nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[nv-l] Re: [tme10] [EC] State C0rrelation Engine duplicate rule doesn't suppress duplicates

2005-06-06 14:52:01
Subject: [nv-l] Re: [tme10] [EC] State C0rrelation Engine duplicate rule doesn't suppress duplicates
From: Jane Curry <jane.curry AT skills-1st.co DOT uk>
To: tme10 AT lists.us.ibm DOT com, NetView mailing list <nv-l AT lists.us.ibm DOT com>
Date: Mon, 06 Jun 2005 19:50:56 +0100
I have finally got around to doing more testing with this. I have tried coding nvsbcrule.xml with both a duplicate and with a collector rule. The only difference seems to be that the repeat count for a duplicate rule is zero (which is reasonable - it is defined as suppressing duplicates). A collector rule you also get an event with the msg slot set to "Authentication Trap Summary" but the repeat count of this event is however many occurred in the interval. However, I am still seeing all the individual events AS WELL.
I had also been doing testing on SCE in a TEC gateway so I simply cut-and-paste my rule from nvsbcrule.xml and paste it into my TEC Gateway tecroot.xml. I generated wpostemsg events, filling all the TEC_ITS_BASE events attributes as they are filled by NetView (simply by getting them from a wtdumprl). The SCE in the gateway did the same with repeat counts as described above for duplicate and collector rules BUT I did NOT get the original events.
This says to me that the SCE in nvserverd is not implementing duplicate and collector rules correctly by suppressing events. Not tested in tecad_nv6k yet..... 

Any other thoughts or inputs before I try raising a PMR?

Cheers,
Jane

Jane Curry wrote:
I have TEC 3.9 FP2 and NetView 7.1.4 FP3 on a SuSE 9.1 Professional system. I have added 1 extra state correlation engine ( SCE ) rule to the provided nvsbrule.xml rules file that comes with NetView: 
<rule id="netview.dupAuthRemove">
   <eventType>TEC_ITS_BASE</eventType>
   <duplicate timeInterval="60000">
   <cloneable attributeSet="hostname"/>
     <predicate>
       <![CDATA[
        &nv_generic == "4"
       ]]>
     </predicate>
   </duplicate>
   <triggerActions>
       <action function="TECSummary" singleInstance="false">
         <parameters>
            SET:msg="Authentication Trap Summary"
         </parameters>
       </action>
   </triggerActions>
 </rule>
I am generating 8 traps that match this and I am seeing an event with the message "Authentication Trap Summary" so the rule is obviously firing but I am ALSO seeing all the individual events too. They all come from the same hostname inside 60 seconds. The summary event has a repeat count of 0.
I have tracing and logging turned on for the state correlation but can't see anything helpful in there.
Anyone else seen this or can see what I have done wrong? I just have a vague idea I had heard of a bug with the duplicate SCE rule - mebbe on Linux??? 

Cheers,
Jane



--
Tivoli Certified Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2005 Jane Curry <jane.curry AT skills-1st.co DOT uk>.  All rights 
reserved.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [nv-l] ? about new trapd.conf for Unix w/ FP3 for Unix, James Shanks
Next by Date:  [nv-l] interfaces info in the Database table interfacesclass, Meyos Yemveng
Previous by Thread:  [nv-l] ? about new trapd.conf for Unix w/ FP3 for Unix, Glen Warn
Next by Thread:  Re: [nv-l] Re: [tme10] [EC] State C0rrelation Engine duplicate rule doesn't suppress duplicates, James Shanks
Indexes:  [Date] [Thread] [Top] [All Lists]