RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9
2004-01-15 09:54:51
Hi
Leslie/all,
This
is why we stayed with TFNC well after it was not supported by Tivoli. Install,
tweak 3 files, turn it on, let it run. My gut feeling is this 'out of the box'
solution is anything but. I appreciate your comments, and will open a PMR to see
how support addresses this. I figured there would be plenty of NV customers
using this because root cause correlation is a hot button for any NOC out there.
Drew
It appears to me
that my overrides in trapd.conf using the 'severity' pulldown no longer
affect severity. There is some logic built in to the new ruleset on TEC that
deliberately adjusts severity for reasons that are not yet clear to me. We all
need to read that ruleset carefully. It has a lot of documentation in it. I
suspect that the severity of mere 'interface down' events is low in the grand
scheme of things. That scheme would accomodate escalation over time, and
correlation with events from other sources, for instance. Someone will correct
me if I am wrong, but it appears to me that you would need to adjust severity
either in the tec slot mappings in trapd.conf, or in the TEC ruleset itself.
I'm not planning to do that until I understand it better.
If you want a default trapd.conf file, there is one on
the installed system under /usr/OV/newconfig something or other.
I would try using the default
trapd.conf and the default netview ruleset, and the default tec ruleset for a
little bit and look for the pattern. I've seen it work fine at one site, but
that was only for a couple of days.
Cordially,
Leslie A.
Clark IBM Global Services - Systems Mgmt &
Networking Detroit
| "Van Order, Drew \(US - Hermitage\)"
<dvanorder AT deloitte DOT com> Sent by: owner-nv-l AT lists.us.ibm DOT com
01/14/2004 08:09 PM Please respond to nv-l
| To:
<nv-l AT lists.us.ibm DOT com> cc:
Subject: [nv-l] Has anyone
implemented the full TEC integration (correlation rules) NV 7.1.4 and
TEC 3.9
|
If
there is a single document, can someone point me to it? I've found pieces and
parts in the different manuals, but it's not working out of box (as advertised
by our sales team):
- Netview.baroc and netview.rls in rulebase
- Netview6000 traps in NV ruleset TEC adapter
uses
- Netview6000 traps have TEC_ITS event classes
mapped in xnmtrap
Events reach TEC, but severities do not make
sense, and I'm sure this means any change rules in the ruleset will not
execute. For example, TEC_ITS_INTERFACE_STATUS is HARMLESS at TEC, yet
message is interface xxx is down. However, I have a SEGMENT_STATUS and
NETWORK_STATUS event as WARNING in TEC, but the message indicates they are
up. The netview6000 traps are set from previous versions where TEC classes
were OV_. I directly edited TEC classes for each trap in xnmtrap, but I
think this issue pertains to TEC slots that are not being passed in the trap
or matching what the TEC rule expects.
We are trying to replace TFNC, which has been
worth every penny. Do I need to feed the netview6000 MIB through mib2trap
again--and will this populate xnmtrap properly? What's the name of the
mibfile that contains the netview6000 OID?
Sorry for all the questions--since this
integration crosses NV and TEC boundaries, I'm not sure if a PMR will get me
anywhere. I think I'm getting close, but there has to be an easier
way.
Thanks--Drew
Drew Van Order ESM
Architect (615) 882-7836 Office (888) 530-1012 Pager
This message (including any
attachments) contains confidential information intended for a specific
individual and purpose, and is protected by law. If you are not the intended
recipient, you should delete this message. Any disclosure, copying, or
distribution of this message, or the taking of any action based on it, is
strictly prohibited.
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Van Order, Drew (US - Hermitage)
- Re: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Leslie Clark
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9,
Van Order, Drew (US - Hermitage) <=
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Van Order, Drew (US - Hermitage)
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, James Shanks
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Van Order, Drew (US - Hermitage)
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, James Shanks
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Van Order, Drew (US - Hermitage)
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, James Shanks
- RE: [nv-l] Has anyone implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9, Van Order, Drew (US - Hermitage)
|
|
|