Drew,
Check
out the stuff starting at the bottom of page 110 of teh NetView Administrator's
Guide.
http://publib.boulder.ibm.com/tividd/td/netview/SC32-1246-00/en_US/PDF/duyl2mst.pdf
thanks,
Chris Haynes
haynesch AT us.ibm DOT com
Tivoli Quality Assurance Manager
(919) 224-1217
| "Van Order, Drew \(US - Hermitage\)"
<dvanorder AT deloitte DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
01/15/2004 12:32 PM
Please respond to nv-l
|
To:
<nv-l AT lists.us.ibm DOT com>
cc:
Subject:
RE: [nv-l] Has anyone implemented the
full TEC integration (correlation rules) NV 7.1.4 and TEC 3.9 |
No doubt I overlooked something
between the KB and manuals--where can I find this script? I did a find
for TEC_* and tec_* no file resembling that name. If you can also point
me to where this is documented, I would be grateful. Thanks James--Drew
-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]
On Behalf Of James Shanks
Sent: Thursday, January 15, 2004 11:01 AM
To: nv-l AT lists.us.ibm DOT com
Subject: RE: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
Drew -
I'm stumped about what is confusing to you.
There is no configuration for you to do, other than run the tec_its_upgrade
script and create a new tecint.conf (which happens nicely if you rename
your old one and create a new one from serversetup).
The script changes the configuration of the NetView events in trapd.conf
so that they work with the new TEC rules. It makes TEC_ITS_BASE the
new default event class instead of the old Nvserverd_Event class.
And it removes severity as passed field, because severity will be
set dynamically by the new TEC rules, and they cannot do that correctly
if you are sending your choice of severity instead. The NetView ruleset
is the same one we shipped in NetView 7.1.3 : TEC_ITS.rs. Bring
it up in the NetView ruleset editor and you'll see that it just picks out
specific NetView events and sends them to TEC. If you want additional
events, from Cisco or something, you'll have to add those, but those lie
outside of the new integration.
That's all there is to the NetView side.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
| "Van Order, Drew \(US
- Hermitage\)" <dvanorder AT deloitte DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
01/15/2004 11:24 AM
Please respond to nv-l
|
To: <nv-l AT lists.us.ibm DOT com>
cc:
Subject: RE: [nv-l]
Has anyone implemented the full TEC integration (correlation rules) NV
7.1.4 and TEC 3.9 |
I started on it last night, and it does have some very useful information.
Unfortunately the NV side is where I am struggling the most; namely the
trap configurations and NV forwarding ruleset. Until that is understood
and confirmed configured correctly to match what TEC expects it's tough
to tell how well the TEC rule is working. I just opened a sev 3 PMR; also
offered to help write any documentation that could be considered a guide.
Like most IT folks, I don't have the luxury of focusing on one project
at a time, and really need to slam and jam when solutions are deemed shrink
wrap.
Thanks for looking into this!
-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]
On Behalf Of Christopher Haynes
Sent: Thursday, January 15, 2004 9:57 AM
To: nv-l AT lists.us.ibm DOT com
Subject: Re: [nv-l] Has anyone implemented the full TEC integration
(correlation rules) NV 7.1.4 and TEC 3.9
Drew,
I don't know if you have looked at it yet but you
might want to check out the TEC 3.9 Rule Set Reference
http://publib.boulder.ibm.com/tividd/td/tec/SC32-1282-00/en_US/PDF/ecosmst.pdf
It goes into detail about what all the rulesets do (including netview.rls)
thanks,
Chris Haynes
haynesch AT us.ibm DOT com
Tivoli Quality Assurance Manager
(919) 224-1217
| "Van Order, Drew \(US
- Hermitage\)" <dvanorder AT deloitte DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
01/14/2004 08:09 PM
Please respond to nv-l
|
To: <nv-l AT lists.us.ibm DOT com>
cc:
Subject: [nv-l] Has anyone
implemented the full TEC integration (correlation rules) NV 7.1.4 and TEC
3.9 |
If there is a single document, can someone point me to it? I've found pieces
and parts in the different manuals, but it's not working out of box (as
advertised by our sales team):
- Netview.baroc and netview.rls in rulebase
- Netview6000 traps in NV ruleset TEC adapter
uses
- Netview6000 traps have TEC_ITS event classes
mapped in xnmtrap
Events
reach TEC, but severities do not make sense, and I'm sure this means any
change rules in the ruleset will not execute. For example, TEC_ITS_INTERFACE_STATUS
is HARMLESS at TEC, yet message is interface xxx is down. However, I have
a SEGMENT_STATUS and NETWORK_STATUS event as WARNING in TEC, but the message
indicates they are up. The netview6000 traps are set from previous versions
where TEC classes were OV_. I directly edited TEC classes for each trap
in xnmtrap, but I think this issue pertains to TEC slots that are not being
passed in the trap or matching what the TEC rule expects.
We are trying to replace TFNC, which has been
worth every penny. Do I need to feed the netview6000 MIB through mib2trap
again--and will this populate xnmtrap properly? What's the name of the
mibfile that contains the netview6000 OID?
Sorry for all the questions--since this integration
crosses NV and TEC boundaries, I'm not sure if a PMR will get me anywhere.
I think I'm getting close, but there has to be an easier way.
Thanks--Drew
Drew Van Order
ESM Architect
(615) 882-7836 Office
(888) 530-1012 Pager
This message (including any attachments)
contains confidential information intended for a specific individual and
purpose, and is protected by law. If you are not the intended recipient,
you should delete this message. Any disclosure, copying, or distribution
of this message, or the taking of any action based on it, is strictly prohibited.
This message (including any attachments)
contains confidential information intended for a specific individual and
purpose, and is protected by law. If you are not the intended recipient,
you should delete this message. Any disclosure, copying, or distribution
of this message, or the taking of any action based on it, is strictly prohibited.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and is protected
by law. If you are not the intended recipient, you should delete this message.
Any disclosure, copying, or distribution of this message, or the taking
of any action based on it, is strictly prohibited.
|