Drew,
Please
don't hesistate to open a PMR on this. Looking back I think we did
miss the boat a bit in providing more information on the transition from
tecad_nv6k to TEC_ITS. I'm sure this is being a pain for others also
and its defintiely something we want to improve.
thanks,
Chris Haynes
haynesch AT us.ibm DOT com
Tivoli Quality Assurance Manager
(919) 224-1217
| Leslie Clark/Southfield/IBM@IBMUS
Sent by: owner-nv-l AT lists.us.ibm DOT com
01/15/2004 02:35 AM
Please respond to nv-l
|
To:
nv-l AT lists.us.ibm DOT com
cc:
Subject:
Re: [nv-l] Has anyone implemented the
full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9 |
It appears to me that my overrides in trapd.conf using the 'severity'
pulldown no longer affect severity. There is some logic built in to the
new ruleset on TEC that deliberately adjusts severity for reasons that
are not yet clear to me. We all need to read that ruleset carefully. It
has a lot of documentation in it. I suspect that the severity of mere 'interface
down' events is low in the grand scheme of things. That scheme would accomodate
escalation over time, and correlation with events from other sources, for
instance. Someone will correct me if I am wrong, but it appears to me that
you would need to adjust severity either in the tec slot mappings in trapd.conf,
or in the TEC ruleset itself. I'm not planning to do that until I understand
it better.
If you want a default trapd.conf file, there is one on the installed system
under /usr/OV/newconfig something or other.
I would try using the default trapd.conf and the default netview ruleset,
and the default tec ruleset for a little bit and look for the pattern.
I've seen it work fine at one site, but that was only for a couple of days.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit
| "Van Order, Drew \(US
- Hermitage\)" <dvanorder AT deloitte DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
01/14/2004 08:09 PM
Please respond to nv-l
|
To: <nv-l AT lists.us.ibm DOT com>
cc:
Subject: [nv-l]
Has anyone implemented the full TEC integration (correlation rules) NV
7.1.4 and TEC 3.9 |
If there is a single document, can someone point me to it? I've found pieces
and parts in the different manuals, but it's not working out of box (as
advertised by our sales team):
- Netview.baroc and netview.rls in rulebase
- Netview6000 traps in NV ruleset TEC adapter
uses
- Netview6000 traps have TEC_ITS event classes
mapped in xnmtrap
Events
reach TEC, but severities do not make sense, and I'm sure this means any
change rules in the ruleset will not execute. For example, TEC_ITS_INTERFACE_STATUS
is HARMLESS at TEC, yet message is interface xxx is down. However, I have
a SEGMENT_STATUS and NETWORK_STATUS event as WARNING in TEC, but the message
indicates they are up. The netview6000 traps are set from previous versions
where TEC classes were OV_. I directly edited TEC classes for each trap
in xnmtrap, but I think this issue pertains to TEC slots that are not being
passed in the trap or matching what the TEC rule expects.
We are trying to replace TFNC, which has been
worth every penny. Do I need to feed the netview6000 MIB through mib2trap
again--and will this populate xnmtrap properly? What's the name of the
mibfile that contains the netview6000 OID?
Sorry for all the questions--since this integration
crosses NV and TEC boundaries, I'm not sure if a PMR will get me anywhere.
I think I'm getting close, but there has to be an easier way.
Thanks--Drew
Drew Van Order
ESM Architect
(615) 882-7836 Office
(888) 530-1012 Pager
This message (including any attachments)
contains confidential information intended for a specific individual and
purpose, and is protected by law. If you are not the intended recipient,
you should delete this message. Any disclosure, copying, or distribution
of this message, or the taking of any action based on it, is strictly prohibited.
|