Well, if you are looking in trapd.log at this event, then yes, the first time
stamp is trapd's time he wrote it out to the file. Any timestamp within the
trap itself would come from the agent and either be a accessed as $T or $n
(where n is 1, 2, ... 50 for whatever variable the timestamp is in. Since I
don't know anything about Checkpoint firewall traps that's all I can tell you.
Use xnmtrap to see how this trap is formatted -- what elements are being used to
come up with the message you see.
If the Checkpoint timestamp is a in variable or in $T then you can just use
xnmtrap to modify the slot, provided the TEC class of event you are using
supports such a slot. You have to send a new trap only if you want to add a
variable or trap element which is not in the original trap. Since you already
can see the timestamp you want, I would guess that you would not have to send a
Tivoli (NetView for UNIX) L3 Support
Kashif Karim <kashif_karim AT YAHOO DOT COM> on 08/02/99 12:11:42 PM
Please respond to Discussion of IBM NetView and POLYCENTER Manager on NetView
<NV-L AT UCSBVM.UCSB DOT EDU>
To: NV-L AT UCSBVM.UCSB DOT EDU
cc: (bcc: James Shanks/Tivoli Systems)
Subject: Re: Time of trap generation.
James, I was talking about capturing the time an agent generates a
trap. And ofcourse you are right that it will be only there if the
agent provides one in his trap def. e.g I saw a Checkpoint firewall
trap in which there are two time stamps. The one is perhaps the default
time that shows when Netview received this trap, and then there is
another time in the message string of this trap that shows a time which
one or more minutes earlier than the other time. This I believe is the
time when the checkpoint fw generated this trap.
I guess, to capture this time value and put it in a TEC slot, all I can
do is parse the message string in a script, generate a new trap and
populate the TEC slot variable in this trap, while suppressing the old
trap from going to TEC.
Could you please validate my above understanding
--- James Shanks <James_Shanks AT TIVOLI DOT COM> wrote:
> I think you need to clarify this requirement more
> First, are we talking NetView traps or non-NetView
> traps? Because you can only
> get a timestamp if indeed the agent provides one.
> Second, any timestamp you get
> is going to be an integer in hundredths of a second.
> Is that really what you
> want? Third, the difference between when NetView
> gets the trap and sends it to
> TEC is going to be only a few seconds or less than
> when it was generated, if it
> is a NetView trap, since those do not go out over
> the network. So the date/time
> which is already present in the event sent to TEC
> should be adequate for all
> practical purposes. So what exacttly are you
> trying to achieve with this DATE
> field that is not already provided?
> James Shanks
> Tivoli (NetView for UNIX) L3 Support
> Kashif Karim <kashif_karim AT YAHOO DOT COM> on 07/30/99
> 03:15:27 PM
> Please respond to Discussion of IBM NetView and
> POLYCENTER Manager on NetView
> <NV-L AT UCSBVM.UCSB DOT EDU>
> To: NV-L AT UCSBVM.UCSB DOT EDU
> cc: (bcc: James Shanks/Tivoli Systems)
> Subject: Time of trap generation.
> Is it possible to capture the Time a certain trap is
> generated from the
> SNMP agent. The time stamp we get with each trap is
> in my understanding
> the time a trap is received by Netview, isn't it!
> actually I need to
> populate the DATE Slot variable on the T/EC side
> with this time.
> Do You Yahoo!?
> Free instant messaging and more at
Do You Yahoo!?
Free instant messaging and more at http://messenger.yahoo.com