Question & Answer
Question
How can I configure the Mttrapd probe with a standard set of rules files from the NcKL?
Answer
The Netcool Knowledge Library (NcKL) provides a base set of rules for the SNMP Mttrapd probe from several event sources. A list of all Supported event sources defined in the rules is available in the Netcool Knowledge Library guide. Additional rules files for the SNMP probe can be developed with the Netcool MIB Manager, and included into the Netcool Knowledge Library. Below are the steps to configure the SNMP Mttrapd probe and the Netcool Knowledge Library in Netcool Omnibus 7.3.1.
Requirements:
Mttrapd installed with Omnibus core
NcKL package unpacked on the server in /tmp
Step 1: Configure the Object Server for NcKL
Run the advcorr.sql file with nco_sql. Any messages with (0 rows affected) are successful. Any “Object not found” errors can be ignored.
-bash-3.00# $OMNIHOME/bin/nco_sql -server NCOMS -user root -password '' < /tmp/NcKL/advcorr.sql
ERROR=Object not found on line 114 of statement
'--###############################################################################...', at or near 'AdvCorr_SetCauseType'
ERROR=Object not found on line 1 of statement 'drop trigger AdvCorr_LPC_RC;...',
at or near 'AdvCorr_LPC_RC'
ERROR=Object not found on line 1 of statement 'drop trigger
AdvCorr_LPC_Sym;...', at or near 'AdvCorr_LPC_Sym'
ERROR=Object not found on line 4 of statement '-- Drop tables in case they
already exists from a previous installation...', at or near 'AdvCorrLpcSymCand'
ERROR=Object not found on line 1 of statement 'drop table
alerts.AdvCorrLpcRcCand;...', at or near 'AdvCorrLpcRcCand'
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(10 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
(0 rows affected)
Add the required columns to the Object Server via nco_sql:
-bash-3.00# $OMNIHOME/bin/nco_sql -server NCOMS -user root
Password:
1> alter table alerts.status add column NetworkAssureAlarmId int
2> go
(0 rows affected)
1> alter table alerts.status add column NetworkAssureHost varchar(64)
2> go
(0 rows affected)
1> alter table alerts.status add column NetworkAssurePort int
2> go
(0 rows affected)
1> quit
Step 2: Extract the NcKL
The NcKL is unpacked in the NC_RULES_HOME environment variable directory. This is typically /opt/netcool/rules, but can be any directory. In this example, we will create a NC_HOME_RULES rules directory in $OMNIHOME/probes/solaris2/rules
> cd $NCHOME/omnibus/probes/solaris2
> mv /tmp/NcKL/rules.tar.gz .
> gunzip rules.tar.gz
> tar –xvf rules.tar
This creates the following directories under $NCHOME/omnibus/probes/solaris2/rules
drwxrwxr-x 2 8462 1117 1024 Jun 19 05:05 include-common
drwxrwxr-x 2 8462 1117 512 Jun 19 05:05 include-compat
drwxrwxr-x 46 8462 1117 1536 Jun 19 05:06 include-snmptrap
drwxrwxr-x 5 8462 1117 512 Jun 19 05:06 include-syslog
-r--r--r-- 1 8462 1117 3475 Jun 19 05:06 snmptrap.adv.include.rules
-r--r--r-- 1 8462 1117 68600 Jun 19 05:06 snmptrap.rules
-r--r--r-- 1 8462 1117 2154 Jun 19 05:06 snmptrap.sev.lookup
-r--r--r-- 1 8462 1117 4415 Jun 19 05:06 snmptrap.user.include.rules
-r--r--r-- 1 8462 1117 0 Jun 19 05:06 syslog-SrcType.lookup
-r--r--r-- 1 8462 1117 1840 Jun 19 05:06 syslog-SrcType.readme
-r--r--r-- 1 8462 1117 8088 Jun 19 05:06 syslog.rules
Step 3: Configure the Mttrapd Probe
Configure the mttrapd probe to use the snmptrap.rules provided in the NcKL NC_RULES_HOME directory.
> cd $OMNIHOME/probes/solaris2
> vi mttrapd.props
Server : 'NCOMS'
MessageLevel : 'debug'
Port : 162
Buffering : 1
BufferSize : 10
NetworkTimeout : 60
RulesFile : '$NC_RULES_HOME/snmptrap.rules'
Step 3: Set NC_RULES_HOME
Set the NC_RULES_HOME. This must be set from the same shell where the probe is started or in the probe nco_p_mttrapd.env file. If the probe is started by the Process Agent, this must be set in the nco startup script, the shell where the nco_pad command is executed, in the probe nco_p_mttrapd.env file or in the Process Agent nco_pad.env file.
TIP: Add the export of NC_RULES_HOME to the probe .env file in $OMNIHOME/probes/<arch>/nco_p_mttrapd.env. If you are running the probe under PA, export the NC_RULES_HOME directory in $OMNIHOME/platform/<arch>/bin/nco_pad.env
> cd $OMNIHOME/probes/solaris2
> vi nco_p_mttrapd.env
Add the following to the beginning of the file:
NC_RULES_HOME=/opt/christina/netcool731/omnibus/probes/solaris2/rules
export NC_RULES_HOME
Step 4: Run the syntax checker
Run the syntax checker to check rules file syntax and ensure the rules can be loaded. Run the syntax checker against the same rulesfile the probe is configured to use, and it will check the syntax of that rule and all included rules.
The syntax checker will display the same errors the probe would receive when reading the rules file. The syntax checker should always be ran before restarting the probe after a rules change. The rulesfile is loaded successfully if the "Rules file syntax OK" message is output to the screen.
> cd $OMNIHOME/probes
> ./nco_p_syntax –server NCOMS –rulesfile $OMNIHOME/probes/solaris2/rules/snmptrap.rules
2013-10-17T09:39:23: Information: I-UNK-000-000: Connecting ...
2013-10-17T09:39:23: Information: I-UNK-000-000: Checking rules file ...
2013-10-17T09:39:23: Debug: D-UNK-000-000: Shutting down Probewatch heartbeat thread.
2013-10-17T09:39:23: Debug: D-UNK-000-000: Probewatch heartbeat thread is already shutdown.
2013-10-17T09:39:23: Debug: D-UNK-000-000: Stopping separate communications threads if they are running.
2013-10-17T09:39:23: Debug: D-UNK-000-000: Running with single threaded communications.
2013-10-17T09:39:23: Debug: D-UNK-000-000: Reading /opt/christina/netcool731/omnibus/probes/solaris2/rules/snmptrap.rules
2013-10-17T09:39:23: Debug: D-UNK-000-000: Plain text rules file detected.
2013-10-17T09:39:23: Debug: D-UNK-000-000: Lookup table from '$NC_RULES_HOME/include-snmptrap/CorrScore.snmptrap.lookup' has 1 column
2013-10-17T09:39:23: Debug: D-UNK-000-000: Lookup table from '$NC_RULES_HOME/include-syslog/CorrScore.syslog.lookup' has 1 column
….<Lines will be logged for every single rules file and lookup table>
2013-10-17T09:38:45: Information: I-UNK-000-000: Rules file syntax OK
2013-10-17T09:38:45: Information: I-UNK-000-000: Disconnecting ...
……
Step 5: Start the probe
> cd $OMNIHOME/probes
> ./nco_p_mttrapd &
Successful startup in the $OMNIHOME/log/mttrapd.log, noting the new snmptrap.rules file is loaded:
....<previous lines snipped>
2013-10-16T16:01:36: Debug: D-UNK-000-000: End of /opt/christina/netcool731/omnibus/probes/solaris2/rules/snmptrap.rules
2013-10-16T16:01:36: Debug: D-UNK-000-000: Number of currently connected servers in list is 0
2013-10-16T16:01:36: Information: I-UNK-000-000: Using targets specified by properties
2013-10-16T16:01:36: Debug: D-UNK-000-000: Creating target for server NCOMS.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Setting default target server to 'NCOMS'.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Default target backup server is ''.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Setting network timeouts to '60'.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Primary server is 'NCOMS' backup is ''.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Attempting a connection to server 'NCOMS'.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Checking for backup ObjectServer.
2013-10-16T16:01:36: Information: I-UNK-000-000: 'NCOMS' is a primary server. Polling disabled.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Checking for svc update support.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Server SUPPORTS services.
2013-10-16T16:01:36: Debug: D-UNK-000-000: svc update SUPPORTED
2013-10-16T16:01:36: Debug: D-UNK-000-000: Server Verification Starting.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Server Verification Complete.
2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Forwarding SAF file on Initial startup
2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Disconnectiontime = 0 : Expire time = 0
2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Forwarding events from SAF files
2013-10-16T16:01:36: Debug: D-UNK-000-000: Heartbeat mode is: standard
2013-10-16T16:01:36: Debug: D-UNK-000-000: Heartbeat mode is standard, probe will function as normal without heartbeating
2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread failover-thread (1003ba8)
2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread failover-thread (1003ba8) running
2013-10-16T16:01:36: Debug: D-UNK-000-000: Final number of connected servers in list is 1
2013-10-16T16:01:36: Debug: D-UNK-000-000: Starting communication thread for server NCOMS.
2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread NCOMS-ComThread (1004620)
2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread NCOMS-ComThread (1004620) running
2013-10-16T16:01:36: Debug: D-UNK-000-000: Created communication thread for server NCOMS.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Running with multithreaded communications.
2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread probewatchheartbeat-thread (1005098)
2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread probewatchheartbeat-thread (1005098) running
2013-10-16T16:01:36: Debug: D-UNK-000-000: Probewatch heartbeat thread created successfully.
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ianaPortToService' with 4143 entries from 127 to 207
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ianaServiceToPort' with 4143 entries from 127 to 207
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ciscoIosDefaults' with 9002 entries from 127 to 450
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'cisco-ios_sev' with 8991 entries from 127 to 449
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'syslogPreClass' with 10280 entries from 127 to 514
2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'syslogCorrScore' with 10271 entries from 127 to 513
2013-10-16T16:01:36: Debug: D-UNK-000-000: NSProbe - Reentrant Version
2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread NSProbe Event Processor (1008080)
2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread NSProbe Event Processor (1008080) running
2013-10-16T16:01:36: Debug: D-UNK-000-000: *NOT* running PA Aware
2013-10-16T16:01:36: Information: I-UNK-000-000: Probewatch: Running ...
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21653451