nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [NV-L] Override Severity in Tivoli Enterprise Console

2007-08-21 14:13:15
Subject: Re: [NV-L] Override Severity in Tivoli Enterprise Console
From: "Jon Austin" <austinj AT email.chop DOT edu>
To: <nv-l AT lists.ca.ibm DOT com>
Date: Tue, 21 Aug 2007 13:10:52 -0400 
There's a viable solution here for the netscout folks......
 
You can define that VALUE matching for the varbind
containing the severity, and then use that to map in the TEC severity
enumeration. 
I'm pretty sure you can reuse the same TEC Class on multiple
Select-Fetch-Map
groups, as long as your combination of SELECT/VALUE conditions is
unique. 

So you create 3 copies of the S-F-M group. 
On each one set up a VALUE qualifier to catch severity 1, 2 or 3, 
Explicitly set the MAP value for the severity slot 
   (mapping to TEC's severities of FATAL, CRITICAL, MINOR, 
    WARNING, UNKNOWN, or HARMLESS). 

This way you still have a single TEC Class, but you 
have the severity of the TEC event aligned with the severity
varbind from netscout.



Jon Austin
Tivoli/Unix Administrator
Information Systems
Children's Hospital of Philadelphia


>>> mds AT helices DOT org 8/21/2007 11:02 AM >>>
* "Gupta, Narendra" <guptan AT netscout DOT com> [2007:08:20:10:03:21-0400]
scribed:
> Hi,
> 
> We have our network application that forwards the SNMP alarms to
TEC.
> One of the varbind contains the severity(1 or 2 or 3 etc).  How we
can
> map that severity to TEC severities in CDS files. Please advice.
> 
> Thanks,
> 
> Narendra Gupta

Following is one (1) example (from tecad_nv6k.cds) that we have been
using for several years.

BEFORE:

CLASS TEC_ITS_FATAL_ERROR
  SELECT
    1: ATTR(=,$ENTERPRISE) , VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" ) ;
    2: $SPECIFIC = 58851330 ;
    3: ATTR(=, "nvObject" ) ;
    4: ATTR(=, "nvEventDescr" ) ;
    5: ATTR(=, "nvApplNbr" ) ;
  FETCH
    1: IPADDR($V3);
  MAP
    origin = $F1 ;
    hostname = $V3 ;
    msg = $V4 ;
    category = $V5 ;
    nvhostname = $ADAPTER_IP ; # Required for ALL TEC_ITS events
END


AFTER:

CLASS TEC_ITS_FATAL_ERROR
    SELECT
        1: ATTR(=,$ENTERPRISE), VALUE(PREFIX, "1.3.6.1.4.1.2.6.3" );
        2: $SPECIFIC = 58851330;
        3: ATTR(=, "nvObject" );
        4: ATTR(=, "nvEventDescr" );
        5: ATTR(=, "nvApplNbr" );
    FETCH
        1: IPADDR($V3);
    MAP
        category    = $V5;
        hostname    = $V3;
        msg         = $V4;
        nvhostname  = $ADAPTER_IP;
        origin      = $F1;
        severity    = CRITICAL;
END


What do you think?

-- 
Best Regards,

mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--

_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [NV-L] ESE.automation and event forwarding, James Shanks
Next by Date:  RE: [NV-L] ESE.automation and event forwarding, Blane.Robertson
Previous by Thread:  Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif
Next by Thread:  Re: [NV-L] Override Severity in Tivoli Enterprise Console, Michael D Schleif
Indexes:  [Date] [Thread] [Top] [All Lists]