Manuals / IBM / Computer Equipment / Network Router

IBM Enterprise Console manual Rules Listing, SNMP Traps Generic Traps, Enterprise-specific Traps

Models: Enterprise Console

1 194

Download 194 pages 8.78 Kb

Page 100

Rules Listing

Event Class				Event Severity

			Port_Type_Changed_CBT	WARNING

			Lock_Status_Changed_CBT	WARNING

			Port_Security_Violation_CBT	WARNING

			Port_Violation_Reset_CBT	WARNING

			Env_Temperature_CBT	WARNING

		Cisco_Trap		WARNING

			Reload_Cisco	WARNING

			TCP_Connection_Close_Cisco	HARMLESS

The tecad_snmp.baroc file contains a complete listing of events including NetWare, Cisco, Cabeltron, and generic traps. Refer to the BAROC file for details.

Rules Listing

There are no default rules for the SNMP adapter.

SNMP Traps

Generic Traps

All SNMP generic traps (Cold_Start, Warm_Start, Link_Down, Link_Up, Authentication_Failure, Egp_Neighbor_Loss) are mapped to distinct event classes.

These generic SNMP event classes can be specialized to incorporate additional information provided by some equipment. For instance, when a Cisco router issues an Authentication_Failure trap, it provides an additional variable in the varbind list that gives the protocol address of the device sending the badly authenticated SNMP request. For Link_Down traps, Cisco routers provide additional information describing which interface is going down and why it is going down. Since the content of the varbind list is not specified in the SNMP standard, it can vary from one equipment to the next. This can impact the way event classes and subclasses are defined.

Enterprise-specific Traps

By definition, enterprise-specific traps vary from one equipment vendor to the next.

Enterprise-specific traps can be handled by supporting Cisco routers enterprise-specific traps, as follows:

0Reload

1tcpConnectionClose

Additionally, enterprise-specific traps can be handled by supporting Cabletron hubs, as follows:

257PortSegmenting

258PortUnsegmenting

259PortLinkUp

260PortLinkDown

88IBM Tivoli Enterprise Console: Adapters Guide

Image 100

IBM Enterprise Console manual Rules Listing, SNMP Traps Generic Traps, Enterprise-specific Traps

Contents

Adapters Guide IBM Tivoli Enterprise ConsoleVersion GC32-0668-01Page Adapters Guide IBM Tivoli Enterprise ConsoleVersion GC32-0668-01First Edition September Contents PrefaceChapter 2. AS/400 Alert Adapter Chapter 1. Understanding Adaptersiv IBM Tivoli Enterprise Console Adapters Guide Appendix C. Class Definition vi IBM Tivoli Enterprise Console Adapters Guide Who Should Read This Guide PrefaceWhat This Guide Contains Publications IBM Tivoli Enterprise Console LibraryPrerequisite Publications Related PublicationsAccessing Publications Online Providing Feedback about PublicationsContacting Customer Support Conventions Used in this GuideOperating System-dependent Variables and Paths boldItalics MonospaceChapter 1. Understanding Adapters Adapter OverviewHow Events Get Sent to the Event Server How Events Get to the Event Server From an EndpointThe TME adapters currently supported for an endpoint are the following How Events Get to the Event Server From a Managed Node Internationalization Support for EventsHow Events Get to the Event Server From a Non-TME Adapter Event Information Event AttributesAttribute Name Stores information describing the rule engines that an event has serverpath listofstringsAdapter Files v datereception v eventhandle v serverhandleCache File Configuration File File LocationFile Format ExampleAdapterErrorFile=path AdapterCdsFile=pathBufEvtMaxSize BufEvtPathFilterCache FilterModegetporttimeoutseconds getporttimeoutusecgetporttotaltimeoutseconds getporttotaltimeoutusecServerLocation ServerPortTestMode Event Filtering1. Set FilterMode to IN Event Buffer Filtering 1. Set FilterMode to INExample BAROC File2. Set BufferEvents to YES Rule File Format FileExample ExampleClass Definition Statement File ExampleError File modulename errorlevel outputfileERROR UTILSInitial Files KERNELSELECT FETCHTroubleshooting Adapters Adapter Startup ErrorsAll Adapters Managed Node AdaptersNon-TME Adapters 22 IBM Tivoli Enterprise Console Adapters GuideChapter 2. AS/400 Alert Adapter Adapter FilesQSYS.LIB/QUSRSYS.LIB/CFGALERT.FILE/ALRCFG.MBR QSYS.LIB/QUSRSYS.LIB/CFGALERT.FILE/ALRCDS.MBR The CDS fileConfiguration File ENDTECADPAdapterCdsFile BufEvtPathSELECT Statement Example FETCH Statement ExampleClass Definition Statement File KeywordsConfiguring the AS/400 Alert Filters Default Alert Filter PERMANENT, TEMPORARY, or IMPENDING PROBLEM $HOSTNAME$ADAPTERHOSTSNANODE $ALERTCDPTStarting the Adapter Integrating with an Existing Alert FilterCRTDTAQ DTAQlibrary/name TYPE*STD MAXLEN592 FORCE*NO SEQ*FIFO Authorization STRTECADPSYNOPSIS DESCRIPTIONStopping the Adapter ENDTECADP ContextComments AuthorizationENDTECADP EVTADPMYCFG OPTION*CNTRLD DELAY60 ExamplesENDTECADP EVTADPALERTADP Events Listing Event Class StructureDefault Event Event ClassEvent Class Default EventSeverity Default Severity Troubleshooting the AS/400 AdapterAlert Type Logging Events in Test Mode TCP/IP ConsiderationsStarting an AS/400 Adapter after an IPL Adding an Autostart Job to QSYSWRKMultiple AS/400 Alert Adapters Changing the AS/400 Startup ProgramQSECOFR Configuration File To create the configuration file, perform the following stepsPOSTEMSG ContextExamples 38 IBM Tivoli Enterprise Console Adapters GuideChapter 3. AS/400 Message Adapter Adapter FilesQSYS.LIB/QUSRSYS.LIB/CFGMSG.FILE/MSGCFG.MBR QSYS.LIB/QUSRSYS.LIB/CFGMSG.FILE/MSGCDS.MBR The CDS fileConfiguration File AdapterCdsFileJobDescription 40 IBM Tivoli Enterprise Console Adapters GuideMAP Statement Example Class Definition Statement FileSELECT Statement Example FETCH Statement Example$ADAPTERHOST $ALERTOPTIONDEFER IMMED$MSGFILENAME $MSGFILELIBRARY$MSGLIBRARYUSED $MSGSEVERITY$SENDPROGRAMNAME $SENDTIME$SENDUSERPROFILE $SUBORIGINStarting the Adapter Flags AuthorizationSTRTECADP CommentsStopping the Adapter Chapter 3. AS/400 Message AdapterAuthorization ENDTECADP EVTADPname *ALL OPTION*CNTRLD *IMMED DELAYsecondsDELAYseconds ENDTECADPExamples ENDTECADP EVTADPMYAPP OPTION*CNTRLD DELAY60ENDTECADP EVTADPSYSOPR Events Listing Event Class Structuresubsource hostnameTroubleshooting the AS/400 Adapter Logging Events in Test ModeTCP/IP Considerations WRKJOB JOBnameAdding an Autostart Job to QSYSWRK Starting an AS/400 Adapter after an IPLChanging the AS/400 Startup Program Using FTP to Execute AS/400 Commands Multiple AS/400 Message QueuesConfiguration File DONE RETURN CHGVAR VAR&CPYR VALUE&CPYR ENDPGM54 IBM Tivoli Enterprise Console Adapters Guide Chapter 4. NetWare Log File Adapter NetWare Log File Adapter Reference InformationError File Adapter FilesPrefiltering NetWare Events Configuration FileSource EventIdFormat File PollIntervalPreFilter PreFilterModeEvents Listing Event Class Structurenwmsgversion nwmsgidalertlocus alertclassThe following NetWare events are defined in the BAROC file 60 IBM Tivoli Enterprise Console Adapters GuideTECADNW4.NLM tecadnw4.nlm FlagsDescription ExamplesTroubleshooting the NetWare Log File Adapter 64 IBM Tivoli Enterprise Console Adapters Guide Chapter 5. OpenView Adapter OpenView DriverReception of OpenView Messages Determining the OpenView NNM VersionIncoming Messages Format Event Correlation With NNMenterprise agent-addrDetermining the OVsnmpEventOpen Filter Value Chapter 5. OpenView AdapterTesting Tools Testing Event Correlation With NNMEvent Correlation Example This trace file is located in $OVLOG/ecs/ecs-instance#/ecsin.evt#Adapter Files OpenView Event Example Class Definition Statement FileHPOVFilter=filter WellBehavedDaemonObject Identifier File Keywords$COMMUNITY $ENTERPRISELRF File Starting and Stopping the AdapterError File name object identifierEvents Listing Event Class Structuresource subsourceDefault Severity Event ClassOpenView Traps SNMP Traps OpenView Traps50462720 Warnings Node MarginalTroubleshooting the OpenView Adapter 50790402Segment Marginal 5079040378 IBM Tivoli Enterprise Console Adapters Guide Chapter 6. OS/2 Adapter Configuration Fileinstall.exe The adapter installation assist executable fileStarting the Adapter Format FileUnmatchLog Stopping the Adapter Events ListingEvent Class Structure source OS2 subsource OS2Troubleshooting the OS/2 Adapter Server Configuration Chapter 7. SNMP AdapterSNMP Driver Reception of SNMP MessagesSNMP Event Example Configuration FileClass Definition Statement File KeywordsError File Object Identifier FileStarting and Stopping the Adapter $AGENTADDRCold Start Warm StartStopping the Adapter Events Listingadapterhost Host on which the adapter runsforwardingagent Proxy agent that forwarded the event to the adapterSNMP Traps Generic Traps Rules ListingEnterprise-specific Traps BAROC File Changes Creating a New SNMP Trap Eventv tecadsnmp.baroc v tecadsnmp.cds v tecadsnmp.oid SYNTAX INTEGER 0..4294967295 ACCESS not-accessible Agent-independent Data90 IBM Tivoli Enterprise Console Adapters Guide Page Class Definition Statement File Changes Troubleshooting the SNMP Adapter Object Identifier File Changesc configurationfile 94 IBM Tivoli Enterprise Console Adapters GuideControlling Event Traffic at the Gateway Chapter 8. IBM Tivoli Enterprise Console GatewaysExample 3. Calculate the value for the EventSendThreshold keyword Worksheets and Calculations Configuration FileUNIX Microsoft Windowstec/gatewaycache@EventServer#tmr-central UNIX /etc/Tivoli/tec/cache@EventServer#regionWindows $DBDIR/cache.dat@EventServer#region on managed nodes $TIVOLIHOME/tec/$ACTYPE.cache@ EventServer#region on endpointsGatewayTMEAckEnabled GatewayQueueSizeGatewaySendInterval MaxGWCacheSizeMegsThe default value is @EventServer Chapter 9. UNIX Log File Adapter Event Server ConfigurationStarting the Adapter Stopping the Adapter Running Multiple UNIX Log File Adaptersinit.tecadlogfile -s start stop AdapterID Configuration File logdefault.rlsAdapter Files tecadlogfile.cfgError File Format FileClass Definition Statement File Events ListingDefault Severity Event ClassEvent Class Default Severity106 IBM Tivoli Enterprise Console Adapters Guide Default Severity Event ClassDefault Rules PrinterPaperOut PrinterTonerLow PrinterOffline PrinterOutputFullPrinterPaperJam PrinterDoorOpen PrinterPaperOut PrinterTonerLow PrinterOffline PrinterOutputFullRepeatedLoginFailure RepeatedLoginFailureFrom RootLoginSuccessFrom Troubleshooting the UNIX Log File AdapterLogfileAmd LogfileCron LogfileOserv LogfileDateSet 110 IBM Tivoli Enterprise Console Adapters Guide Chapter 10. Windows Event Log Adapter Adapter Filestecinstlwin.cmd tecadwins.exeConfiguration File DEFAULTtecadwin.baroc HostnameIsAdapterHostNumEventsToCatchUp PreFilterLog=lognameEventId=value EventType=valueSource=valueSpaceReplacement PreFilterModeWINEVENTLOGS PreFilterLog=ApplicationSource=re’TEC.*’Prefiltering Windows Log Events EventIdJan 15 150619 1998 0 Error N/A ServiceControlManager 7024 \ The UPS service terminated with service-specific errorFormat File SourceRegistry Variables ApplicationEventsProcessedApplicationEventsProcessedTimeStamp DirectoryEventsProcessedDirectoryEventsProcessedTimeStamp DNSEventsProcessedDNSEventsProcessedTimeStamp FileReplicationEventsProcessedLow Memory Registry Variables TECInstallPathSecurityEventsProcessedTimeStamp SystemEventsProcessedAdapter Administrator Roles for Windows 1. Select Create Administrators from the Administrators icon3. Type in SYSTEM in the Set Login Names dialog Starting the AdapterEvent Class Structure source NTsubsource hostnameNTPrinterWasSet tecadwin Command tecadwin SYNOPSISDESCRIPTION EXAMPLESTroubleshooting the Windows Event Log Adapter 126 IBM Tivoli Enterprise Console Adapters Guide Chapter 11. Windows NT Event Log Adapter Adapter FilesConfiguration File The error fileDEFAULT tecadnt.errHKEYLOCALMACHINE\SYSTEM\ CurrentControlSet\Services\ TECNTAdapter\ NumEventsToCatchUpPreFilterLog=lognameEventId=valueEventType=valueSource=value Chapter 11. Windows NT Event Log AdapterPrefiltering Windows NT Log Events SpaceReplacementPreFilterMode 130 IBM Tivoli Enterprise Console Adapters GuideFormat File EventIdSource EventTypeNon-English Format Files Registry VariablesApplicationEventsProcessed 132 IBM Tivoli Enterprise Console Adapters GuideTECInstallPath ApplicationEventsProcessedTimeStampPollingInterval SecurityEventsProcessedAdapter Administrator Roles for Windows NT 1. Select Create Administrators from the Administrators icon3. Type in SYSTEM in the Set Login Names dialog Low Memory Registry VariablesStarting the Adapter Stopping the AdapterEvents Listing Event Class StructureEvent Class Default Severity136 IBM Tivoli Enterprise Console Adapters Guide tecadnt Command tecadnt tecadnt.exe -d -c ConfigFile -L none EventLogAuthorization none Arguments c ConfigFileTroubleshooting the Windows NT Event Log Adapter 140 IBM Tivoli Enterprise Console Adapters Guide Appendix A. Files Shipped with Adapters 142 IBM Tivoli Enterprise Console Adapters Guide Appendix A. Files Shipped with Adapters 144 IBM Tivoli Enterprise Console Adapters Guide Appendix B. Format File Reference Format File LocationFormat Specifications v %lengthsLog File Example v %lengthsv %lengths+ v %tsucceeded for succeeded for su ’su su ’suon on Windows NT Example MappingsDEFAULT keyword string constantPRINTF statement LABEL keywordAdditional Mapping Considerations The following list describes how values were assigned Activating Changes Made with a Format File Generating a New Class Definition Statement File for a TME AdapterNetWare log file UNIX log fileWindows event log Windows NT event logNetWare log file UNIX log fileFile Format Appendix C. Class Definition Statement File ReferenceOperators SELECT Class Definition Statement File DetailsFETCH Note AS/400 adapters do not support KEY parts in CDS files 1 ATTR=,$TYPE,VALUE=,4 FETCH Statement1$TYPE=4 MAPDEFAULT Statement MAP StatementExample nexpressionObject Identifier to Name Translation name objectidentifierClass Definition Statement File Syntax Diagrams SELECTkeydecl = KEY ’’ kop ’,’ vopval ’’ aop = ’=’ PREFIX SUFFIX EXISTS Page 164 IBM Tivoli Enterprise Console Adapters Guide Notices IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A Trademarks Notices168 IBM Tivoli Enterprise Console Adapters Guide Glossary Obsolete term forPage Index Special characters 5, 610, 24 CDS file keywords continued Page files continued Page Page TCP/IP continued Page 180 IBM Tivoli Enterprise Console Adapters Guide Page Program Number 5698-TEC Printed in U.S.A GC32-0668-01