Output from Talk | IBM SC30-3681-08 specification

Using ELS

12:08:17 SNMP.024: generic trc (P2) at snmp_mg.c(766): Now 0 trap destinations

12:08:17 SNMP.012: comm public added

12:08:27 SNMP.022: ext err (Z1) at snmp_resconf.c(322): add_router_if_info(): sr rdrec failed

12:08:27 SNMP.028: err (E2) at snmp_moh.c(1583) : Duplicate

12:08:28 GW.022: Nt fld slf tst nt 13 int PPP/3

12:08:28 IP.022: add nt 4.0.0.0 int 4.1.1.1 nt 4 int PPP/0

( 297 messages not shown )

12:08:43 GW.022: Nt fld slf tst nt 12 int PPP/2

12:08:43 GW.022: Nt fld slf tst nt 13 int PPP/3

12:08:48 IP.022: add nt 192.9.200.0 int 192.9.200.20 nt 0 int Eth/0

12:08:48 SRT.017: Enabling SRT on port 1 nt 0 int Eth/0

12:08:48 STP.016: Select as root TB-1, det topol chg

12:08:48 STP.026: Root TB-1, strt hello tmr

12:08:48 ARP.002: Pkt in 1 1 800 nt 0 int Eth/0

12:08:48 ARP.002: Pkt in 2 1 800 nt 0 int Eth/0

12:08:48 IP.068: routing cache cleared

( 126 messages not shown )

12:13:38 GW.022: Nt fld slf tst nt 11 int ISDN/0

12:13:47 ARP.011: Del ent 1 3 nt 0 int Eth/0

12:13:47 ARP.002: Pkt in 1 1 800 nt 5 int Eth/4

12:13:47 ARP.002: Pkt in 2 1 800 nt 0 int Eth/0

12:13:50 GW.022: Nt fld slf tst nt 4 int PPP/0

Corresponding Sequence

Numbers in

Remote-Logging Files :

[0310] first message logged -- not logged (ARP request) -- -- not logged (ARP request)-- -- not logged (ARP request)-- [0314] [0315] [0316]

[0443]

[0444]

-- not logged (ARP request) -- -- not logged (ARP request)-- [0447] [0448]

Figure 10. Output from Talk 2

You can use the timestamp, which appears in both the remote-logging output ®le and the talk 2 output, to determine when the ®rst ELS message is successfully remote-logged. To use the timestamp for this purpose, con®gure ELS such that the timestamp in the monitor queue displays the time-of-day.

Also notice in Figure 9 on page 160 that messages 311-313 did not get remote-logged. This is because an ARP request was outstanding and until the ARP response is received, all but the ®rst packet is dropped in the source IBM 2210. The ARP cache is cleared at a user-con®gured refresh rate, and the device issues a new ARP request. To determine when ARP requests are occurring, events ARP.002 and ARP.011 can be remote-logged, in addition to the ELS events of interest.

Figure 11 shows ARP events logged to the syslog_user_alert ®le that account for events 445 and 446, which were indicated as missing in Figure 9 on page 160 .

Nov 20	12:02:53 worksta01 root: THIS IS		A TEST MESSAGE (user.alert)
Nov 20	12:08:48 5.1.1.1 Msg [0314] from		IBM / 2210 : els:		ARP.002: Pkt in 1 1 800	nt 0	int Eth/0
Nov 20	12:08:48 5.1.1.1 Msg [0315]	from	** IBM / 2210	**: els:	ARP.002: Pkt in 2 1 800	nt 0	int Eth/0
Nov 20	12:08:48 5.1.1.1 Msg [0319]	from	** IBM / 2210	**: els:	ARP.002: Pkt in 2 1 800	nt 0	int Eth/0
Nov 20	12:13:47 5.1.1.1 Msg [0444]	from	** IBM / 2210	**: els:	ARP.011: Del ent 1 3 nt	0 int Eth/0
Nov 20	12:13:47 5.1.1.1 Msg [0447]	from	** IBM / 2210	**: els:	ARP.002: Pkt in 2 1 800	nt 0	int Eth/0

Figure 11. Sample Contents from Syslog_user_alert File

You can prevent the loss of ELS messages caused by this ARP sequence by establishing a static relationship between the IP address and the MAC address. The basic steps are outlined below and are illustrated in Figure 12 on page 162.

1.In talk 5, ªpingº the remote workstation's IP address

2.In talk 5, determine the interface (net) number used to send messages to the remote-workstation's IP address

Chapter 12. Using the Event Logging System (ELS) 161

IBM SC30-3681-08 manual Output from Talk

Models: SC30-3681-08

Using ELS

( 297 messages not shown )

Figure 10. Output from Talk 2

Figure 11 shows ARP events logged to the syslog_user_alert ®le that account for events 445 and 446, which were indicated as missing in Figure 9 on page 160 .

Figure 11. Sample Contents from Syslog_user_alert File