nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [nv-l] NetView, Firewalls and netSNMP

2004-09-17 05:29:45
Subject: Re: [nv-l] NetView, Firewalls and netSNMP
From: lucian.vanghele AT bisnet DOT ro
To: nv-l AT lists.us.ibm DOT com
Date: Fri, 17 Sep 2004 12:09:30 +0300

hi there!

be sure that in netmon.seed the firewall is SNMP managed only. also you have to be sure that the other two addresses are not polled

hope this help

Sincerely Yours / al Dvs.
Lucian Vanghele,


"Vidal, Chaz" <chaz.vidal AT eds DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com

09/17/2004 15:44 ZE10

Please respond to nv-l AT lists.us.ibm DOT com

To

"'nv-l AT lists.us.ibm DOT com'" <nv-l AT lists.us.ibm DOT com>

cc

bcc

Subject
[nv-l] NetView, Firewalls and netSNMP


NetView 7.1.3 with Fixpack 3 on Solaris 8 system.

I am trying to monitor a firewall for status.  The firewall is a gauntlet
firewall-1 running on a solaris box using netSNMP 5.1.1 as its agent.

SNMP has been opened between NetView and the firewall and snmpwalk runs
correctly.  The firewall has 3 interfaces only 1 of which is accessible from
the NetView system.

I place the firewall as unmanaged and then I manage it. The following shows
up in the trapd.log file:

1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Node
managed.
1095384180 4  Fri Sep 17 11:23:00 2004 firewall_name           N SNMP
Address Changed to "10.10.10.142"
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
qfe1 managed.
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
eri0 managed.
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
qfe0 managed.
1095384188 4  Fri Sep 17 11:23:08 2004 firewall_name           N SNMP
Address Changed to "192.168.96.172"
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
eri0 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
qfe1 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
qfe0 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Router
Down.

I have already set the flag in netmon.conf to ignore the SNMP address coming
from the firewall. The 10.10 address is the one reachable by netview. The
firewall has (2) 192.168 addresses that is not reachable at all. What
happens is that everytime I manage the router, it automatically becomes down
in NetView even though I can reach it via SNMP.

Also, a funny thing is that in the next poll cycle, NetView will see that
the firewall is up and will then proceed to  bring the whole router up.
Then the next poll cycle happens and I think NetView then detects that the
10.10 interface is down again and will mark the whole router as so.

I am reasonably certain that the problem lies in the SNMP agent as I am
monitoring several firewalls this way and most of them work.

I am hesitant to forward this to Tivoli support as it might be an SNMP agent
problem and NetView is only working as expected.

Take note that I do not manage the firewalls directly and their is another
firewall team responsible for them.

Any ideas would be much appreciated.

cheers,
Chaz Vidal
EDS Australia
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [nv-l] NetView, Firewalls and netSNMP, Vidal, Chaz
Next by Date:  RE: [nv-l] nvtecia still hanging or falling behind processing TEC_ITS.rs, Van Order, Drew (US - Hermitage)
Previous by Thread:  [nv-l] NetView, Firewalls and netSNMP, Vidal, Chaz
Next by Thread:  Re: [nv-l] NetView, Firewalls and netSNMP, Mark Sklenarik
Indexes:  [Date] [Thread] [Top] [All Lists]