This is a multipart message in MIME format. It is possible to flood NetView with traps, but that's not an easy number
to arrive at since it depends on so many things.
The issue is not the peak, but how long it is for, and what application
queue buffer size you are using in trapd, and so on.
Unsolicited traps from other network devices are usually the culprit when
it does happen, so it is best to keep and eye on things and only send
those which you really intend to do something about. Besides, that is
good advice if only because needless traps chew up bandwidth real users
need. I have seen people do studies and be stunned that they have taken
as much as 30% of their available bandwidth to send traps nobody wanted.
But with regard to trapgend, he has a throttle built-in. By default he
will only send the same trap once per minute. You can alter this value if
you need to, but that's one safeguard NetView has to prevent overloading.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
"Barr, Scott" <Scott_Barr AT csgsystems DOT com>
Sent by: owner-nv-l AT tkg DOT com
11/01/2001 01:23 PM
Please respond to IBM NetView Discussion
To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
cc:
Subject: RE: [NV-L] Can you send traps based on syslog messages
from local
NetVew/AIX box?
It may be possible to flood NetView with traps, but if it is, I have not
been able to do it. I recently had a problem where 80+ NT servers were
sending in 5 authenication failure traps a second simultaneously, and I
did
not even notice it because they were LOG ONLY traps. Other environments
may
be less tolerant of this. These traps also had to pass through a ruleset
correlation. I don't know how much of a problem this would be for most
folks.
-----Original Message-----
From: Linda Parry [mailto:lparry AT MetLife DOT com]
Sent: Thursday, November 01, 2001 12:13 PM
To: IBM NetView Discussion
Subject: RE: [NV-L] Can you send traps based on syslog messages from
local NetVew/AIX box?
With certain devices you can restrict which syslog messages are actually
sent so you do not get an over abundance of typical error messages. Check
the device documentation. Last thing you want to do is flood netview with
too many unneccessary syslog "traps".
"Barr, Scott" <Scott_Barr AT csgsystems DOT com>@tkg.com on 11/01/2001 12:32:34
PM
Please respond to "IBM NetView Discussion" <nv-l AT tkg DOT com>
Sent by: owner-nv-l AT tkg DOT com
To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
cc:
Subject: RE: [NV-L] Can you send traps based on syslog messages from
local
NetVew/AIX box?
TRAPGEND is a utility I believe shipped with AIX NetView that will send
traps - HOWEVER, if you are using Cisco gear, SYSLOG traps are already
sent
to the Netview Box, there is no need to scrape them out of the log. You
need
the Cisco Log mib and traps. Check your snmp config and see if SYSLOG
traps
are enabled. In general, there is NO log message cut that does not also
equate to a trap. Your work is probably already done.
-----Original Message-----
From: Steve Damron [mailto:swdamron AT us.ibm DOT com]
Sent: Thursday, November 01, 2001 11:19 AM
To: nv-l AT tkg DOT com
Subject: [NV-L] Can you send traps based on syslog messages from local
NetVew/AIX box?
Is it possible to generate traps based on AIX syslog messages. I have a
Ciscoworks box as well as switches sending syslog messages to the NetView
box (AIX 4.3.3, NV 6.02). NetView's AIX syslog filters out critical
syslog
messages to a special log. The reason we are doing this, is because
syslog
provides more information than is available by just generating traps from
the switches (like coil errors). I also don't want Ciscoworks to generate
traps based on it's syslog because this would be a ton of junk traps which
I don't want hitting NetView.
My only idea so far is to write a script to search the syslog log on the
NetView box, but I was hoping there is a better cleaner way to do this. I
have read about trapgend and smux and have the impression that this is
only
for AIX errors and does not apply to just any syslog message - if not I'm
not sure how to add this functionality to trapgend??.
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
It is possible to flood NetView with traps, but that's not an easy number to arrive at since it depends on so many things.
The issue is not the peak, but how long it is for, and what application queue buffer size you are using in trapd, and so on.
Unsolicited traps from other network devices are usually the culprit when it does happen, so it is best to keep and eye on things and only send those which you really intend to do something about. Besides, that is good advice if only because needless traps chew up bandwidth real users need. I have seen people do studies and be stunned that they have taken as much as 30% of their available bandwidth to send traps nobody wanted.
But with regard to trapgend, he has a throttle built-in. By default he will only send the same trap once per minute. You can alter this value if you need to, but that's one safeguard NetView has to prevent overloading.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
| "Barr, Scott" <Scott_Barr AT csgsystems DOT com>
Sent by: owner-nv-l AT tkg DOT com
11/01/2001 01:23 PM
Please respond to IBM NetView Discussion
|
To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
cc:
Subject: RE: [NV-L] Can you send traps based on syslog messages from local NetVew/AIX box?
|
It may be possible to flood NetView with traps, but if it is, I have not
been able to do it. I recently had a problem where 80+ NT servers were
sending in 5 authenication failure traps a second simultaneously, and I did
not even notice it because they were LOG ONLY traps. Other environments may
be less tolerant of this. These traps also had to pass through a ruleset
correlation. I don't know how much of a problem this would be for most
folks.
-----Original Message-----
From: Linda Parry [mailto:lparry AT MetLife DOT com]
Sent: Thursday, November 01, 2001 12:13 PM
To: IBM NetView Discussion
Subject: RE: [NV-L] Can you send traps based on syslog messages from
local NetVew/AIX box?
With certain devices you can restrict which syslog messages are actually
sent so you do not get an over abundance of typical error messages. Check
the device documentation. Last thing you want to do is flood netview with
too many unneccessary syslog "traps".
"Barr, Scott" <Scott_Barr AT csgsystems DOT com>@tkg.com on 11/01/2001 12:32:34 PM
Please respond to "IBM NetView Discussion" <nv-l AT tkg DOT com>
Sent by: owner-nv-l AT tkg DOT com
To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
cc:
Subject: RE: [NV-L] Can you send traps based on syslog messages from local
NetVew/AIX box?
TRAPGEND is a utility I believe shipped with AIX NetView that will send
traps - HOWEVER, if you are using Cisco gear, SYSLOG traps are already sent
to the Netview Box, there is no need to scrape them out of the log. You
need
the Cisco Log mib and traps. Check your snmp config and see if SYSLOG traps
are enabled. In general, there is NO log message cut that does not also
equate to a trap. Your work is probably already done.
-----Original Message-----
From: Steve Damron [mailto:swdamron AT us.ibm DOT com]
Sent: Thursday, November 01, 2001 11:19 AM
To: nv-l AT tkg DOT com
Subject: [NV-L] Can you send traps based on syslog messages from local
NetVew/AIX box?
Is it possible to generate traps based on AIX syslog messages. I have a
Ciscoworks box as well as switches sending syslog messages to the NetView
box (AIX 4.3.3, NV 6.02). NetView's AIX syslog filters out critical syslog
messages to a special log. The reason we are doing this, is because syslog
provides more information than is available by just generating traps from
the switches (like coil errors). I also don't want Ciscoworks to generate
traps based on it's syslog because this would be a ton of junk traps which
I don't want hitting NetView.
My only idea so far is to write a script to search the syslog log on the
NetView box, but I was hoping there is a better cleaner way to do this. I
have read about trapgend and smux and have the impression that this is only
for AIX errors and does not apply to just any syslog message - if not I'm
not sure how to add this functionality to trapgend??.
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
|