Hi James, im able to see the var5 content in the event browser details and in
the trapd.log. But im think better use another way to capture this event. As
you say is very difficult to customize the things on the Windows version than
Unix, so i will use the tec adapter to read windows event log for that.
If you want i can send you some print screens and trapd.log for you.
Thanks,
Demis
----- Original Message -----
From: James Shanks
To: nv-l AT lists.us.ibm DOT com
Sent: Wednesday, December 29, 2004 6:52 PM
Subject: Re: [nv-l] Formatting trap message
I am still rather confused. You are using NetView for Windows? That makes
this issue more difficult since the Event Browser there is not as customizable
as the one on UNIX.
How are you able to see "the content of var 5"? Does this stuff below appear
in the trapd.log or in the Event Details panel from the Event Browser or what?
Computer: DERATSPO044C
Date: 29/12/2004
Time: 16:26:41
Severity: Critical
Source: Norton AntiVirus Corporate Edition
Virus: Trojan.ByteVerify
Actual Action: Leave Alone
If you see only "Alert:Virus Found" in the main browser window, but the rest
of the variable text in the trapd.log or Event Details, then my suspicion is
that Norton has imbedded newline characters within the trap variable itself, to
create this tabular format, and that is the source of this formatting issue.
The NetView for Windows Event Browser will only display a limited amount of the
event description in the main browser window, and once a newline character is
reached, that would be the end of it. You'd be forced to use Event Details to
see it from the browser.
Alternatively you could follow Don's advice and generate a new trap of your
own, but as this is Windows, it would not be put in ESE.automation. You'd have
it activated in nvcord as part of his start-up, like other NetView for Windows
rulesets. That too is more difficult on Windows than on UNIX, since you don't
have a graphical editor to build a custom ruleset with. You may find that the
effort involved is too high to make this worthwhile.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Demis Gonçalves <demisgc AT ig.com DOT br>
Demis Gonçalves <demisgc AT ig.com DOT br>
Sent by: owner-nv-l AT lists.us.ibm DOT com
12/29/2004 02:35 PM Please respond to
nv-l
To
<nv-l AT lists.us.ibm DOT com>
cc
Subject
Re: [nv-l] Formatting trap message
Thanks James, you explained exactly what i wanted to know. My system run on
Windows. I would like to use the description of the varbind 5 to format a
message description, but now i know that it´s impossible. If i use the $5 to
format the message it only display to me Alert: Virus Found and dont show the
content of var5. I´ll try other things to capture this message!
Once more thanks!
Demis
----- Original Message -----
From: James Shanks
To: nv-l AT lists.us.ibm DOT com
Sent: Wednesday, December 29, 2004 5:12 PM
Subject: Re: [nv-l] Formatting trap message
I don't quite see you problem, so perhaps you should explain what you are
trying to ultimately do, and whether this is on Windows or UNIX.
Is what you put in bold actually part of the trap as shown in trapd.log?
If so, then varbind 5 contains all that information, so simply formatting the
message as $5 should display it as that same string.
But there is no way to get trapd to do more with it the variable than just
that. The data type is "octet string" and that's all that trapd will do with
it, display the string. There is no mechanism to substring the varbind and
display just part of it in the log or the events window.
Of course, if what you ultimately want to do is send parts of the staring in
an pager alert, or e-mail message, then you would be using a ruleset or command
for automatic action, and those offer the possibility of extracting the
sub-elements of the string for further processing.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group
Demis Gonçalves <demisgc AT ig.com DOT br>
Demis Gonçalves <demisgc AT ig.com DOT br>
Sent by: owner-nv-l AT lists.us.ibm DOT com
12/29/2004 01:44 PM
Please respond to
nv-l
To
"NV" <nv-l AT lists.us.ibm DOT com>
cc
Subject
[nv-l] Formating trap message
Hi people, i have a Norton Server sending traps to my Netview server. I´m
trying to format the trap message but i have found some limitations! The
information that i need to format my message is the bold in the trap below, but
on netview i only can format the traps 1 - 7. How do i do to use the
information inside de trap 5?
[1] private.enterprises.343.2.5.1.1.12.0 (OctetString): SRRF08SRV09
[2] private.enterprises.343.2.5.1.1.8.0 (Integer): 1104344801
[3] private.enterprises.343.2.5.1.1.9.0 (Integer): 0
[4] private.enterprises.343.2.5.1.1.10.0 (OctetString): Intel Alert
Management System II
[5] private.enterprises.343.2.5.1.1.11.0 (OctetString): Alert: Virus Found
Computer: DERATSPO044C
Date: 29/12/2004
Time: 16:26:41
Severity: Critical
Source: Norton AntiVirus Corporate Edition
Virus: Trojan.ByteVerify
Actual Action: Leave Alone
[6] private.enterprises.343.2.5.1.1.7.0 (Integer): 16
[7] private.enterprises.343.2.5.1.1.13.0 (Integer): 0
TIA,
===========================
Demis Gonçalves
Sr. Support Analyst
NetControl Network Management
São Paulo - Brazil
Mobile: 55 11 9904-9684
===========================
|