RE: [nv-l] FW: event correlation in NetView (7.1.3)
2004-06-14 23:33:51
James is being modest. Some of the best
documentation of Netview ruleset capabilities is in the archives of this
listserver under his byline. A lot of event correlation has been done over
the years using Netview rulesets. Most of what people have asked
for help with, however, is basic down/up correlation, filtering for notification
purposes, etc. Any intelligence as to the importance of events must be
supplied by the customer. You look at what is flowing through the events
display and you decide what to do about it.
Netview can look ahead a bit, that is,
it can wait for a clearing event before continuing with actions on an event.
But it cannot look backwards, unless you write something down for checking
in the future. The TEC's engine is good at looking backwards for causal
events.
For determining cause and effect relationships
between Down events, the Router Fault Isolator component of Netview does
a pretty good job from a layer 3 standpoint by simply suppressing the events
about downstream nodes so they don't have to be correlated. For cause and
effect of Down events from a layer 2 standpoint, the add-on product Switch
Analyzer is what is provided.
And when I say Down events, I mean netmon's
polling status results. Not traps from devices. So it applies to devices
of all types.
For vendor traps, you can use Netview
rulesets to filter and to take actions, but you would have to provide the
intelligence. Many customers do this without any Ciscoworks or TEC
at all. If you already have DFM, you might want to use it for your
Cisco devices, but still use Netview for filtering and acting on network
status events in general. If you are considering whether to buy DFM in
addition to Netview, you will need to do a little more cost/benefit analysis.
I know some of you out there are using
DFM. Chime in...
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit
"Freeman, Michael"
<mfreeman AT wamnetgov DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
06/14/2004 12:17 PM
|
To
| <nv-l AT lists.us.ibm DOT com>
|
cc
|
|
Subject
| RE: [nv-l] FW: event correlation
in NetView (7.1.3) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks I'll take a look at that. Anyone else have any feedback?
- -----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com
[mailto:owner-nv-l AT lists.us.ibm DOT com]On Behalf Of James Shanks
Sent: Monday, June 14, 2004 11:02 AM
To: nv-l AT lists.us.ibm DOT com
Subject: Re: [nv-l] FW: event correlation in NetView (7.1.3)
Other than the NetView for UNIX Admin guide that ships with the
product, the closest thing I can think of to another text which
describes ruleset and how they work is an old IBM redbook, Examples
Using NetView for AIX Version 4, SG24-4515-00, because it was in
Version 4 that the ruleset correlation was introduced. I 'm not
aware of other documents on it capabilities.
I'm also not aware of what you are trying to do with it, since I
don't have Ciscoworks DFM. My advice to new users is to start up
the
ruleset editor, nvrsEdit, and look at the template functions to see
what kind of things you can do out of the box. Of course, with the
in-line action capability you can write little scripts to check all
kinds of things when events arrive, as long as you are careful of the
performance issues involved.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
PS: what is this encrypted file you are attaching to your notes?
This is basically a text-only forum
"Freeman, Michael"
Sent by: owner-nv-l AT lists.us.ibm DOT com
06/14/2004 11:28 AM
Please respond to
nv-l
To
cc
Subject
[nv-l] FW: event correlation in NetView (7.1.3)
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Does anyone have any information or links on the event correlation
engine in NetView? I am wondering how sophisticated and capable it is
and how to leverage it. I am wondering if I can use NetView to do
some of the things CiscoWorks DFM does.[Michael J. Freeman] Also
we
are trying to do event correlation without using T/EC.
Thanks in advance,
Michael J. Freeman
- -----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBQM3EAE97gXAQ+ZtQEQLjAQCcDOHqn8szQcT8S2ZgAbsMBjIF3p8AniQM
ltOsKcXE6YHWaKGATe1OsWtu
=tfeg
- -----END PGP SIGNATURE-----
[attachment "PGPexch.htm.asc" deleted by James Shanks/Raleigh/IBM]
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBQM3Pl097gXAQ+ZtQEQK1/wCeKpX/BxrC11SVC0XU6BtJ0dEE/V0AoK0N
8U20LW5Xy4FoXGgZe0+v0rvQ
=KhGR
-----END PGP SIGNATURE-----
PGPexch.htm.asc
Description: Binary data
|
|
|