Re: Ruleset with action and correlation.

1999-08-30 12:40:28
Subject: Re: Ruleset with action and correlation.
From: James Shanks <James_Shanks AT TIVOLI DOT COM>
To: nv-l AT lists.tivoli DOT com
Date: Mon, 30 Aug 1999 12:40:28 -0400
In addition to what Gary said about using the reset function to trigger your
actions when an interface or node down event is received, if you want to use a
ruleset rather than the commands for automatic action in trapd.conf, there are a
few other things you might like to know.

You can of course initiate paging from the paging icon in the ruleset.  When it
comes to putting up a pop-up window with ovxecho or ovxbeep, you do that in an
action node.  That's where you would also do your email command.  And you could
combine those in a small script that you write and execute if you like.  If you
do that, make sure that you end your commands with an "&" in the script so that
one does not wait upon the others.   It makes little difference whether you have
two separate action nodes or one with a script, or in what order you string
these icons together in the ruleset, though they will be executed serially.
Because nvcorrd is just going to hand the action (paging, ovexcho or email
command, or script) to actionsvr, who will fork a process to execute that
command, so in effect, they will all execute more or less, simultaneously.   The
only thing you really have to remember is that in trapd, the trap variables are
referenced as $2, $3, $4, etc., while in a ruleset action you refer to them as
$NVATTR_2, $NVATTR_3, $NVATTR_4, and so on.  And don't forget that in order for
the popup to work you must specify the display that you want it to go to.  You
can set the DISPLAY variable in your script or you can specify it with the  -d
operand on the ovxecho/ovxbeep command, but one way or another, you must specify
it somehow.  The actionsvr does not have his own console so you must tell him
where it goes.

Hope this helps
James Shanks
Tivoli (NetView for UNIX) L3 Support

"Boyles, Gary P" <gary.p.boyles AT INTEL DOT COM> on 08/26/99 04:05:04 PM

Please respond to Discussion of IBM NetView and POLYCENTER Manager on NetView

cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  Re: Ruleset with action and  correlation.

1)  You should probably use "interface-down" events, and not node-down.
2)  To re-test... use a small script, and execute it via "In-Line Action".
3)  To wait around for a corresponding "Interface(or)Node/Up" once you
    have received a "Interface(or)Node/Down" use a "Reset-On-Match",
    or "Pass-On-Match" depending upon how you want to use that bit
    of information.  If you don't want to do anything after a match...
    then use "reset on match".

The sequence for the tests I'd use would be as follow:
1)  Re-test interface.
2)  If it doesn't respond... then do a "Reset-On-Match".
    (inputs=Interface-down, Interface-up; test for 1st-word in $4).
3)  If you get a "reset"... then don't do anything (quit and ignore
    both events).  You'll have to use different logic if you actually
    want to remove the log-entry.
4)  If you don't get a "reset"... then mail/page/whatever.

That's my 2 cents.


Gary Boyles

-----Original Message-----
From: Evankovich, Debra A [mailto:devanko AT MTPOWER DOT COM]
Sent: Thursday, August 26, 1999 12:29 PM
Subject: Ruleset with action and correlation.

Hello all,

I could sure use some help with event configuration and rulesets.  I've
defined some basic rulesets (detect 'node down', wait # minutes and look for
'node up', remove 'down' and 'up' from events log,...) and worked with event
config, but I don't know how to do all that I need to.

For example, when a 'node down' event is received, I'd like to automatically
ping the node to verify that it really is down and hasn't just missed a poll
(I've used ping -c10 -i5 -q $2 (ping 10 times, with 5 seconds between each,
quietly for the nodename listed as 'down' as the event config automatic
action).  If the node is actually up, I'd like an action to remove the down
and up events from the log (I've defined a ruleset that looks for 'node
down' and 'node up', which removes the event if the 'up' is received for the
node within 1.5 minutes).

When a node is down, I can send /usr/OV/bin/ovxecho $2 $3 $4 via the popup,
or though event config automatic action, send email to xx.  I haven't tried
the paging yet.

What I don't seem to be able to figure out is how to create something that
produces all of the actions in-sync:  Verify the 'node down' (ping) to
detect actual node down condition, and then send notices with ovxbeep,
email, and paging.  Do I need to write a script file and put it in the
automatic action?  Is there a different/better way to accomplish these

Any help would be greatly appreciated.  Thanks!


Debra Evankovich
Network Analyst
Montana Power Company
devanko AT mtpower DOT com

<Prev in Thread] Current Thread [Next in Thread>