nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Ruleset with action and correlation.

1999-08-26 16:05:04
Subject: Re: Ruleset with action and correlation.
From: "Boyles, Gary P" <gary.p.boyles AT INTEL DOT COM>
To: nv-l AT lists.tivoli DOT com
Date: Thu, 26 Aug 1999 13:05:04 -0700 
Debra,
1)  You should probably use "interface-down" events, and not node-down.
2)  To re-test... use a small script, and execute it via "In-Line Action".
3)  To wait around for a corresponding "Interface(or)Node/Up" once you
    have received a "Interface(or)Node/Down" use a "Reset-On-Match",
    or "Pass-On-Match" depending upon how you want to use that bit
    of information.  If you don't want to do anything after a match...
    then use "reset on match".

The sequence for the tests I'd use would be as follow:
1)  Re-test interface.
2)  If it doesn't respond... then do a "Reset-On-Match".
    (inputs=Interface-down, Interface-up; test for 1st-word in $4).
3)  If you get a "reset"... then don't do anything (quit and ignore
    both events).  You'll have to use different logic if you actually
    want to remove the log-entry.
4)  If you don't get a "reset"... then mail/page/whatever.

That's my 2 cents.

Regards,

Gary Boyles


-----Original Message-----
From: Evankovich, Debra A [mailto:devanko AT MTPOWER DOT COM]
Sent: Thursday, August 26, 1999 12:29 PM
To: NV-L AT UCSBVM.UCSB DOT EDU
Subject: Ruleset with action and correlation.


Hello all,

I could sure use some help with event configuration and rulesets.  I've
defined some basic rulesets (detect 'node down', wait # minutes and look for
'node up', remove 'down' and 'up' from events log,...) and worked with event
config, but I don't know how to do all that I need to.

For example, when a 'node down' event is received, I'd like to automatically
ping the node to verify that it really is down and hasn't just missed a poll
(I've used ping -c10 -i5 -q $2 (ping 10 times, with 5 seconds between each,
quietly for the nodename listed as 'down' as the event config automatic
action).  If the node is actually up, I'd like an action to remove the down
and up events from the log (I've defined a ruleset that looks for 'node
down' and 'node up', which removes the event if the 'up' is received for the
node within 1.5 minutes).

When a node is down, I can send /usr/OV/bin/ovxecho $2 $3 $4 via the popup,
or though event config automatic action, send email to xx.  I haven't tried
the paging yet.

What I don't seem to be able to figure out is how to create something that
produces all of the actions in-sync:  Verify the 'node down' (ping) to
detect actual node down condition, and then send notices with ovxbeep,
email, and paging.  Do I need to write a script file and put it in the
automatic action?  Is there a different/better way to accomplish these
thing?

Any help would be greatly appreciated.  Thanks!

Debbie


Debra Evankovich
Network Analyst
Montana Power Company
devanko AT mtpower DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Authentication Failure with Community Names, Xu He
Next by Date:  tecad_ipfm doesn't start, erika ocaqa
Previous by Thread:  Ruleset with action and correlation., Evankovich, Debra A
Next by Thread:  Re: Ruleset with action and correlation., James Shanks
Indexes:  [Date] [Thread] [Top] [All Lists]