IBM Enterprise Console Скачать руководство пользователя страница 26 | Manualshive

Страница: 26 / 194

background image

non-TME adapters that send events to a Windows event server or a Tivoli
Availability Intermediate Manager (AIM), specify one value for each event
server defined with the ServerLocation keyword.

The ServerPort keyword is optional when the event server is running on
UNIX, but mandatory when running on Windows.

Note:

If the event server is running on Windows: There is no portmapper
daemon on a Windows machine that allows the adapter to query the
reception port at runtime. The event server listens on a fixed
reception port (tec_recv_agent_port in .tec_config) for connection
and adapter input. Set ServerPort to the value of the
tec_recv_agent_port

entry in the .tec_config file in the

$BINDIR/TME/TEC

directory. The default is 5529. The Tivoli

Availability Intermediate Manager never uses the portmapper; the
Tivoli Availability Intermediate Manager server listens on a fixed
port set in the Tivoli Availability Intermediate Manager graphical
user interface.

TestMode

Specifies whether test mode is turned on or off. When TestMode=YES, the
ServerLocation

keyword specifies the file to which events are logged,

instead of being sent to the event server. Valid values are YES and NO,
without regard to case. The default is NO.

The TestMode keyword is optional.

Event Filtering

Normally, an adapter sends all events to the event server. You can optionally
specify events that can or cannot be sent to the event server. You can do this by
specifying the event class and such information as the origin, severity, or any other
attribute=value pair that is defined for the event class. The class name specified for
an event filter entry must match a defined class name; an adapter does not
necessarily have knowledge of the class hierarchy.

Depending on how you specify the Filter and FilterMode keywords, filtered
events are either sent to the event server or discarded.

v

To send specific events to the event server:

1.

Set FilterMode to IN.

2.

Create Filter statements to match the specific events that you want sent.

v

To discard specific events:

1.

Set FilterMode to OUT (the default value).

2.

Create Filter statements to match the specific events that you want
discarded.

v

To send all events to the event server (the default behavior):

1.

Set FilterMode to OUT.

2.

Do not specify any Filter statements.

Note:

All events are discarded when the configuration is as follows:

1.

FilterMode

is set to IN.

2.

No Filter statements are specified.

To use non-English characters in a Filter statement, you must enter the non-English
characters in the local encodings.

14

IBM Tivoli Enterprise Console: Adapters Guide

«
...
24
25
26
27
28
...
»

Содержание Enterprise Console

Страница 1: ...IBM Tivoli Enterprise Console Adapters Guide V ersion 3 8 GC32 0668 01...

Страница 2: ......

Страница 3: ...IBM Tivoli Enterprise Console Adapters Guide V ersion 3 8 GC32 0668 01...

Страница 4: ...ion 3 release 8 of IBM Tivoli Enterprise Console product number 5698 TEC and to all subsequent releases and modifications until otherwise indicated in new editions Copyright International Business Mac...

Страница 5: ...pter 2 AS 400 Alert Adapter 23 Adapter Files 23 Configuration File 24 Class Definition Statement File 25 SELECT Statement Example 25 FETCH Statement Example 25 Keywords 25 Configuring the AS 400 Alert...

Страница 6: ...Error File 85 Starting and Stopping the Adapter 85 Cold Start 86 Warm Start 86 Stopping the Adapter 86 Events Listing 86 Event Class Structure 86 Rules Listing 88 SNMP Traps 88 Generic Traps 88 Enterp...

Страница 7: ...File Example 147 Windows NT Example 149 Mappings 149 Additional Mapping Considerations 151 Activating Changes Made with a Format File 153 Generating a New Class Definition Statement File for a TME Ada...

Страница 8: ...vi IBM Tivoli Enterprise Console Adapters Guide...

Страница 9: ...ttributes adapter architecture and adapter files v The following chapters provide information about how to configure and use each adapter Chapter 2 AS 400 Alert Adapter Chapter 3 AS 400 Message Adapte...

Страница 10: ...lation and automated event management v IBM Tivoli Enterprise Console User s Guide GC32 0667 Discusses how to plan for and configure your event database environment and describes components roles and...

Страница 11: ...etter sized page are printed on the paper that you are using Providing Feedback about Publications If you have comments or suggestions about Tivoli products and documentation send an e mail to pubs ti...

Страница 12: ...d system messages appear in a monospace font Operating System dependent Variables and Paths This book uses the UNIX convention for specifying environment variables and for directory notation When usin...

Страница 13: ...s A source is an application for example a database or system resource for example an NFS server When an adapter detects an event generated from a source generally called a raw event it formats the ev...

Страница 14: ...rently supported for an endpoint are the following v UNIX log file v OS 2 v SNMP v Microsoft Windows event log v Windows NT event log You configure these adapters to send their events to specific prim...

Страница 15: ...TME adapters a managed node must also be configured as an endpoint to send events to the event server How Events Get to the Event Server From a Non TME Adapter A non TME adapter sends events directly...

Страница 16: ...lasses format this information into attributes and send this information to the event server The event server then processes this information Event classes are a classification of events do not confus...

Страница 17: ...event_handle and server_handle attributes duration For closed events the age in seconds of the event from when it was received by the event server until it was closed For all non closed events the va...

Страница 18: ...2 3 where chair The rule engine identifier 1 The server number 12121212 The event reception ID in server 1 3 The event handle for the event in server 1 severity The severity of the event The database...

Страница 19: ...nt This status is assigned a rule language predicate It is not available from an event console The database stores the status as a number This mapping is defined in the root baroc rule base file and i...

Страница 20: ...oli Management Framework Release Notes Cache File Events are written to the cache file using a circular method when the cache file has reached the size limit set by BufEvtMaxSize the next new event is...

Страница 21: ...naged node BINDIR TME TEC adapters etc or etc Tivoli tecad etc which is a link to the TME adapter directory Endpoint LCFROOT bin INTERP TME TEC adapters etc or etc Tivoli tecad etc which is a link to...

Страница 22: ...ifies the full path name of the adapter cache file On endpoint adapters the BufEvtPath keyword uses the TIVOLIHOME variable to resolve file location and drive letter differences over different environ...

Страница 23: ...onal FilterCache Works with the FilterMode and Filter keywords to determine which events are stored in the cache when events cannot be sent successfully to the event server To store events in the cach...

Страница 24: ...oes not exist at the beginning of the event data The default value for this option is NO Pre37Server Specifies whether the adapter is to send its events in the encoding of the event server host or in...

Страница 25: ...d in the order specified when the primary server is down For endpoint adapters secondary event servers if any are defined in the IBM Tivoli Enterprise Console gateway configuration file Only specify a...

Страница 26: ...rd to case The default is NO The TestMode keyword is optional Event Filtering Normally an adapter sends all events to the event server You can optionally specify events that can or cannot be sent to t...

Страница 27: ...fferent adapters Adapter Example AS 400 Alert The following entry matches all events of the SNA_Equipment_Malfunction class from the origin 1 2 3 4 Filter Class SNA_Equipment_Malfunction origin 1 2 3...

Страница 28: ...Su_Success origin 126 32 2 14 OpenView The following entry matches all events of the OV_Message class from the origin 126 32 2 14 FilterCache Class OV_Message origin 126 32 2 14 Windows NT The followi...

Страница 29: ...em implementations might report the file system full error in different formats As a result you might need to match different messages to the same or different event classes This type of matching is d...

Страница 30: ...is changed in a CDS file the corresponding event class definition in the BAROC file might need changing as well Event definition content and syntax are discussed in the IBM Tivoli Enterprise Console...

Страница 31: ...ns in the error file allow you to configure tracing options for an adapter An error file usually has an extension of err see each specific adapter chapter for exact file names An error file is located...

Страница 32: ...support for a predefined set of events The set of files is composed of the following files v BAROC file v CDS file v For the adapters on NetWare OS 2 UNIX Windows and Windows NT format file By modifyi...

Страница 33: ...e rules to see if the event was dropped See the IBM Tivoli Enterprise Console Reference Manual for more information about wtdumprl 4 Check the cache files to see if the event was cached Managed Node A...

Страница 34: ...rify that all communications among the event server Tivoli Management Framework gateway and endpoint are working 5 Source the endpoint environment then use the endpoint wpostemsg command from the syst...

Страница 35: ...s can be running at the same time each monitoring a different filter A few of the benefits are as follows v Consolidates alert monitoring v Integrates with existing AS 400 alert filters already define...

Страница 36: ...e configuration file is ALERT AdapterCdsFile Specifies the CDS file to be used for the AS 400 alert adapter This file can reside in either the QSYS or IFS name space but the path must be specified in...

Страница 37: ...The CDS file defines how events are constructed from information sent by the AS 400 alert adapter It is described in detail in Class Definition Statement File on page 18 SELECT Statement Example SELE...

Страница 38: ...ted INCIDENT_CORREL Alert correlation data from alert subvector x 4A MSG The alert code point text and the first probable cause text for the alert ORIGIN The hierarchy list of the alert origin PRODUCT...

Страница 39: ...brary name TYPE STD MAXLEN 592 FORCE NO SEQ FIFO Note If the data queue is not created per the previous specifications the adapter will not start Also if the AS 400 alert adapter is not running the sy...

Страница 40: ...r AUT USE GRTOBJAUT OBJ QSYS QNMDRGFN OBJECTYPE PGM USER user AUT USE Arguments EVTADP name Specifies a name for the adapter being started This name is used on the ENDTECADP AS 400 command It can be a...

Страница 41: ...pter The AS 400 adapter includes the ENDTECADP command that enables you to stop adapters individually or to stop all started adapters The command is described on the following pages Chapter 2 AS 400 A...

Страница 42: ...ame matches the name specified on the STRTECADP command ALL If ALL is specified then all adapters of all types are stopped OPTION Specifies the way the adapter stops The following options can be speci...

Страница 43: ...the adapter name ALERTADP ENDTECADP EVTADP ALERTADP The following command stops the AS 400 alert adapter started with the adapter name MYCFG in a controlled manner with a delay time of 60 seconds ENDT...

Страница 44: ...h this product Event Class Default Event Severity AS400_TEC_ALERT_ADAPTER based on AS 400 alert type SNA_Event CRITICAL SNA_1xxx_Hardware CRITICAL SNA_Equipment_Malfunction CRITICAL SNA_Input_Device_E...

Страница 45: ...r_Customization_Error CRITICAL SNA_Specification CRITICAL SNA_9xxx_Intervention_Required CRITICAL SNA_Operator_Intervention_Required CRITICAL SNA_Stock_Low CRITICAL SNA_Stock_Exhausted CRITICAL SNA_De...

Страница 46: ...Troubleshooting the AS 400 Adapter If a problem occurs with the AS 400 adapter you can perform problem determination by investigating the job the adapter is running in Each time you start an AS 400 a...

Страница 47: ...the AS 400 system Use the following commands to do this ADDTCPHTE INTNETADR event server protocol address HOSTNAME event server host name TEXT Tivoli Enterprise Console event server ADDTCPHTE INTNETA...

Страница 48: ...E QSYS LIB QUSRSYS LIB CFG_ALERT FILE ALRCFG MBR MONMSG MSGID CPF0000 DONE RETURN CHGVAR VAR CPYR VALUE CPYR ENDPGM 3 Create the program and put it in the QSYS library CRTCLPGM PGM QSYS program name S...

Страница 49: ...llows AdapterCdsFile QSYS LIB QUSRSYS LIB MYFILE FILE MYCFG MBR Filter mylib myfilter FilterDataQueue mylib mydtaqueue 3 Update the CDS and the BAROC files to include any new classes and filters 4 Upd...

Страница 50: ...verity m message slot_name value class source Note There cannot be a space between the option letter and the option value Examples Call QTMETECA POSTEMSG PARM Sserver_name rHARMLESS m This is a messag...

Страница 51: ...AS 400 message adapters can be running at the same time One AS 400 message adapter can monitor the system operator message queue while another is monitoring an application message queue A few of the b...

Страница 52: ...SRSYS LIB CFG_MSG FILE MSGCDS MBR BufEvtPath Specifies the path and name of the buffer file for the AS 400 message adapter The default path is etc Tivoli tec and the default buffer file name is the va...

Страница 53: ...RSYS LIB CFG_MSG FILE MSGCDS MBR defines how events are constructed from information sent by the AS 400 message adapter It is described in detail in Class Definition Statement File on page 18 SELECT S...

Страница 54: ...the data converted to was 65535 2 No conversion occurred because you did not supply enough space for the data 3 The data was converted to the CCSID specified using the best fit conversion tables 4 A...

Страница 55: ...RITY Specifies the severity A two digit value ranging from 0 through 99 The higher the value the more severe or important the condition MSG_TYPE The message type of the message received The possible v...

Страница 56: ...essage help 3 The message or message help text was converted to the CCSID specified using the best fit conversion tables 4 A conversion error occurred using the best fit conversion tables so a default...

Страница 57: ...Starting the Adapter The AS 400 message adapter includes the STRTECADP command that enables you to start an adapter The command is described on the following pages Chapter 3 AS 400 Message Adapter 45...

Страница 58: ...S 400 command It can be any valid AS 400 job name however each adapter running on the AS 400 system must have a unique name CFGFILE filename Specifies the full path name of the configuration file in I...

Страница 59: ...ter The AS 400 adapter includes the ENDTECADP command that enables you to stop adapters individually or to stop all started adapters The command is described on the following pages Chapter 3 AS 400 Me...

Страница 60: ...me specified on the Start TEC Event Adapter command ALL If ALL is specified then all adapters of all types are stopped OPTION Specifies the way the adapter stops The following options can be specified...

Страница 61: ...o monitor the QSYSOPR message queue ENDTECADP EVTADP SYSOPR The following command stops the AS 400 message adapter started with the adapter name MYAPP in a controlled manner that was set up to monitor...

Страница 62: ...group filters source AS400_MSGQ sub_source Fully qualified message queue name origin Protocol address of the system hostname Name of the system from the host name table date Date and time the message...

Страница 63: ...ing sent to an event server is created with a record length of 240 bytes if it does not exist Because an event written to this file does not wrap to a new line if it is longer than 240 bytes it is tru...

Страница 64: ...iption that calls the previous program and use QSYSNOMAX as the Job Queue CRTJOBD JOBD QGPL STARTADP JOBQ QSYSNOMAX TEXT Start TEC adapter after IPL RQSDTA CALL QGPL STRADPCL 3 Add an auto start job e...

Страница 65: ...e the configuration file perform the following steps 1 Copy the adapter files using the following commands CPYF FROMFILE QUSRSYS CFG_MSG TOFILE QUSRSYS MYFILE FROMMBR ALL TOMBR FROMMBR CRTFILE YES 2 U...

Страница 66: ...54 IBM Tivoli Enterprise Console Adapters Guide...

Страница 67: ...ile and forwards them to the event server for further processing The NetWare log file adapter can run silently without its own screen or it can run in the debugging mode that displays screen messages...

Страница 68: ...be separated by commas Locus Specifies the NetWare defined locus You can specify up to 16 loci Multiple loci must be separated by commas Class Specifies the NetWare defined class You can specify up to...

Страница 69: ...PreFilter statement are sent PreFilterMode IN or ignored PreFilterMode OUT Valid values are IN in OUT or out The default is OUT The PreFilterMode keyword is optional if PreFilterMode is not specified...

Страница 70: ...mple hierarchy The adapter fills in the following attribute default values as shown in the following table The attributes are used in event group filters Attribute Default Value source NW4 sub_source...

Страница 71: ...etWare Definition 0 Unknown 1 Memory 2 File system 3 Disks 4 Lanboards 5 Comstacks 7 TTS 8 Bindery 9 Station 10 Router 11 Locks 12 Kernel 13 UPS 14 Service Protocol 15 SFTIII 16 Resource Tracking 17 N...

Страница 72: ...Default Severity NW4_Base UNKNOWN NW4_SysLog_Base UNKNOWN NW4_ClassUnknown UNKNOWN NW4_OutOfResource UNKNOWN NW4_TempSituation UNKNOWN NW4_AuthorizationFailure UNKNOWN NW4_InternalError UNKNOWN NW4_Ha...

Страница 73: ...UNKNOWN NW4_AppMessage UNKNOWN NW4_NLM_Loading UNKNOWN NW4_NLM_Unloaded UNKNOWN NW4_NLM_NotLoaded UNKNOWN NW4_Abend UNKNOWN TECADNW4 NLM The NLM tecadnw4 nlm is the NetWare log file adapter The comman...

Страница 74: ...on file SYS ETC TIVOLI TECAD ETC TECADNW4 CNF is used d Shows verbose diagnostic information in the NLM screen as events are gathered and transmitted Press the Alt Esc or Ctl Esc keys to switch to oth...

Страница 75: ...n process 5 Check the adapter configuration file to verify that ServerLocation and ServerPort are properly defined If the event class appears in any filter entry in the configuration file and FilterMo...

Страница 76: ...64 IBM Tivoli Enterprise Console Adapters Guide...

Страница 77: ...eceives events from the ovtrapd process and forwards the specified events to the appropriate registered applications such as the OpenView adapter The OpenView adapter must run as a well behaved daemon...

Страница 78: ...me of the specifics for OpenView events 1 Descr ObjId Type OpenView Source ID number 1 3 6 1 4 1 11 2 17 2 1 0 INTEGER 2 Descr ObjId Type OpenView Source Name 1 3 6 1 4 1 11 2 17 2 2 0 OCTET_STRING 3...

Страница 79: ...meter when calling the OVsnmpEventOpen API If you have NNM 6 and HPOVFilter is not specified or is commented out the adapter receives all events by default For more information about HPOVFilter see Co...

Страница 80: ...OV_Message specific trap number 58916872 v OV_Popup_Message specific trap number 58916873 v OV_Bell_Message specific trap number 58916874 v OV_Highlight_Source specific trap number 58916875 An example...

Страница 81: ...circuit event tracing for a stream named PairWise ecsmgr log_events circuit PairWise on Event Correlation Example The following event passes through circuits named PairWise and ConnectorDown When the...

Страница 82: ...registration file This file is generated by the installation configuration script and placed in the OV_LRF directory For UNIX the directory is usually etc opt OV share lrf For Microsoft Windows NT th...

Страница 83: ...or HPOVFilter to make sure that the value was entered correctly or to see the errors generated by it See the manual page for OVsnmpEventOpen for details on HPOVFilter and the filter parameter WellBeha...

Страница 84: ..._VARS Specifies the number of elements in VARBIND ADAPTER_HOST The name of the host machine where the adapter runs The following example shows how you can use the keywords FETCH 1 IPNAME SOURCE_ADDR S...

Страница 85: ...file as needed and save it 3 Register the change with NNM by using OV_BIN ovaddobj OV_LRF tecad_hpov lrf 4 Restart the adapter If the tecad_hpov lrf file has errors the adapter might not start success...

Страница 86: ...in event group filters source HPOV sub_source NET origin hostIPaddress where the event originated hostname hostname where the event originated adapter_host Host on which the adapter runs forwarding_a...

Страница 87: ...OV_No_SNMP_Reply CRITICAL OV_Node_Added WARNING OV_Node_Deleted WARNING OV_Node_Fault FATAL OV_Node_Down WARNING OV_Node_Marginal WARNING OV_Node_Flags_Chg WARNING OV_Object_ID_Chg MINOR OV_Phys_Addr...

Страница 88: ...V_Network_IPAddrChg WARNING OV_Network_Name_Chg WARNING OV_Network_SubMskChg WARNING OV_Network_Unknown WARNING OV_Node_SupportsSNMP WARNING OV_Node_Unknown WARNING OV_Segment_Unknown WARNING OV_Trap_...

Страница 89: ...OpenView adapter 1 Make sure that the tecad_hpov lrf entry is correct and has been registered with OpenView using the ovaddobj command 2 If the adapter does not start look for errors in the lrf oid an...

Страница 90: ...78 IBM Tivoli Enterprise Console Adapters Guide...

Страница 91: ...ow to configure and start the OS 2 adapter Adapter Files The OS 2 adapter package consists of the following files readme The readme file tecadcfg cmd The startup configuration script tecadini sh The s...

Страница 92: ...tions in this file and when a match succeeds the corresponding IBM Tivoli Enterprise Console event is generated by the adapter The format file contains predefined mappings for some common OS 2 events...

Страница 93: ...ents and to determine if you want to make any changes The events are defined in the BAROC file See the IBM Tivoli Enterprise Console Rule Builder s Guide for more information about customizing a BAROC...

Страница 94: ...lter entry in the configuration file the event is not sent to the server The administrator who started the adapter must have the required roles if running the TME version of the adapter For a TME adap...

Страница 95: ...ng Messages Format Messages received on the udp 162 socket consist only of SNMP Trap PDUs as defined in RFC 1157 SNMPv1 Other types of messages are discarded Server Configuration Since the SNMP trap a...

Страница 96: ...ed from information sent by SNMP It is described in detail in Class Definition Statement File on page 18 and in Appendix C Class Definition Statement File Reference on page 155 SNMP Event Example CLAS...

Страница 97: ...file maps object identifiers used by SNMP to names No changes are necessary before the adapter is run Each line of this file has the following form name object identifier For example sysUpTime 1 3 6...

Страница 98: ...prise Console User s Guide for additional information Manually stop the adapter on the endpoint with the following command init tecad_snmp stop Events Listing The following table shows the class names...

Страница 99: ...r_Loss CRITICAL EGP_Neighbor_Loss_Cisco WARNING Specific_SNMP_Trap WARNING CBT_Trap WARNING Port_Segmenting_CBT WARNING Port_Link_Down_CBT WARNING Source_Address_New_CBT WARNING Source_Address_Timeout...

Страница 100: ...n a Cisco router issues an Authentication_Failure trap it provides an additional variable in the varbind list that gives the protocol address of the device sending the badly authenticated SNMP request...

Страница 101: ...ortCollisionThresholdExceeded 277 PortTypeChanged 278 LockSTATUSChanged 279 PortSecurityViolation 280 PortViolationReset 281 EnvTempWarm 282 EnvTempHot 283 EnvVoltageLow Creating a New SNMP Trap Event...

Страница 102: ...R lanalert agent 51 Agent independent Data LANAlert alerts are assigned one of five priorities from 1 highest through 5 lowest The following values are used for the specific trap field of AFG Trap pro...

Страница 103: ...CT TYPE SYNTAX OCTET STRING SIZE 12 ACCESS not accessible STATUS optional DESCRIPTION The IPX network address of a node lanalert data 7 nodeAddressAppleTalk OBJECT TYPE SYNTAX OCTET STRING SIZE 4 ACCE...

Страница 104: ...nagementServerName 4 ATTR nodeName 5 ATTR eventID 6 ATTR alertText MAP managementServerName V3 nodeName V4 eventID V5 alertText V6 msg PRINTF The LANAlert File Server Agent on s has set a priority 1 a...

Страница 105: ...NES source default LANA sub_source default NET severity default WARNING trapTime INT32 specificTrap INT32 managementServerName STRING nodeName STRING eventID INT32 alertText STRING END TEC_CLASS lanal...

Страница 106: ...esses such as SNMP or ovtrapd already listening on port 162 Use netstat a grep 162 to see if this port is in use The first process to start up gets the port and the other processes that follow never r...

Страница 107: ...Get Sent to the Event Server on page 1 for an overview of the IBM Tivoli Enterprise Console gateway referred to in the rest of this chapter as the gateway Controlling Event Traffic at the Gateway At...

Страница 108: ...keyword Any events above the value specified for the EventSendThreshold keyword are stored in the cache on the gateway To regulate the number of events being sent to the event server the BufferFlushR...

Страница 109: ...t server average rate gateway A events gateway B events EventSendThreshold adjusted send rate for gateway gateway A gateway B BufferFlushRate BufferFlushRate event server peak rate Additionally you ca...

Страница 110: ..._cache EventServer tmr central More than one buffer file might be created at the gateway depending on how many event server locations are configured by the adapters sending events For each different s...

Страница 111: ...efore connecting to a secondary server While the gateway is waiting for the expiration of this interval new events continue to be received by the gateway and are buffered in memory and cached to disk...

Страница 112: ...vent Note that if you are forwarding events to a Tivoli Availability Intermediate Manager you cannot specify zero 0 as the port because the Tivoli Availability Intermediate Manager does not register i...

Страница 113: ...et file must be imported into a rule base and then compiled This rule base must then be loaded and made the active rule base See the IBM Tivoli Enterprise Console Rule Builder s Guide for additional i...

Страница 114: ...s the following init tecad_logfile s start stop AdapterID If the s flag skip syslog is specified the adapter does not monitor the syslogd daemon If the s flag is not specified use so that the command...

Страница 115: ...u want from the adapter Configuration File The configuration file defines the behavior of the adapter The configuration file can have the common keywords described in Configuration File on page 9 as w...

Страница 116: ...nce on page 155 Error File The error file is described in detail in Error File on page 19 Events Listing The following table shows the class names and severities of all events defined for the UNIX log...

Страница 117: ...file_Getty WARNING Logfile_Halt WARNING Logfile_Idi HARMLESS Logfile_Inetd WARNING Logfile_Init WARNING Logfile_Innd WARNING Logfile_Kernel WARNING File_Write_Error MINOR File_System_Full MINOR NFS_Wr...

Страница 118: ...y WARNING Oserv_Tmgr WARNING Oserv_Event_Method_Failed MINOR Logfile_Passwd WARNING Logfile_Pcnfsd WARNING Logfile_Printer WARNING Printer_Connection_Abort WARNING Printer_Error_Cleared HARMLESS Print...

Страница 119: ...ARNING Logfile_Telnetd WARNING Logfile_Tftpd WARNING Logfile_Xntpd WARNING Xntpd_Clock_Reset WARNING Xntpd_Ntpdate WARNING Logfile_YP HARMLESS Logfile_Ypbind WARNING Logfile_Ypchfn WARNING Logfile_Ypc...

Страница 120: ...int alias must be added to the e mail alias file before the messages can be delivered Printer_Paper_Out Printer_Toner_Low Printer_Offline Printer_Output_Full Printer_Paper_Jam Printer_Door_Open v When...

Страница 121: ...mode init tecad_logfile d start 3 Generate some messages to determine if the adapter receives them You can send e mail perform an su or perform any action that results in a write to syslog Alternativ...

Страница 122: ...he TME version of the adapter For a TME adapter running the odstat command can offer some clues as to what failed 6 If the reception log has a PARSING_FAILED error the BAROC definition of the class do...

Страница 123: ...rity DNS server File Replication service and Directory service logs whether the Windows event log adapter is running continuously or is restarted You can alter this behavior using the appropriate swit...

Страница 124: ...the same as the ManagedNode name which is case sensitive of the host where the event originated You must take this into consideration if you run tasks or programs from the IBM Tivoli Enterprise Consol...

Страница 125: ...default value is 120 seconds PreFilter Specifies how events in a Windows event log are filtered before adapter processing PreFilter statements are used by PreFilterMode when determining which events a...

Страница 126: ...s optional if PreFilterMode is not specified only events that do not match any PreFilter statements are sent to the adapter Note If you set PreFilterMode IN make sure you have one or more PreFilter st...

Страница 127: ...s so only those events that are of importance to administrators are processed by the adapter This type of filtering is called prefiltering because it specifies selection criteria based on the raw Wind...

Страница 128: ...on Windows events and can be customized to add any new messages A Windows event is written to an ASCII message in the following sequence v The date expressed as month day time and year v The event cat...

Страница 129: ...ssed event 1 923673952 To prevent this stop the adapter and then make the necessary registry changes When you restart the adapter a consistency check updates the registry entry for the appropriate var...

Страница 130: ...ding event identified by the value of the FileReplicationEventsProcessed variable PollingInterval The adapter polls the Windows event logs for new events at intervals when it does not receive any even...

Страница 131: ...ows event log adapter attempts to send an event If the amount of free memory is extremely low the Windows event log adapter returns to a suspended state until more memory is available which prevents t...

Страница 132: ...dapter For example you can start and stop the adapter using Windows Control Panel Services You can also manually start the adapter from the command line with the following command net start TECWinAdap...

Страница 133: ...ng WARNING NT_Service_Start WARNING NT_Service_Stop WARNING NT_Out_Of_Paper WARNING NT_Printer_Out_Of_Paper WARNING NT_Low_Virtual_Memory WARNING NT_Security_Db_Not_In_Sync WARNING NT_Registry_Bad_DB...

Страница 134: ...Timeserv_Failed_5 NT_Timeserv_Failed_6 NT_License_Service_No_License_Available NT_License_Service_Out_Of_Licenses NT_Restore NT_Backup NT_Replicator_Did_Not_Send_Update NT_Replicator_System_Error NT_R...

Страница 135: ...ror NT_Table_Reached_Maximum_Size NT_Handle_Closed NT_Object_Open NT_Audit_Policy_Change NT_Duplicate_Name WARNING tecad_win Command The Windows event log adapter includes the tecad_win command which...

Страница 136: ...ation file otherwise one of the appropriate directories specified in File Location on page 9 is used d Shows debug information as events are gathered and transmitted This argument also selects a verbo...

Страница 137: ...hat the FTP server has registered as a trusted login process If you do not see this message run the Windows User Manager application located in the Administrative Tools folder select Audit from the Po...

Страница 138: ...126 IBM Tivoli Enterprise Console Adapters Guide...

Страница 139: ...d for the System Application and Security logs whether the Windows NT event log adapter is running continuously or is restarted You can alter this behavior using the appropriate switches when the Wind...

Страница 140: ...originated You must take this into consideration if you run tasks or programs from the IBM Tivoli Enterprise Console product or the rule base because they might use the hostname attribute to determine...

Страница 141: ...again If no event is detected from a poll the polling interval is doubled until the upper limit is reached After the upper limit is reached the polling frequency remains at that interval until a new e...

Страница 142: ...ation for them The default setting is TRUE UnmatchLog Specifies a file to log discarded events that cannot be parsed into an IBM Tivoli Enterprise Console event class by the adapter The discarded even...

Страница 143: ...ter Format File The format file contains message format descriptions and their mapping to BAROC events The message fields of a Windows NT event are matched against the format descriptions in this file...

Страница 144: ...he Windows NT event log adapter is installed All of the registry variables for the Windows NT event log adapter are located in the HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services TECNTAdapter dir...

Страница 145: ...HINE SYSTEM CurrentControlSet Services TECNTAdapter This is not set by default and must be added to the registry to alter the default value of 120 seconds SecurityEventsProcessed Contains the highest...

Страница 146: ...e amount of free memory then returns to a suspended state for 1 minute After 1 minute the adapter checks free memory again if free memory is still below this level the adapter returns to a suspended s...

Страница 147: ...the after file distribution actions See the IBM Tivoli Enterprise Console User s Guide for additional information Events Listing The following table shows the class names and severities of all events...

Страница 148: ...r_Conflict NT_Document_Print_Success NT_Document_Print_Deleted NT_Internal_Error_In_The_DHCP_Server NT_Performance_Alert NT_Capacity_Alert NT_Performance_Monitor NT_Trustee_Relationship_Failed NT_Serv...

Страница 149: ...ce_Called NT_Trusted_Process_Logon_Success NT_Logon_Successful NT_Logon_Failure NT_User_Logoff NT_Log_Clear_Successful NT_Account_Management_Success NT_Group_Management_Change_Success NT_Global_Group_...

Страница 150: ...me for the configuration file otherwise one of the appropriate directories specified in File Location on page 9 is used d Shows debug information as events are gathered and transmitted This argument a...

Страница 151: ...see a message that the FTP server has registered as a trusted login process If you do not see this message run Windows NT User Manager application located in the Administrative Tools folder select Au...

Страница 152: ...o 10 minutes if the adapter and the CPU are under a heavy load This delay occurs because the adapter attempts to finish processing all pending events before exiting The adapter should shut down immedi...

Страница 153: ...ed adapters An x indicates the file is used by an adapter File Extension Adapter AS 400 Alert AS 400 Message NetWare OpenView OS 2 SNMP UNIX Log File Windows Event Log Windows NT Event Log BAROC baroc...

Страница 154: ...S LIB CFG_MSG FILE MSGBRC MBR as400msg baroc on the event server cds QSYS LIB QUSRSYS LIB CFG_MSG FILE MSGCDS MBR conf QSYS LIB QUSRSYS LIB CFG_MSG FILE MSGCFG MBR NetWare brc tecadnw4 brc cds tecadnw...

Страница 155: ...tecad_logfile err fmt tecad_logfile fmt rls log_default rls Microsoft Windows event log baroc tecad_win baroc cds tecad_win cds conf tecad_win conf err tecad_win err fmt tecad_win fmt Windows NT even...

Страница 156: ...144 IBM Tivoli Enterprise Console Adapters Guide...

Страница 157: ...g file and OS 2 adapter format files are in English only The Microsoft Windows NT event log format file is in English and localized into a sample file for the Tivoli supported languages If you have a...

Страница 158: ...server service was unable to recreate the share s because the directory s no longer exists sharename 8 directoryname 9 END The FOLLOWS relationship is used to allow specific format specifications to b...

Страница 159: ...l su message from a system log is an example of matching a system log message to the generic format specification mentioned in the preceding section Sep 13 12 17 11 elcap su su root succeeded for tjon...

Страница 160: ...that this does not matter but the importance is apparent as discussed in Mappings on page 149 The following format string however is meaningful This is a good format s s The first s matches everything...

Страница 161: ...d s The following format specification does not make much sense This is not a good format s s The first s matches everything through the end of the message and the second s never matches anything It m...

Страница 162: ...derived from either a i value specification or a constant string value specification they cannot be derived from another PRINTF statement The value of the argument attributes will be used to compose a...

Страница 163: ...get sent to the event server but are used in the PRINTF statement Temporary attributes are designated with a hyphen immediately preceding the attribute name in a mapping In order to illustrate the use...

Страница 164: ...e adapter default v The msg attribute was not inherited from the Logfile_Base class because it was overridden by the Root_Login_Success_From class v The sub_source attribute was inherited from the con...

Страница 165: ...ile being distributed by selecting Actions in the Edit Adapter window of the ACF Generating a New Class Definition Statement File for a Non TME Adapter To generate a new CDS file for a non TME adapter...

Страница 166: ...t cds 3 Restart the adapter NetWare log file See TECADNW4 NLM on page 61 OS 2 See Starting the Adapter on page 80 UNIX log file See Starting the Adapter on page 101 Windows event log See Starting the...

Страница 167: ...r syntax reference information in BNF notation see Class Definition Statement File Syntax Diagrams on page 161 Operators Various operators are used in class definition statements as follows v The PREF...

Страница 168: ...t prints using the two items that were pulled with the FETCH statement Class Definition Statement File Details For each class of event supported by an adapter one or more class definition statements a...

Страница 169: ...key or value PREFIX SUFFIX CONTAINS a_op_value k_op_value and v_op_value specify the comparison value In order for a SELECT statement to be evaluated successfully the following conditions must be met...

Страница 170: ...be used to reference these mandatory attributes and thereby directly access their values These keywords have the format attribute_name Examples of keywords supported by the SNMP adapter are AGENT_ADD...

Страница 171: ...ing two formats attribute_name variable attribute_name PRINTF format_string var1 An example of a MAP statement is the following MAP origin AGENT ADDRESS msg PRINTF Link s is DOWN V3 The output from a...

Страница 172: ...essages the standard way of naming attributes is to use object identifiers OIDs For example SNMP variable ifDescr is named 1 3 6 1 2 1 2 2 1 2 Using SNMP object identifiers in SELECT statements is not...

Страница 173: ...ult_statement MAP DEFAULT mapdef_statements END mapdef_statements mapdef_statement mapdef_statement mapdef_statements mapdef_Statement attribute_name constant attribute_name keyword attribute_name ato...

Страница 174: ...ant keyword name_var key_var value_var v_op PREFIX SUFFIX EXISTS v_op_val constant keyword name_var key_var value_var FETCH STATEMENT fetch statements fetch_statement fetch_statement fetch_statements...

Страница 175: ...map_args map_args map_value map_value map args map value constant keyword name_var value_var fetch_var VARIOUS constant string e g hello hello number 12 keyword atom e g TARGET name_var N number e g N...

Страница 176: ...164 IBM Tivoli Enterprise Console Adapters Guide...

Страница 177: ...ive Armonk NY 10504 1785 U S A For license inquiries regarding double byte DBCS information contact the IBM Intellectual Property Department in your country or send inquiries in writing to IBM World T...

Страница 178: ...ave been made on development level systems and there is no guarantee that these measurements will be the same on generally available systems Furthermore some measurement may have been estimated throug...

Страница 179: ...form the photographs and color illustrations might not appear Trademarks The following terms are trademarks of International Business Machines Corporation in the United States other countries or both...

Страница 180: ...168 IBM Tivoli Enterprise Console Adapters Guide...

Страница 181: ...gned to event attributes configuration file A file that specifies the characteristics of a system device or network E endpoint 1 In a Tivoli environment a Tivoli client that is the ultimate recipient...

Страница 182: ...er to recognize relationships among events event correlation and to execute automated responses accordingly Also see rule base and rule set rule base In the IBM Tivoli Enterprise Console product one o...

Страница 183: ...FETCH examples 25 files 23 142 graphic character set 25 AS 400 alert adapter continued job queue 35 keywords CDS file 25 message queues 24 multiple adapters 36 Name Server 35 POSTEMSG command 38 regis...

Страница 184: ...ACTION_CODE 25 ACTIONS 25 ADAPTER_CORREL 25 ADAPTER_HOST 25 ADAPTER_HOST_SNANODE 26 ALERT_CDPT 26 CDS file keywords continued AS 400 alert adapter continued ALERT_ID 26 ARCH_TYPE 26 BLOCK_ID 26 CAUSE...

Страница 185: ...24 27 FilterDataQueue 24 27 JobDescription 25 LanguageID 25 ProcessExistingAlerts 25 ServerCCSID 25 AS 400 message adapter AdapterCdsFile 40 AdapterType 40 configuration file keywords continued AS 40...

Страница 186: ...tribute 5 E effect events 5 encoding UTF 8 3 12 14 145 endpoint adapters 13 endpoint gateway See gateway Tivoli Management Framework 2 endpoints described 1 distributing adapters 95 getting events to...

Страница 187: ...3 tecad_logfile err 103 104 tecad_logfile fmt 103 104 109 tecad_nt baroc 127 tecad_nt conf 127 tecad_nt err 128 files continued tecad_nt exe 127 tecad_nt fmt 127 131 tecad_snaevent baroc 32 tecad_snmp...

Страница 188: ...ords 24 L lanalert entry SNMP adapter 92 language support packs and postemsg 22 last cfg file 21 lcfd process 1 2 22 lcfd log file 21 list events 104 localization directories 4 log files ASCII 1 log_d...

Страница 189: ...n NetWare adapter 55 region Tivoli management 95 registration files described 8 registry variables ApplicationEventsProcessed 117 132 ApplicationEventsProcessed TimeStamp 117 133 DirectorEventsProcess...

Страница 190: ...nt log adapter 111 TCP IP continued Windows NT event log adapter 127 tec_gateway_sce ACP 97 tec_gateway conf 97 tec_recv_agent_port entry 14 tec_uninstal cmd 79 tecad_hpov 70 tecad_hpov baroc 70 tecad...

Страница 191: ...ment 8 notation for x W warm start SNMP adapter 86 wep ls command 21 Windows event log adapter attribute defaults 121 BAROC file 121 configuration file 112 Control Panel Services Applet 120 described...

Страница 192: ...180 IBM Tivoli Enterprise Console Adapters Guide...

Страница 193: ......

Страница 194: ...Program Number 5698 TEC Printed in U S A GC32 0668 01...

Отзывы:

Нет отзывов

Похожие инструкции для Enterprise Console

Wireless Mini PCI Module

Бренд: E-Tech Страницы: 42

BIC 1I12-P2A25-M30MI1-BPX05-110

Бренд: Balluff Страницы: 12

IMACS Network Device

Бренд: Zhone Страницы: 114

SLK-R602 Series

Бренд: Seriallink Страницы: 29

Бренд: Z Microsystems Страницы: 51

Бренд: Techroutes Страницы: 20

B-Control Fader BCF2000

Бренд: Behringer Страницы: 13

Бренд: ADTRAN Страницы: 4

Бренд: ExtraHop Страницы: 2

SteelCentral NetExpress 470

Бренд: Riverbed Страницы: 140

Бренд: ACTi Страницы: 12

Бренд: Planet Страницы: 16

Бренд: Datavideo Страницы: 25

Бренд: Eagle Eye Страницы: 61

Бренд: ferroamp Страницы: 19

Бренд: Biamp Страницы: 26

Бренд: BossPac Страницы: 8

Бренд: Bosslan Страницы: 11

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды