cderExceptionEntry.cderExcepHostAddress
Type.14618 (Integer): 1 [3] cderExceptionEntry.cderExcepHostAddress.14618
(OctetString): x.x.122.13 [4] cd
erExcepPriorityDescription.14618 (OctetString): P2 [5] cderExceptionEntry.cderExcepTime.14618
(Ticks): 84670114
9 [6] cderExceptionEntry.cderExcepData.14618 (OctetString): FaultId
28 DeviceId 253 DeviceIP x.x.122.13 Dev
iceName ohpai7103.clorox.com MO RF Port awc0 Change Packet Error is in
Overloaded state (50%) ChangeSeverity P2
StateChange PacketErrors is Overloaded AlarmState Active OverallSeverity
P1 DeviceType AccessPoint [7] cderExce
ptionEntry.cderExcepReportedBy.14618 (OctetString): FaultNotifier AT CAPLEWLSE.clorox DOT com
";nv_enterprise=cderMIBNo
tifPrefix;nv_generic=6;nv_specific=1;nv_var1="28";nv_var2=1;nv_var3="x.x.122.13";nv_var4="P2";nv_var5=846701
149;nv_var6="FaultId 28
DeviceId 253
DeviceIP x.x.122.13
DeviceName ohpai7103.clorox.com
MO RF Port awc0
Change Packet Error is in Overloaded state (50%)
ChangeSeverity P2
StateChange PacketErrors is Overloaded
AlarmState Active
OverallSeverity P1
DeviceType AccessPoint
";nv_var7="FaultNotifier AT CAPLEWLSE.clorox DOT com";END
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
| James Shanks <jshanks AT us.ibm DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
03/18/2004 11:37 AM
Please respond to nv-l
|
To: nv-l AT lists.us.ibm DOT com
cc:
Fax to:
Subject: Re: [nv-l]
Wireless Network Management and cisco mibs |
Ray, you know more than you think you do.
But I'm still confused, so maybe you should posts a couple of concrete
examples.
But for the sake of argument let's say you have a trap coming into NetView
with OID .1.3.6.1.4.1.9.9.224 and it has three variables. The first
is threshold, the second rogue app, and the third is clients associated.
Presumably these variables go over to TEC as different slots, along
with hostname, and the usual stuff. So if your device sends a trap
A, which says P1=500, P2=agent1, and P3=client1, client2, client3; and
then it sends trap B, which says P1=600, P2=agent3, and P3=client4,
client5, client6; how are these not different slot values?
Also, I have the dup-detect thing backwards. You say dup_detect=
yes for some field so that TEC doesn't trash events which are otherwise
duplicates except for that field. We use dup-detect for hostnames
for example, so that a Node Up for host A is not tossed because we
get one for host B. So I'm having a hard time seeing how that would
not do the same thing for these events.
If it truly is the case that all the fields are the same, then my question
is, "how do you tell the events apart in NetView?" By timestamp?
In that case, you could always have ovactiond kick off a
script which adds that, and forwards to TEC with postemsg, or uses snmptrap
to send an event of your own design, which you then froward to TEC instead
of the original.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
ray.smith AT clorox DOT com
Sent by: owner-nv-l AT lists.us.ibm DOT com
03/18/2004 01:53 PM
|
To
| nv-l AT lists.us.ibm DOT com
|
cc
|
|
Subject
| Re: [nv-l] Wireless Network
Management and cisco mibs |
|
yep that one came up.
The dup detect rules are based on slot values and these are based on the
varbind arguments that are forwarded. Since the subtree 224.1.x.x.x
does not parse into slots the dup does not see them as separate events.
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
| James Shanks <jshanks AT us.ibm DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
03/18/2004 10:39 AM
Please respond to nv-l
|
To: nv-l AT lists.us.ibm DOT com
cc:
Fax to:
Subject: Re: [nv-l] Wireless
Network Management and cisco mibs |
I'm not certain but I think the solution to your problem is in TEC. Now
my TEC skills are not hot, but they have a duplicate detection thing going
on over there, which is configurable. Have you asked them about turning
it off? If memory serves me, then somewhere in your TEC rules you
can say dup_detect = no and then the events are treated as individual just
like they were sent.
Anyone else?
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
ray.smith AT clorox DOT com
Sent by: owner-nv-l AT lists.us.ibm DOT com
03/18/2004 01:26 PM
|
To
| nv-l AT lists.us.ibm DOT com
|
cc
|
|
Subject
| [nv-l] Wireless Network Management
and cisco mibs |
|
go easy I have only been using NV for 6 months.
I am attempting to Configure the Cisco's Wireless LAN Solution Engine to
forward traps to NetView and then have NetView forward Events to the TEC
Console.
NV 7.1.3 fp02 on Solaris, TEC 3.7, WLSE release 2.5fcs which
manages the 1150 and 1200 series access points.
I searched the archives and found entries for monitoring access points
dated 2001. These entries referenced the 350 ap's and spoke of 802.11
mibs. This unfortunately did not shed light on my problem.
The wlse refers to cisco-device-exception-reporting-mib.my. This
creates the oid .1.3.6.1.4.1.9.9.224 ciscoMgmt. I was having trouble
running mib2trap and opened a pmr. Support guided me thru extracting
the 224. trap from the mib and enlightened me on how wonderful cisco mibs
are.
The Problem is;
wlse appliance options allow you to identify and forward events of interest
to a north-bound trap receiver. Everything from rogue ap detection
to RF thresholds. These can be setup with a P1, P2, P3 and so on.
When these event traps are forwarded they all come under the ciscoMgmt
224 oid. (This is where I am learning, be kind) The ?varbind? arguments?
for the additional 224.1.x.x.whatever that allow one to parse the ?varbind?
trap ? arguments ? for the different P1 threshold, P1 rogue ap detect,
P1 clients associated. All come under the top level 224. trap.
This is fine if the staff were only looking at the NV event browser. Since
I am forwarding these events to TEC what happens is the duplicate arguments
do not work since all the messages come from wlse and the 224ciscoMgmt
oid. So every event that comes after the first one overwrites the
previous.
Is there another way to do this? Or shall I take Cisco TAC up on
there offer to work with NetView Support and identify and then creating
a more complete mib that parses the varbind arguments for the WLSE Appliance?
Any Ideas? Or am I totally off base here and someone is about to
take me to school? (which I probably need)
Ray Smith
IS Engineer
The Clorox Services Company
925-425-4363
|
|
|