Cisco Systems 3.6 specifications Correlation of Syslogs and Traps

Page 28

Chapter 4 Advanced Correlation Scenarios

IP Interface Failure Scenarios

 

Table 4-1

IP Interface Status Down Alarm

 

 

 

 

 

 

 

 

 

Name

Description

 

Ticketable

Correlation allowed

Correlated to

Severity

 

 

 

 

 

 

Interface

Sent when an IP interface

Yes

Yes

Link Down/Device

Major

status

changes oper status to “down”

 

 

unreachable/Configuration

 

down/up

 

 

 

 

changed

 

 

 

 

 

 

 

 

The alarm’s description includes the full name of the IP interface, for example Serial0.2 (including the identifier for the subinterface if it is a subinterface) and the source of the alarm source points to the IP interface (and not to Layer1).

All syslogs and traps indicating changes in subinterfaces (above which an IP is configured) correlate to the “ip interface status down” alarm (if this alarm was supposed to be issued). The source of these events is the IP interface. Syslogs and traps that indicate problems in Layer1 (that do not have a subinterface qualifier in their description) are sourced to Layer1.

Note In case a syslog or trap is received from a subinterface that does not have an IP configured above it, the source of the created alarm is the underlying Layer 1.

For example:

Line-down trap (for subinterface).

Line-down syslogs (for subinterface). For events that occur on subinterfaces:

When sending the information northbound, the system uses the full subinterface name in the interface name in the source field, as described in the ifDesc/ifName OID (for example Serial0/0.1 and not Serial0/0 DLCI 50).

The source of the alarm is the IP interface configured above the subinterface.

If there is no IP configured, the source is the underlying Layer 1.

In case the main interface goes down, all related subinterfaces’ traps and syslogs are correlated as child tickets to the main interface parent ticket.

The following technologies are supported:

Frame Relay/HSSI

ATM

Ethernet, Fast Ethernet, Gigabit Ethernet

POS

CHOC

Correlation of Syslogs and Traps

When receiving a trap or syslog for the subinterface level, immediate polling of the status of the relevant IP interface occurs and a polled parent event (for example, ip interface status down) is created. The trap or syslog is correlated to this alarm.

Cisco Active Network Abstraction Fault Management User Guide, Version 3.6 Service Pack 1

4-4

OL-14284-01

 

 

Page 27 Page 29
Image 28
Page 27 Page 29
Contents Americas Headquarters Page N T E N T S Multi Route Correlation Cloud VNE Alarm Sending Event Correlator About This Guide ViiViii Fault Management Overview Managing EventsAlarm Basic Concepts and TermsEvent Event SequenceRepeating Event Sequence Flapping EventsCorrelation By Root Cause TicketSeverity Propagation Sequence Association and Root Cause AnalysisEvent Processing Overview OL-14284-01 Fault Detection and Isolation Unreachable Network ElementsVNE Alarm Integrity Sources of Alarms On a DeviceIntegrity Service Fault Detection and Isolation Integrity Service Event Suppression Cisco ANA Event Correlation and SuppressionRoot-Cause Correlation Process Cisco ANARoot-Cause Alarms Correlation FlowsCorrelation by Key Correlation by FlowDC Model Correlation Cache Using WeightsCorrelating TCA Advanced Correlation Scenarios Device Unreachable Alarm Connectivity Test Device Fault Identification Device Unreachable ExampleIP Interface Status Down Alarm IP Interface Failure ScenariosCorrelation of Syslogs and Traps All IP Interfaces Down Alarm IP Interface Failure ExamplesInterface Example 10.200.1.2 General Interface Example ATM Examples Ethernet, Fast Ethernet, Giga Ethernet ExamplesInterface Registry Parameters Ip interface status down ParametersMulti Route Correlation Multi Route Correlation Example11 Multi Route Correlation Example GRE Tunnel Down/Up Alarm Generic Routing Encapsulation GRE Tunnel Down/UpGRE Tunnel Down Correlation Example 14 GRE Tunnel Down Example 1 Single GRE Tunnel15 GRE Tunnel Down Example 2 Multiple GRE Tunnels 16 Alarms Correlation to GRE Tunnel Down Ticket Mpls Interface Removed Alarm BGP Process Down AlarmLDP Neighbor Down Alarm OL-14284-01 Cloud VNE Correlation Over Unmanaged SegmentsTypes of Unmanaged Networks Supported Supported When Logical Inventory Physical Inventory Cloud Problem Alarm Cloud Correlation ExampleOL-14284-01 Event and Alarm Configuration Parameters Alarm Type DefinitionRoot Cause Configuration Parameters Event Sub-Type Configuration ParametersGeneral Event Parameters Correlation Configuration Parameters Network Correlation ParametersSystem Correlation Configuration Parameters Flapping Event Definitions ParametersImpact Analysis Impact Analysis OptionsImpact Report Structure Affected SeveritiesImpact Analysis GUI Affected Parties TabViewing a Detailed Report For the Affected Pair Detailed Report For the Affected Pair Disabling Impact Analysis Accumulating Affected PartiesAccumulating the Affected Parties In the Correlation Tree Accumulating the Affected Parties In an AlarmUpdating Affected Severity Over Time OL-14284-01 Supported Service Alarms BGP process up Shut down on a deviceAll ip interfaces Sent when all IP interfaces True Warnin Shelf Out Tx Dormant Rx DormantLink Over Utilized OL-14284-01 Event and Alarm Correlation Flow Software Function Architecture Figure B-1 Event Correlation Flow VNE levelEvent Creation VNE level Event Correlation FlowEvent Correlation Correlation Logic Event Correlator Alarm Sending Event CorrelatorPost-Correlation Rule Event Correlator
Related manuals
Manual 4 pages 36.46 Kb
Top Page Image Contents