1. Manuals
  2. Brands
  3. IBM Manuals
  4. Network Router
  5. Enterprise Console
  6. Manual

IBM Enterprise Console Manual

Ibm enterprise console adapters guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
IBM Tivoli Enterprise Console
Adapters Guide
V ersion 3.8
GC32-0668-01

Advertisement

Table of Contents
loading

Related Manuals for IBM Enterprise Console

Summary of Contents for IBM Enterprise Console

  • Page 1 IBM Tivoli Enterprise Console Adapters Guide V ersion 3.8 GC32-0668-01...
  • Page 3 IBM Tivoli Enterprise Console Adapters Guide V ersion 3.8 GC32-0668-01...
  • Page 4 Before using this information and the product it supports, read the information in “Notices” on page 165. First Edition (September 2002) This edition applies to version 3, release 8, of IBM Tivoli Enterprise Console (product number 5698-TEC) and to all subsequent releases and modifications until otherwise indicated in new editions.

  • Page 5: Table Of Contents

    Preface ....vii Who Should Read This Guide . What This Guide Contains . Publications . IBM Tivoli Enterprise Console Library . Prerequisite Publications. Related Publications . Accessing Publications Online .
  • Page 6 Keywords . Built-in Variables for $VARBIND . Object Identifier File . Error File . Starting and Stopping the Adapter Cold Start . IBM Tivoli Enterprise Console: Adapters Guide . 56 Warm Start . 57 Stopping the Adapter . . 58 Events Listing .
  • Page 7 Format File . Non-English Format Files . Registry Variables . Low Memory Registry Variables . Adapter Administrator Roles for Windows NT . Starting the Adapter . Stopping the Adapter. Events Listing . Event Class Structure . tecad_nt Command . tecad_nt . Troubleshooting the Windows NT Event Log Adapter .
  • Page 8 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 9: Preface

    The IBM for the currently available IBM Tivoli Who Should Read This Guide This guide is for IBM Tivoli Enterprise Console administrators who configure event adapters and IBM Tivoli Enterprise Console gateways. You should have prior knowledge of the following: v UNIX ®...

  • Page 10: Publications

    Publications This section lists publications in the IBM Tivoli Enterprise Console library and any other related documents. It also describes how to access Tivoli publications online and how to make comments on Tivoli publications. IBM Tivoli Enterprise Console Library The following documents are available in the IBM Tivoli Enterprise Console library: v Tivoli Event Integration Facility User’s Guide, GC32-0691...

  • Page 11: Accessing Publications Online

    Web site: http://www.tivoli.com/support/survey/ Contacting Customer Support If you have a problem with any Tivoli product, you can contact IBM Customer Support for Tivoli products. See the Tivoli Customer Support Handbook at the following Web site: http://www.tivoli.com/support/handbook/...

  • Page 12: Operating System-Dependent Variables And Paths

    Note: If you are using the bash shell on a Windows system, you can use the UNIX conventions. IBM Tivoli Enterprise Console: Adapters Guide other information that you must use literally appear in bold. Names of windows, dialogs, and other controls also appear in bold.

  • Page 13: Chapter 1. Understanding Adapters

    Chapter 1. Understanding Adapters Event adapters are software programs that collect information, perform local filtering, and convert relevant events into a format that can be used by the IBM Tivoli Enterprise Console product. Because adapters are located on or near their event sources and can perform local filtering of events, the adapters create a minimal amount of additional network traffic.
  • Page 14 Framework gateway, or lcfd process is down, events are buffered at the endpoint. The events are re-sent when communication is restored and the next event is sent. If an event server is down (but the IBM Tivoli Enterprise Console gateway, Tivoli Management Framework gateway, and lcfd processes are still up), events are buffered at the IBM Tivoli Enterprise Console gateway.

  • Page 15: How Events Get To The Event Server From A Managed Node

    The following figure shows an example of the IBM Tivoli Enterprise Console product and Tivoli Management Framework component relationships in a network with endpoints. How Events Get to the Event Server From a Managed Node For network management OpenView adapters, events are sent from the managed node adapter directly to the event server using a TME interface.

  • Page 16: Event Information

    IBM Tivoli Enterprise Console 3.7 product, the format files in the localization directories must remain in English. See “Format File” on page 17 and Appendix B, “Format File Reference”...
  • Page 17 Attribute Name Contents The list of authorization roles that enables an administrator to modify the event. adapter_host The host on which the adapter is running. administrator The administrator who acknowledged or closed the event. cause_date_ The cause_date_reception attribute is used to link an effect event to reception its cause event.
  • Page 18 Attribute Name server_path severity source IBM Tivoli Enterprise Console: Adapters Guide Contents Stores information describing the rule engines that an event has passed through. server_path has the following definition: list_of_strings Each element in the list represents one rule engine that the event has visited, and each element contains a rule engine identifier, server number, reception ID, and event handle.

  • Page 19: Adapter Files

    Attribute Name status sub_origin sub_source The adapter uses the following attributes to uniquely identify an event: v date_reception v event_handle v server_handle Adapter Files An adapter uses various files for its operations. The following table provides a brief description of the types of files that can be used. Subsequent sections discuss some of the more common files you might need to view or modify for configuration or troubleshooting purposes.

  • Page 20: Cache File

    The byte offset from the beginning of the file to the first byte of free space in the file. IBM Tivoli Enterprise Console: Adapters Guide Description Defines configuration options for adapters. Defines error logging and tracing options for the adapter.

  • Page 21: Configuration File

    The boundaries between events in the cache file are indicated by a terminating ^A character at the end of each event. Configuration File Most adapters come with a configuration file containing configuration options and filters. This file is read by an adapter when it is started. By modifying this file, you can reconfigure an adapter at anytime, without having to modify the adapter source code.
  • Page 22 The default value is zero ( ); all events are sent in one burst. The BufferFlushRate keyword is optional. ConnectionMode Specifies the connection mode to use to connect to the IBM Tivoli Enterprise Console gateway or event server. Valid values are IBM Tivoli Enterprise Console: Adapters Guide Default Path $TIVOLIHOME/tec/ tecad_adapter.cache...
  • Page 23 Filter statement specifies. This keyword is optional. Note: When using FilterCache with endpoint adapters and the IBM Tivoli Enterprise Console gateway, you must set the filtering statements at both locations to the same specifications.
  • Page 24 NO_UTF8_CONVERSION Specifies whether to encode event data in UTF-8. When this options is set to YES, the IBM Tivoli Enterprise Console product does not encode event data in UTF-8. The data is assumed to already be in UTF-8 encoding when passed to the IBM Tivoli Enterprise Console product.
  • Page 25 For endpoint adapters, secondary event servers, if any, are defined in the IBM Tivoli Enterprise Console gateway configuration file. Only specify a primary event server in an endpoint adapter configuration file.

  • Page 26: Event Filtering

    To use non-English characters in a Filter statement, you must enter the non-English characters in the local encodings. IBM Tivoli Enterprise Console: Adapters Guide daemon on a Windows machine that allows the adapter to query the reception port at runtime. The event server listens on a fixed reception port (tec_recv_agent_port in .tec_config) for connection...

  • Page 27: Regular Expressions In Filters

    126.32.2.14: Event Buffer Filtering When an adapter is unable to connect to the event server or IBM Tivoli Enterprise Console gateway, it sends the events to a file if the BufferEvents keyword is set to . You can filter events sent to a cache file, similar to filtering events for the event server by using the FilterCache keyword.

  • Page 28: Event Buffer Filter Examples

    A BAROC file has an extension of .baroc; see each specific adapter chapter for exact file names. The format of a BAROC file is described in the IBM Tivoli Enterprise Console Rule Builder’s Guide.

  • Page 29: Rule File

    A rule file has an extension of .rls; see each specific adapter chapter for exact file names. The format of a rule file is described in the IBM Tivoli Enterprise Console Rule Builder’s Guide. Example...

  • Page 30: Class Definition Statement File

    .fmt file (if any). If any event definition is changed in a CDS file, the corresponding event class definition in the BAROC file might need changing as well. Event definition content and syntax are discussed in the IBM Tivoli Enterprise Console Rule Builder’s Guide.

  • Page 31: Error File

    Error File It is possible to selectively activate tracing for any module of an adapter (parser, kernel, select, fetch, map, driver, and so forth) and for any level of error tracing. A different log file can be specified for each module/level pair. To see a continuous flow of adapter processing with tracing, change all occurrences of /dev/null to the same output file.

  • Page 32: Initial Files

    (for example, SNMP generic traps), as well as to provide enough examples to the system administrator on which to build new event definitions. The initial supported events for the adapters are described in each adapter chapter later in this guide. IBM Tivoli Enterprise Console: Adapters Guide KERNEL A general kernel operation. SELECT A selection process.

  • Page 33: Troubleshooting Adapters

    Adapter Configuration Profile (ACP) distributions. 3. Use the managed node wpostemsg command from the system the adapter is running on to see if the event arrives at the event server. See the IBM Tivoli Enterprise Console Reference Manual for more information.

  • Page 34: Non-Tme Adapters

    Tivoli software is not installed. Thus, this standalone command displays error messages in English only, because the command does not have access to the message catalogs for the language support packs. See the IBM Tivoli Enterprise Console Reference Manual for more information.

  • Page 35: Copyright Ibm Corp

    Creates IBM Tivoli Enterprise Console events, using a class definition statement (CDS) file v Filters IBM Tivoli Enterprise Console events that are not important, using a configuration file v Sends IBM Tivoli Enterprise Console events to an event server (using TCP/IP...

  • Page 36: Configuration File

    AdapterCdsFile BufEvtPath Filter FilterDataQueue IBM Tivoli Enterprise Console: Adapters Guide Ends an AS/400 adapter. Specifies the type of resource to be monitored. The default value is MSGQ if this keyword is not defined, meaning that the adapter monitors a message queue. The value provided in the configuration file is ALERT.

  • Page 37: Class Definition Statement File

    To customize events, the AS/400 alert adapter supports the following keywords in class definition statements. Evaluation of these keywords is faster because access of them is direct. Event definition content and syntax are described in the IBM Tivoli Enterprise Console Rule Builder’s Guide.

  • Page 38: Configuring The As/400 Alert Filters

    QTECALERT action entry is updated with the data queue name so incoming alert information can be monitored by the adapter. IBM Tivoli Enterprise Console: Adapters Guide The netID.nau name of the host where the adapter is running. The alert code point that provides an index into predefined text describing the alert condition.

  • Page 39: Integrating With An Existing Alert Filter

    If you use the default filter provided, copy it into library QUSRSYS and modify it there. Integrating with an Existing Alert Filter You might have alert filters that are already in use on your AS/400 system. These filters have been set up with the appropriate selection and action entries to filter alerts of interest and route them to predefined groups.

  • Page 40: Strtecadp

    Specifies the full path name of the configuration file, in IFS format, to be used. EXAMPLES The following command starts an AS/400 alert adapter using the default configuration file. The following command starts the AS/400 alert adapter with the /QSYS.LIB/MYLIB.LIB/MYFILE.FILE/MYCFG.MBR configuration file. IBM Tivoli Enterprise Console: Adapters Guide user user user...

  • Page 41: Stopping The Adapter

    Stopping the Adapter The AS/400 adapter includes the ENDTECADP command that enables you to stop adapters individually or to stop all started adapters. The command is described on the following pages. Chapter 2. AS/400 Alert Adapter...

  • Page 42: Endtecadp

    AS/400 system: Arguments EVTADP OPTION DELAY(seconds) IBM Tivoli Enterprise Console: Adapters Guide Specifies the name of the adapter to stop. The following options can be specified: name Specifies the name of the adapter being stopped. This file name matches the name specified on the STRTECADP command.
  • Page 43 Examples The following command stops the AS/400 alert adapter, started with the adapter name ALERTADP. The following command stops the AS/400 alert adapter, started with the adapter name MYCFG, in a controlled manner with a delay time of 60 seconds. Chapter 2.

  • Page 44: Events Listing

    AS/400 alert adapter. You can use it to get a sense of how AS/400 alert events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the tecad_snaevent.baroc file on the event server.
  • Page 45 Event Class SNA_4xxx_Performance SNA_Performance_Degraded SNA_Performance SNA_5xxx_Congestion SNA_Congestion SNA_Configurable_Capacity_Limit_Reached SNA_Congestion_Other SNA_6xxx_Microcode SNA_Microcode_Program_Abnormally_ Terminated SNA_Microcode_Program_Error SNA_Microcode_Program_Mismatch SNA_Microcode SNA_7xxx_Operator SNA_Operator_Procedural_Error SNA_Operator SNA_8xxx_Specification SNA_Configuration_Or_Customization_Error SNA_Specification SNA_9xxx_Intervention_Required SNA_Operator_Intervention_Required SNA_Stock_Low SNA_Stock_Exhausted SNA_Depository_Full SNA_Intervention_Required SNA_Axxx_Problem_Resolved SNA_Problem_Resolved SNA_Bxxx_Notification SNA_Operator_Notification SNA_Environmental_Problem SNA_Resent_Alert_With_Updated_Information SNA_Notification SNA_Cxxx_Security SNA_Security_Event SNA_Security SNA_Exxx_Non_IBM_Codepoint SNA_Fxxx_Undetermined SNA_Undetermined_Error SNA_NonGeneric_Undetermined SNA_Reserved_By_IBM Default Event...

  • Page 46: Troubleshooting The As/400 Adapter

    4. Examine the job log for messages indicating the error that occurred and follow the corrective action specified. For further assistance, contact Customer Support. IBM Tivoli Enterprise Console: Adapters Guide name Default Severity CRITICAL...

  • Page 47: Logging Events In Test Mode

    Logging Events in Test Mode The file to which events are logged in test mode (instead of being sent to an event server) is created with a record length of 240 bytes if it does not exist. Because an event written to this file does not wrap to a new line if it is longer than 240 bytes, it is truncated.

  • Page 48: Changing The As/400 Startup Program

    BAROC file: Required if new classes are identified in the CDS file. v Rules file: Required if new rules are added. IBM Tivoli Enterprise Console: Adapters Guide QPGMR does not have authority to the AS/400 alert adapter commands and programs. You must either grant QPGMR authority to the commands and programs (“Starting the Adapter”...

  • Page 49: Configuration File

    Configuration File To create the configuration file, perform the following steps: 1. Copy the adapter files using the following commands: 2. Update the configuration file to show the keywords pointing to the new objects, as follows: 3. Update the CDS and the BAROC files to include any new classes and filters. 4.

  • Page 50: Postemsg

    POSTEMSG Posts an event to the event server. See the IBM Tivoli Enterprise Console Reference Manual for more details about this command. Context QTMETECA/POSTEMSG { –S<server> | –f<config_file> } [–r<severity>] [–m<message>] [<slot_name=value>, ...] <class> <source> Note: There cannot be a space between the option letter and the option value.

  • Page 51: Chapter 3. As/400 Message Adapter

    Creates IBM Tivoli Enterprise Console classes, using a class definition statement (CDS) file v Filters IBM Tivoli Enterprise Console events that are not important, using a configuration file v Sends IBM Tivoli Enterprise Console events to an event server (using TCP/IP...

  • Page 52: Configuration File

    JobDescription LanguageID MsgQueue IBM Tivoli Enterprise Console: Adapters Guide Specifies the type of resource to be monitored. The default value is MSGQ, meaning that the adapter monitors a message queue. Specifies the CDS file to be used for the AS/400 message adapter.

  • Page 53: Class Definition Statement File

    PollInterval Specifies the amount of time in seconds to return to a suspended state between checking for new events that have been placed on the message queue. The default is 20. The following example shows the format: ProcessExistingMsgs Specifies whether the AS/400 messages adapter resets back to the first message on the message queue when starting.
  • Page 54 Event definition content and syntax are described in the IBM Tivoli Enterprise Console Rule Builder’s Guide. $ADAPTER_HOST $ALERT_OPTION $DATE $DATA_CCSID_CONVERT_STATUS $DATA_CCSID_RETURNED $HOSTNAME IBM Tivoli Enterprise Console: Adapters Guide The protocol address of the host where the adapter is running.
  • Page 55 $MSG The default message used. $MSG_FILE_NAME The name of the message file containing the message received. $MSG_FILE_LIBRARY The name of the library containing the message file. For the actual library used when the message is sent, use the $MSG_LIBRARY_USED keyword. $MSG_HELP The message help for the message received.
  • Page 56 $SUB_SOURCE $TEXT_CCSID_CONVERT_STATUS $TEXT_CCSID_RETURNED $ARG1 – $ARG8 IBM Tivoli Enterprise Console: Adapters Guide The program name or Integrated Language Environment program name that contains the procedure sending the message. The time at which the message being received was sent, in HHMMSS (hour, minute, second) format.

  • Page 57: Starting The Adapter

    Starting the Adapter The AS/400 message adapter includes the STRTECADP command that enables you to start an adapter. The command is described on the following pages. Chapter 3. AS/400 Message Adapter...

  • Page 58: Strtecadp

    IBM Tivoli Enterprise Console: Adapters Guide Specifies a name for the adapter being started. This name is used on the End TEC Adapter (ENDTECADP) AS/400 command. It can be any valid AS/400 job name;...

  • Page 59: Stopping The Adapter

    Stopping the Adapter The AS/400 adapter includes the ENDTECADP command that enables you to stop adapters individually or to stop all started adapters. The command is described on the following pages. Chapter 3. AS/400 Message Adapter...

  • Page 60: Endtecadp

    IBM Tivoli Enterprise Console: Adapters Guide Specifies the name of the adapter being stopped. This name matches the name specified on the Start TEC Event Adapter command.
  • Page 61 Examples The following command stops the AS/400 message adapter, started with the adapter name SYSOPR, which was started to monitor the QSYSOPR message queue: The following command stops the AS/400 message adapter, started with the adapter name MYAPP, in a controlled manner that was set up to monitor an application-specific message queue: Chapter 3.

  • Page 62: Events Listing

    AS/400 message adapter. You can use it to get a sense of how AS/400 messages are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the as400msg.baroc file on the event server.

  • Page 63: Troubleshooting The As/400 Adapter

    Troubleshooting the AS/400 Adapter If a problem occurs with the AS/400 adapter, you can perform problem determination by investigating the job the adapter is running in. Each time you start an AS/400 adapter, a batch job is started. You can view the adapter job by issuing the following command: Where name is the name of the adapter job that matches the name specified on the STRTECADP command.

  • Page 64: Starting An As/400 Adapter After An Ipl

    The system value QSTRUPPGM (start-up program) contains the name of the program to execute after IPL. This program can be modified to add the starting of adapters. 1. Retrieve the code in the start-up program: 2. Modify the source: IBM Tivoli Enterprise Console: Adapters Guide starting a message adapter.

  • Page 65: Multiple As/400 Message Queues

    3. Create the program and put it in the QSYS library: Note: The start-up program runs under user profile QPGMR. By default, Multiple AS/400 Message Queues To support another AS/400 message queue, create the following additional files: v Configuration file: specifies a different message queue for the MsgQueue keyword and any new filters v CDS file: defines new classes to match the messages being monitored v BAROC file: required if new classes are identified in the CDS file...
  • Page 66 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 67: Chapter 4. Netware Log File Adapter

    Before starting the server, ensure that the configuration file defines the preferred adapter behavior. Error File The error file enables you to configure debugging and tracing options. This file is described in detail in “Error File” on page 19. © Copyright IBM Corp. 2002...

  • Page 68: Prefiltering Netware Events

    If during the polling interval the file is overwritten, removed, or recreated with more lines than the previous poll, only the number of lines greater than the IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 69: Format File

    The format file contains message format descriptions and their mapping to BAROC events. The message fields of a NetWare server event are matched against the format descriptions in this file and when a match succeeds, the corresponding IBM Tivoli Enterprise Console event is generated by the adapter. The format file contains predefined mappings for some common NetWare server events and can be customized to add new messages.

  • Page 70: Events Listing

    The events are defined in the BAROC file, which must be imported into the rule base. See the IBM Tivoli Enterprise Console Rule Builder’s Guide for more information about customizing the BAROC file.
  • Page 71 Alert Severity 4 (Fatal) Resource fatally affected; shutdown. 5 (Operation Aborted) The operation cannot complete. 6 (Non OS unrecoverable) The operation cannot complete. alert_locus Specified as an integer from zero ( ) to 20, this value indicates the location of the alert, as defined in the following table: Alert_locus alert_class Specified as an integer from zero ( ) to 21, this value indicates the NetWare...
  • Page 72 NW4_RequestError NW4_NotFound NW4_BadFormat NW4_Locked NW4_MediaFailure NW4_ItemExists NW4_StationFailure NW4_LimitExceeded NW4_ConfigurationError NW4_LimitAlmostExceeded NW4_SecurityAuditInfo NW4_DiskInformation IBM Tivoli Enterprise Console: Adapters Guide Alert_class System failure Request error Not found Bad format Locked Media failure Item exists Station failure Limit exceeded Configuration error Limit almost exceeded...

  • Page 73: Tecadnw4.Nlm

    Event Class NW4_GeneralInformation NW4_FileCompression NW4_ProtectionViolation NW4_AppMessage NW4_NLM_Loading NW4_NLM_Unloaded NW4_NLM_NotLoaded NW4_Abend TECADNW4.NLM The NLM, tecadnw4.nlm, is the NetWare log file adapter. The commands for loading and unloading the NLM are described on the following pages. Default Severity UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN...

  • Page 74: Tecadnw4.Nlm

    The following command starts the NetWare log file adapter with the myconf.cnf configuration file: IBM Tivoli Enterprise Console: Adapters Guide messages on its screen but will close it upon completion of initialization, and the adapter name will not be displayed in the list...

  • Page 75: Troubleshooting The Netware Log File Adapter

    Troubleshooting the NetWare Log File Adapter Perform the following steps to troubleshoot the NetWare log file adapter: 1. Stop the NetWare log file adapter that is currently running by unloading tecadnw4.nlm: 2. Start the adapter in debug mode: 3. Generate some events and see if the adapter receives them. As events arrive, the adapter prints messages to the screen indicating the class and the attribute values in the class.
  • Page 76 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 77: Chapter 5. Openview Adapter

    Chapter 5. OpenView Adapter The IBM Tivoli Enterprise Console adapter for the Hewlett-Packard OpenView (HPOV) product forwards events from OpenView to the event server. The adapter is registered with the startup configuration of the OpenView operating system using ovaddobj, so it is started along with all the other applications that use the operating system.

  • Page 78: Incoming Messages Format

    Event Correlation With NNM 6 You can configure the adapter to open a session with ovspmd so that ovspmd only forwards the correlated events you want to the adapter. This reduces the workload IBM Tivoli Enterprise Console: Adapters Guide Descr: OpenView Source ID number ObjId: 1.3.6.1.4.1.11.2.17.2.1.0...

  • Page 79: Determining The Ovsnmpeventopen Filter Value

    on the adapter in proportion to the number of events discarded by the NNM circuit settings and therefore not forwarded to the adapter. If you are running NNM 5 or earlier, the adapter calls OVsnmpTrapOpen to open a session; with NNM 6 or later, the adapter calls OVsnmpEventOpen.

  • Page 80: Testing Tools

    For complete details on streams and circuits, see the HP OpenView NNM documentation. The following lists show some of the commands you can use with streams and circuits: v To find details about the event correlation engine, use the following command: IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 81: Event Correlation Example

    v To find details about event arrivals for the circuits and streams, use the following command: v To turn on tracing to see the OpenView events received, use the following command: This trace file is located in $OV_LOG/ecs/<ecs-instance#>/ecsin.evt# v To turn on tracing to see the OpenView stream events received, use the following command: <stream-name>...

  • Page 82: Adapter Files

    Specifies the full path name of the object identifier file. This keyword is required if the object identifier file is not in the same directory as the configuration file. IBM Tivoli Enterprise Console: Adapters Guide The installation configuration script. The adapter executable file.

  • Page 83: Class Definition Statement File

    HPOVFilter=filter Specifies the events the adapter receives from OpenView NNM 6. This value is ignored with OpenView NNM 5. The adapter can accept up to 4096 bytes for this parameter; you must enter the value in one continuous line of input with no intervening line returns. Do not enclose the value in quotation marks;...

  • Page 84: Keywords

    The object identifier file maps object identifiers used by SNMP to names. No changes are necessary before the adapter is run. IBM Tivoli Enterprise Console: Adapters Guide Specifies the trap community string. Specifies the enterprise object identifier of the object generating the trap.

  • Page 85: Error File

    Each line of this file has the following form: For example Note: Object identifiers must appear in increasing order. You can use the names that are mapped to object identifiers in the CDS file. Error File The error file enables you to configure debugging and tracing options. This file is described in detail in “Error File”...

  • Page 86: Events Listing

    OpenView adapter. You can use it to get a sense of how OpenView events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file. See the IBM Tivoli Enterprise Console Rule Builder’s Guide for more information about customizing the...
  • Page 87 Event Class OV_IF_Deleted OV_IF_Descr_Chg OV_IF_Fault OV_IF_Down OV_IF_Flags_Chg OV_IF_Type_Change OV_Manage_IF OV_Manage_Network OV_Manage_Node OV_Manage_Segment OV_Network_Added OV_Network_Deleted OV_Network_Fault OV_Network_Critical OV_Network_Marginal OV_Network_Normal OV_Network_Flg_Chg OV_No_SNMP_Reply OV_Node_Added OV_Node_Deleted OV_Node_Fault OV_Node_Down OV_Node_Marginal OV_Node_Flags_Chg OV_Object_ID_Chg OV_Phys_Addr_Chg OV_Phys_Addr_Mismatch OV_Segment_Added OV_Segment_Deleted OV_Segment_Fault OV_Segment_Critical OV_Segment_Marginal OV_Segment_Normal OV_Segment_Flag_Chg OV_Subnet_Mask_Chg OV_Sys_Contact_Chg OV_Sys_Descr_Chg OV_Sys_Location_Chg OV_Sys_Name_Chg OV_Unmanage_IF OV_Unmanage_Network...

  • Page 88: Openview Traps

    “OpenView Driver” on page 65. The specific-trap is the number identifying the sub-type of the trap. For OpenView events, the following list is used: 50462720 50790400 50790401 IBM Tivoli Enterprise Console: Adapters Guide Warnings Node Marginal Segment Normal Default Severity WARNING...

  • Page 89: Troubleshooting The Openview Adapter

    50790402 50790403 50790404 50790405 50790406 50790407 50790408 50790409 50790410 50790411 50790412 50790418 50790419 50790420 50790421 All OpenView events are supported by the OpenView adapter. Troubleshooting the OpenView Adapter Perform the following steps to troubleshoot the OpenView adapter: 1. Make sure that the tecad_hpov.lrf entry is correct and has been registered with OpenView using the ovaddobj command.
  • Page 90 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 91: Chapter 6. Os/2 Adapter

    ASCII log files residing on the OS/2 system. The adapter translates a certain type of FFST events into IBM Tivoli Enterprise Console events and sends them to the event server. There are three types of FFST events: DET1, DET2, and DET4.

  • Page 92: Format File

    UnmatchLog Specifies a file to log discarded events that cannot be parsed into an IBM Tivoli Enterprise Console event class by the adapter. The discarded events can then be analyzed to determine if modifications are needed to the adapter format file.

  • Page 93: Stopping The Adapter

    OS/2 adapter. You can use it to get a sense of how OS/2 events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file.

  • Page 94: Troubleshooting The Os/2 Adapter

    Usually the error messages pinpoint the problem. If the previous steps do not indicate any problems and you do not see the new events in the IBM Tivoli Enterprise Console product, there might be a problem with the event group filters.

  • Page 95: Chapter 7. Snmp Adapter

    Chapter 7. SNMP Adapter The Simple Network Management Protocol (SNMP) adapter for the IBM Tivoli Enterprise Console product forwards events from SNMP traps to the event server. This chapter explains how to configure and start the SNMP adapter. SNMP Driver...

  • Page 96: Configuration File

    Appendix C, “Class Definition Statement File Reference” on page 155. SNMP Event Example Keywords To customize events, use the following keywords in class definition statements. Event definition content and syntax are described in the IBM Tivoli Enterprise Console Rule Builder’s Guide. $COMMUNITY $ENTERPRISE...

  • Page 97: Built-In Variables For $Varbind

    $AGENT_ADDR $VARBIND $VB_NUM_VARS $ADAPTER_HOST Built-in Variables for $VARBIND: $VARBIND is a list of all non-fixed attributes. To access the individual elements of $VARBIND, use the VB_# variables, where # is a number greater than zero ( ). For example, if $VARBIND has three elements, you can use VB_1, VB_2, and VB_3 as variables to access the data.

  • Page 98: Cold Start

    SNMP adapter. You can use it to get a sense of how SNMP traps are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file.
  • Page 99 adapter_host Host on which the adapter runs forwarding_agent Proxy agent that forwarded the event to the adapter Additional information is provided where possible by using OpenView category and status codes. See the ENUMERATION statements at the beginning of the BAROC file for details. The following events are examples of the ones defined in the BAROC file: Event Class SNMP_Trap...

  • Page 100: Rules Listing

    Enterprise-specific traps can be handled by supporting Cisco routers enterprise-specific traps, as follows: Reload tcpConnectionClose Additionally, enterprise-specific traps can be handled by supporting Cabletron hubs, as follows: PortSegmenting PortUnsegmenting PortLinkUp PortLinkDown IBM Tivoli Enterprise Console: Adapters Guide Port_Type_Changed_CBT Lock_Status_Changed_CBT Port_Security_Violation_CBT Port_Violation_Reset_CBT Env_Temperature_CBT Reload_Cisco TCP_Connection_Close_Cisco Event Severity WARNING...

  • Page 101: Creating A New Snmp Trap Event

    NewSourceAddress SourceAddressTimeout BoardRemoval BoardInsertion ActivePortInRedundantCircuitFailed RedundantPortActivated RedundantPortTesfFailed DeviceTrafficThresholdExceeded DeviceErrorThresholdExceeded DeviceCollisionThresholdExceeded BoardTrafficThresholdExceeded BoardErrorThresholdExceeded BoardCollisionThresholdExceeded BoardCollisionThresholdExceeded PortTrafficThresholdExceeded PortErrorThresholdExceeded PortCollisionThresholdExceeded PortTypeChanged LockSTATUSChanged PortSecurityViolation PortViolationReset EnvTempWarm EnvTempHot EnvVoltageLow Creating a New SNMP Trap Event To create a new SNMP trap event using an SNMP Management Information Base (MIB) file, change the following files: v tecad_snmp.baroc v tecad_snmp.cds...

  • Page 102: Agent-Independent Data

    Otherwise, one of the values clear-1 through clear-5 is used to communicate the priority of a clear-alert message. IBM Tivoli Enterprise Console: Adapters Guide...
  • Page 103 Threshold alerts are generated when a condition crosses a preconfigured threshold, and are cleared by the agent when the condition crosses the preconfigured reset value. Chapter 7. SNMP Adapter...

  • Page 104: Class Definition Statement File Changes

    MIB definition for lanalertFSA-NW3-s1 TRAP-TYPE. In this case lanalertFSA-NW3-s1 is the first and is denoted as follows: The other attributes are derived from the trap expected object types. The definition for lanalertFSA-NW3-s1 states that it contains the following information: IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 105: Object Identifier File Changes

    These are denoted in the tecad_snmp.cds file as follows: You would add the following entry to the tecad_snmp.cds file to map the trap variables to adapter variables: These variable values are then mapped to event attributes defined in the tecad_snmp.baroc file. For example, the BAROC class definition for the lanalertFSA-NW3-s1 event is as follows: Object Identifier File Changes The entry in the tecad_snmp.oid file for this trap is composed of the enterprise...
  • Page 106 IBM Tivoli Enterprise Console: Adapters Guide Starts the adapter in debug mode. This argument prevents the daemon from forking itself.

  • Page 107: Chapter 8. Ibm Tivoli Enterprise Console Gateways

    See “How Events Get Sent to the Event Server” on page 1 for an overview of the IBM Tivoli Enterprise Console gateway, referred to in the rest of this chapter as the gateway. Controlling Event Traffic at the Gateway At certain times, the number of events coming from endpoint adapters can overwhelm the gateway, the event server, and even the network.
  • Page 108 For instance, an improper configuration might have multiple gateways sending events at the same rate, thus flooding the event server at the same time. See “Configuration File” on page 97 for details about these keywords. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 109: Worksheets And Calculations

    UNIX: Microsoft Windows: Expected Peak Rate for High Traffic Event Send Adjusted EventSendThreshold Rate Rate Chapter 8. IBM Tivoli Enterprise Console Gateways BufferFlushRate 5400 events per minute (90 events per second) 3000 events per minute (50 events per second) 140 events per second...
  • Page 110 BufEvtPath EventSendThreshold GatewayAckInterval IBM Tivoli Enterprise Console: Adapters Guide Specifies the gateway to buffer events at this location if it cannot forward them to the event server. Because a single gateway can forward events to multiple event servers, it must have an event buffer file for each of those event servers.
  • Page 111 ServerLocation keyword. If ServerLocation is not specified in the gateway configuration file, the gateway sends the event to the event server in the local Tivoli management region. Chapter 8. IBM Tivoli Enterprise Console Gateways...
  • Page 112 TME Tivoli Event Integration Facility. The port value of zero ( ) specified for @EventServer is ignored because port numbers are not needed with the TME Tivoli Event Integration Facility. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 113: Chapter 9. Unix Log File Adapter

    Chapter 9. UNIX Log File Adapter The TME UNIX log file adapter receives raw log file information from the UNIX syslogd daemon, formats it, and sends it to the IBM Tivoli Enterprise Console gateway. The IBM Tivoli Enterprise Console gateway then sends the information to the event server.

  • Page 114: Stopping The Adapter

    Note: The endpoint adapter can be automatically stopped by distributing an ACP that has the adapter start command removed from the after-file-distribution actions. See the IBM Tivoli Enterprise Console User’s Guide for additional information. Running Multiple UNIX Log File Adapters You can run multiple instances of the UNIX log file adapter on a single system.

  • Page 115: Adapter Files

    Adapter Files The UNIX log file adapter package consists of the following files: tecad_logfile.cfg init.tecad_logfile tecad_logfile logfile_gencds tecad_logfile.baroc tecad_logfile.cds tecad_logfile.conf tecad_logfile.err tecad_logfile.fmt log_default.rls Before you start the event server and UNIX log file adapter, check each adapter file to determine if it defines the behavior you want from the adapter. Configuration File The configuration file defines the behavior of the adapter.

  • Page 116: Format File

    LogSources field for new messages. The default value is 120 seconds. UnmatchLog Specifies a file to log discarded events that cannot be parsed into an IBM Tivoli Enterprise Console event class by the adapter. The discarded events can then be analyzed to determine if modifications are needed to the adapter format file.
  • Page 117 Event Class Logfile_Amd Amd_Mounted Amd_Unmounted Logfile_Automount Logfile_Bootpd Logfile_Comsat Logfile_Cron Logfile_Date Logfile_Date_Set Logfile_Ebbackupd Ebbackupd_Waiting Logfile_Ebcatcomp Logfile_Fsck Logfile_Ftp Logfile_Ftpd Logfile_Gated Logfile_Getty Logfile_Halt Logfile_Idi Logfile_Inetd Logfile_Init Logfile_Innd Logfile_Kernel File_Write_Error File_System_Full NFS_Write_Error Sendsig_Err Kernel_Panic NFS_No_Response NFS_OK Silo_Overflow Logfile_Login Root_Login Root_Login_Failure Root_Login_Failure_From Root_Login_Success Root_Login_Success_From Repeated_Login_Failure Repeated_Login_Failure_From Logfile_Lpd Default Severity...
  • Page 118 Printer_Door_Open Printer_Offline Printer_Output_Full Printer_Page_Punt Printer_Paper_Jam Printer_Paper_Out Printer_Powerup Printer_Toner_Low Logfile_Rarpd Logfile_Reboot Logfile_Rexecd Logfile_Rftp Logfile_Rlogind Logfile_Routed Logfile_Rquotad Logfile_Rshd Logfile_Rstatd IBM Tivoli Enterprise Console: Adapters Guide Default Severity WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING CRITICAL HARMLESS MINOR CRITICAL MINOR WARNING...
  • Page 119 Event Class Logfile_Rtelnet Logfile_Rwhod Logfile_Sendmail Sendmail_Loopback Sendmail_No_Space Logfile_Snmpd Logfile_Sockd Sockd_Connected Sockd_Terminated Sockd_Transfer Logfile_Strerr Logfile_Su Su_Failure Su_Success Logfile_Syslogd Syslogd_Nospace Logfile_Talkd Logfile_Telnetd Logfile_Tftpd Logfile_Xntpd Xntpd_Clock_Reset Xntpd_Ntpdate Logfile_YP Logfile_Ypbind Logfile_Ypchfn Logfile_Ypchsh Logfile_Yppasswd NIS_No_Response NIS_OK No_Permission No_Resources No_Disk_Space File_System_Full LOCAL_File_System_Full NFS_File_System_Full SWAP_File_System_Full Sendmail_No_Space Syslogd_Nospace No_Memory No_Proc_Attributes Server_No_Response...

  • Page 120: Default Rules

    Some of the log file events are relevant for a short amount of time. The administrators also do not want to be burdened with closing these events manually. A rule is provided that closes the following event classes after one IBM Tivoli Enterprise Console: Adapters Guide Default Severity WARNING...

  • Page 121: Troubleshooting The Unix Log File Adapter

    You can edit this rule to change the time or the list of classes. Refer to the IBM Tivoli Enterprise Console Rule Builder’s Guide for information about editing rules. – Logfile_Amd – Logfile_Cron – Logfile_Oserv – Logfile_Date_Set The event server also comes with some additional rules that you can install. The $BINDIR/TME/TEC/contrib/rules/security directory contains the security_default.rls file, which provides the following behavior to the event server:...
  • Page 122 7. If the previous steps do not indicate any problem and you do not see the new events in the IBM Tivoli Enterprise Console product, there might be a problem with the event group filters. Make sure the class filters match the classes in the BAROC files.

  • Page 123: Chapter 10. Windows Event Log Adapter

    The class definition statement (CDS) file. © Copyright IBM Corp. 2002 The readme file. The adapter installation batch file. The adapter installation assist executable file. The adapter service executable file. The adapter non-service executable file.

  • Page 124: Configuration File

    You must take this into consideration if you run tasks or programs from the IBM Tivoli Enterprise Console product or the rule base, because they might use the hostname attribute to determine where they run.
  • Page 125 Note: The IBM Tivoli Enterprise Console product uses one exception to the Tcl regular expression syntax. The backslash character ( ) in the IBM Tivoli Enterprise Console product means the literal character that follows is the character to filter for, not some special character such as a tab. For example, the IBM Tivoli Enterprise Console product.
  • Page 126 FALSE. Specifies a file to log discarded events that cannot be parsed into a IBM Tivoli Enterprise Console event class by the adapter. The discarded events can then be analyzed to determine if modifications are needed to the adapter format file.

  • Page 127: Prefiltering Windows Log Events

    IBM Tivoli Enterprise Console event. The prefiltering is performed before the event is formatted into an IBM Tivoli Enterprise Console event and subjected to any filtering specified with the Filter or FilterCache configuration file keywords.

  • Page 128: Format File

    The format file contains message format descriptions and their mappings to BAROC events. The message fields of a Windows event are matched against the format descriptions in this file and when a match succeeds, the corresponding IBM Tivoli Enterprise Console event is generated by the adapter. The format file contains predefined mappings for some common Windows events and can be customized to add any new messages.

  • Page 129: Registry Variables

    Registry Variables Registry variables are used to control the operation of the Windows event log adapter. Changes made to registry variables take effect immediately; there is no need to stop and restart the adapter. Use the registry editor (regedt32) provided by Windows to view and modify registry variables.
  • Page 130 To process all messages in the Security Log, set the SecurityEventsProcessed variable to . IBM Tivoli Enterprise Console: Adapters Guide doubles until the set PollingInterval time. To avoid this, set PollingInterval to a lower number. The PollingInterval setting is in the registry in HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ TECWinAdapter\.

  • Page 131: Low Memory Registry Variables

    SecurityEventsProcessedTimeStamp Contains the time stamp for the corresponding event identified by the value of the SecurityEventsProcessed variable. SystemEventsProcessed Contains the highest event number in the Windows event log that the adapter has processed. The adapter uses this variable to keep track of how many log events it has read and sent to the event server so that the adapter can start at the next event the next time it polls the log.

  • Page 132: Adapter Administrator Roles For Windows

    Windows event log adapter. You can use it to get a sense of how Windows events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file.

  • Page 133: Event Class Structure

    Event Class Structure Event classes are defined hierarchically, with child classes inheriting attribute value defaults from the parent. The Windows event classes follow a simple hierarchy. The adapter fills in the following attribute default values. The attributes are used in event group filters. source NT sub_source hostname...
  • Page 134 NT_Domain_Not_Contactable NT_WINS_Alert NT_WINS_Server_Alert NT_Master_Browser NT_Trustee_Relationship NT_Timeserv_Worked NT_Timeserv_Failed_1 NT_Timeserv_Failed_2 NT_Timeserv_Failed_3 NT_Timeserv_Failed_4 NT_Timeserv_Failed_5 NT_Timeserv_Failed_6 NT_License_Service_No_License_Available NT_License_Service_Out_Of_Licenses NT_Restore NT_Backup NT_Replicator_Did_Not_Send_Update NT_Replicator_System_Error NT_Replicator NT_Tivoli_Courier NT_Tivoli_TEC_Adapter NT_Tivoli_TEC_Adapter_Error_Sending_Alert NT_Sophos_Sweep NT_SNMP NT_Insight_Manager_Error NT_Insight_Manager NT_Privileged_Service_Called NT_Trusted_Process_Logon_Success NT_Logon_Successful NT_Logon_Failure NT_User_Logoff NT_Log_Clear_Successful NT_Account_Management_Success NT_Group_Management_Change_Success IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 135: Tecad_Win Command

    Event Class NT_Global_Group_Changed NT_Local_Group_Member_Removed NT_Account_Password_Change_Success NT_Server_Start NT_Application_Error NT_Table_Reached_Maximum_Size NT_Handle_Closed NT_Object_Open NT_Audit_Policy_Change NT_Duplicate_Name tecad_win Command The Windows event log adapter includes the tecad_win command, which enables you to start the adapter in non-service mode. The command description is on the following pages. Severity WARNING Chapter 10.

  • Page 136: Tecad_Win

    Note: The .conf file must be in the /etc directory where the adapter is installed. IBM Tivoli Enterprise Console: Adapters Guide adapter in this mode, make sure that no other adapters of the same source are running at the same time.

  • Page 137: Troubleshooting The Windows Event Log Adapter

    7. If the previous steps do not indicate any problem and you do not see the new events in the IBM Tivoli Enterprise Console product, there might be a problem with the event group filters. Make sure the class filters match the classes in the BAROC files.
  • Page 138 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 139: Chapter 11. Windows Nt Event Log Adapter

    The BAROC file. © Copyright IBM Corp. 2002 The readme file. The adapter installation batch file. The adapter installation assist executable file. The adapter service executable file. The adapter non-service executable file. The configuration file.

  • Page 140: Configuration File

    You must take this into consideration if you run tasks or programs from the IBM Tivoli Enterprise Console product or the rule base, because they might use the hostname attribute to determine where they run.
  • Page 141 If during the polling interval the file is overwritten, removed, or recreated with more lines than the previous poll, only the number of lines greater than the previous line count is read. For example, the file has one line. After the poll interval elapses, the file is overwritten with two lines.

  • Page 142: Prefiltering Windows Nt Log Events

    IBM Tivoli Enterprise Console event. The prefiltering is performed before the event is formatted into an IBM Tivoli Enterprise Console event and subjected to any filtering specified with the Filter or FilterCache configuration file keywords.

  • Page 143: Format File

    Specifies one or more of the Windows NT event logs to prefilter. Valid values are System, Security, Application, or any combination of these separated by commas. The default is all three event logs. EventId Specifies the event number assigned by Windows NT. You can specify up to sixteen event numbers.

  • Page 144: Non-English Format Files

    EventsProcessed to match the correct value based on the corresponding variable ending with EventsProcessedTimeStamp. ApplicationEventsProcessed Contains the highest event number in the Windows NT Application Log IBM Tivoli Enterprise Console: Adapters Guide...
  • Page 145 that the adapter has processed. The adapter uses this variable to keep track of how many events it has read and sent to the event server so that the adapter can start at the next event the next time it polls the log. You can lower the ApplicationEventsProcessed variable if you want an event to be read and processed again.

  • Page 146: Low Memory Registry Variables

    2. You can leave the User Login Name and Group Login Name fields blank. 3. Type in SYSTEM in the Set Login Names dialog. 4. Select senior (or higher) in the Set TMR Roles dialog. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 147: Starting The Adapter

    Windows NT event log adapter. You can use it to get a sense of how Windows NT events are mapped to IBM Tivoli Enterprise Console events and to determine if you want to make any changes. The events are defined in the BAROC file.
  • Page 148 NT_Service_Started NT_Service_Terminated NT_Printer_Error NT_Printer_Was_Set NT_Printer_Was_Created NT_Printer_Pending_Deletion NT_Security_Database NT_Security_Database_Error NT_Insight_Agent_Disk_Alert NT_DHCP_Rejected_Allocation_Request NT_Domain_Not_Contactable NT_WINS_Alert NT_WINS_Server_Alert NT_Master_Browser NT_Trustee_Relationship NT_Timeserv_Worked NT_Timeserv_Failed_1 NT_Timeserv_Failed_2 IBM Tivoli Enterprise Console: Adapters Guide Default Severity WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING...

  • Page 149: Tecad_Nt Command

    Event Class NT_Timeserv_Failed_3 NT_Timeserv_Failed_4 NT_Timeserv_Failed_5 NT_Timeserv_Failed_6 NT_License_Service_No_License_Available NT_License_Service_Out_Of_Licenses NT_Restore NT_Backup NT_Replicator_Did_Not_Send_Update NT_Replicator_System_Error NT_Replicator NT_Tivoli_Courier NT_Tivoli_TEC_Adapter NT_Tivoli_TEC_Adapter_Error_Sending_Alert NT_Sophos_Sweep NT_SNMP NT_Insight_Manager_Error NT_Insight_Manager NT_Privileged_Service_Called NT_Trusted_Process_Logon_Success NT_Logon_Successful NT_Logon_Failure NT_User_Logoff NT_Log_Clear_Successful NT_Account_Management_Success NT_Group_Management_Change_Success NT_Global_Group_Changed NT_Local_Group_Member_Removed NT_Account_Password_Change_Success NT_Server_Start NT_Application_Error NT_Table_Reached_Maximum_Size NT_Handle_Closed NT_Object_Open NT_Audit_Policy_Change NT_Duplicate_Name tecad_nt Command The Windows NT event log adapter includes the tecad_nt command, which enables you to start the adapter in non-service mode.

  • Page 150: Tecad_Nt

    Note: The .conf file must be in the /etc directory where the adapter is installed. IBM Tivoli Enterprise Console: Adapters Guide adapter in this mode, make sure that no other adapters of the same source are running at the same time.

  • Page 151: Troubleshooting The Windows Nt Event Log Adapter

    7. If the previous steps do not indicate any problem and you do not see the new events in the IBM Tivoli Enterprise Console product, there might be a problem with the event group filters. Make sure the class filters match the classes in the BAROC files.
  • Page 152 10 minutes, if the adapter and the CPU are under a heavy load. This delay occurs because the adapter attempts to finish processing all pending events before exiting. The adapter should shut down immediately under normal load conditions. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 153: Appendix A. Files Shipped With Adapters

    OS/390 as part of the Event/Automation Service. Although these adapters are shipped as part of that product, the BAROC files and rule files for them are shipped with the IBM Tivoli Enterprise Console product. For information about additional files shipped with these adapters, see the Tivoli NetView for OS/390 documentation.
  • Page 154 The following table lists the file names for some of the more significant files used for the IBM Tivoli Enterprise Console adapters: Adapter AS/400 alert AS/400 message NetWare OpenView OS/2 SNMP IBM Tivoli Enterprise Console: Adapters Guide Extension File Name .baroc...
  • Page 155 Adapter Extension UNIX log file .baroc .cds .cfg .conf .err .fmt .rls Microsoft Windows .baroc event log .cds .conf .err .fmt Windows NT event .baroc .cds .conf .err .fmt File Name tecad_logfile.baroc tecad_logfile.cds tecad_logfile.cfg tecad_logfile.conf tecad_logfile.err tecad_logfile.fmt log_default.rls tecad_win.baroc tecad_win.cds tecad_win.conf tecad_win.err tecad_win.fmt...
  • Page 156 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 157: Appendix B. Format File Reference

    TME adapters with the Log File Format Editor of the Adapter Configuration Facility (ACF). See the IBM Tivoli Enterprise Console User’s Guide for information about using the Log File Format Editor.

  • Page 158: Format Specifications

    The component specifiers always end in a constant and not white space. The component specifiers are as follows: v %[length]s IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 159: Log File Example

    Matches one constant in the message. The optional length is a decimal number of any size and allows the constant to be truncated to the length if the constant actual length is greater than the specifier length. v %[length]s* Matches zero or more constants in the system log message. The optional length is a decimal number of any size and allows any of the accumulated constants to be truncated to the length if the constant actual length is greater than the specifier length.
  • Page 160 From the preceding examples, you can see that you can specialize a generic format string to match a more specific event by either replacing component specifiers with constants or by restricting the arbitrary length repeater specifiers to a fixed length, using constants to complete the specifier. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 161: Windows Nt Example

    Windows NT Example The following example is a Windows NT message: The variable parts are the time stamp (Jan 15 15:06:19 1998), possibly the security ID (N/A), the event ID (7024), the service name (UPS), and the error code (2481). Another system log message uses the same general format, as shown in the following example: The constant parts of a system log message are defined by simply embedding them...
  • Page 162 In a non-TME adapter, the value is the host name of the machine. IBM Tivoli Enterprise Console: Adapters Guide adapter source code to add new logic for obtaining attribute values. . User ID...

  • Page 163: Additional Mapping Considerations

    Additional Mapping Considerations Specify only one mapping for each BAROC file attribute. A mapping can be inherited from a more generic format specification (using the FOLLOWS keyword) or can be explicitly defined on the format specification that directly matches the message. Because the adapter does not access the BAROC file, which resides on the event server, care must be taken to make sure that the format specifications agree with the corresponding BAROC file definitions.
  • Page 164 Variables are resolved from the matching format specification, even if they are inherited. For example, if the msg attribute had not been overridden with the IBM Tivoli Enterprise Console: Adapters Guide Source of Mapping From the %t component specification...

  • Page 165: Activating Changes Made With A Format File

    PRINTF statement in the Root_Login_Success_From class, its value would have been ttyp6. This is because the msg attribute is inherited as the third component specification in the event, even though the third component in the originating class (Logfile_Base) would have yielded the value sawmill login: ROOT LOGIN ttyp6 FROM oak.
  • Page 166 NetWare log file OS/2 UNIX log file Windows event log Windows NT event log IBM Tivoli Enterprise Console: Adapters Guide language language See “TECADNW4.NLM” on page 61. See “Starting the Adapter” on page 80. See “Starting the Adapter” on page 101.

  • Page 167: Appendix C. Class Definition Statement File Reference

    (<=) operators are applicable only to integer values; they are not implemented for integer keys. The following is an example of the use of the operators. In this example, the code is for an AS/400 message adapter: © Copyright IBM Corp. 2002...

  • Page 168: Class Definition Statement File Details

    CDS file. Locating the most restrictive class definition statement first for a same-named class provides for better performance of the adapter. IBM Tivoli Enterprise Console: Adapters Guide Explanation A match occurs when any message arriving...

  • Page 169: Select Statement

    If the class name equals *DISCARD*, any incoming event matching the SELECT statement is discarded. Note that an event is also discarded if it does not match any class definition statement. However, if a particular type of incoming event must always be discarded (for example, routine events that are of no importance to administrators), it is more efficient to define a *DISCARD* class definition statement and locate it at the beginning of the CDS file, rather than let the adapter evaluate all class definition statements and finally discard the event.

  • Page 170: Fetch Statement

    SELECT statement for the incoming event. Sometimes it is necessary to perform tasks such as extracting a substring from an attribute value, adding two values, and so forth. IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 171: Map Statement

    There can be one or more clauses within a FETCH statement. Each clause has the following format: n expression where n is the identification number of a clause within a FETCH statement and expression is an expression specifying the value to assign the pseudo-variable $Fn. Pseudo-variables are the output from a clause of a FETCH statement.

  • Page 172: Object Identifier To Name Translation

    An object identifier file (tecad_adaptername.oid) for SNMP-based adapters contains OID-to-name mappings for some SNMP variables. You can add or modify this file as needed. The format of an object identifier file is: name object_identifier For example: IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 173: Class Definition Statement File Syntax Diagrams

    Class Definition Statement File Syntax Diagrams This section describes the syntax for statements allowed within a CDS file. The syntax is shown in BNF-like notation where the vertical bar (|) character represents alternatives, and optional parts are contained within braces ({}). Appendix C.
  • Page 174 IBM Tivoli Enterprise Console: Adapters Guide...
  • Page 175 Appendix C. Class Definition Statement File Reference...
  • Page 176 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 177: Notices

    Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead.
  • Page 178 Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

  • Page 179: Trademarks

    IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs.
  • Page 180 IBM Tivoli Enterprise Console: Adapters Guide...

  • Page 181: Glossary

    BAROC. See Basic Recorder of Objects in C. Basic Recorder of Objects in C (BAROC). In the event server of the IBM Tivoli Enterprise Console product, the internal representation of the defined event classes.
  • Page 182 The IBM Tivoli Enterprise Console product uses the rule base in managing events. An organization can create many rule bases, with each rule base fulfilling a different set of needs for network computing management.

  • Page 183: Index

    ENDTECADP command 30 event listing 34 existing alert filters 27 FETCH examples 25 files 23, 142 graphic character set 25 © Copyright IBM Corp. 2002 AS/400 alert adapter (continued) job queue 35 keywords, CDS file 25 message queues 24 multiple adapters 36...
  • Page 184 CDS file keywords AS/400 alert adapter $ACTION_CODE 25 $ACTIONS 25 $ADAPTER_CORREL 25 $ADAPTER_HOST 25 $ADAPTER_HOST_SNANODE 26 $ALERT_CDPT 26 IBM Tivoli Enterprise Console: Adapters Guide CDS file keywords (continued) AS/400 alert adapter (continued) $ALERT_ID 26 $ARCH_TYPE 26 $BLOCK_ID 26 $CAUSES 26 $DATE 26...
  • Page 185 CDS file keywords (continued) SNMP adapter (continued) $TYPE 84 $VARBIND 85 $VB_NUM_VARS 85 CDS files adapter-specific AS/400 alert adapter 25 AS/400 message adapter 40 OpenView adapter 71, 72 SNMP adapter 84 UNIX log file adapter 104 example 18 format files 17 location 9, 10 overview 18 syntax 161...
  • Page 186 UNIX log file adapter 103 Windows event log adapter 112 Windows NT event log adapter 128 described 9 example 9 format 9 IBM Tivoli Enterprise Console gateway 97 location 9 configuring adapters AS/400 alert adapter 26 AS/400 message adapter 40 NetWare adapter 56...
  • Page 187 39 BAROC 16 buffer 10 cache 8 CDS 18 configuration 9 error 19 format 17 IBM Tivoli Enterprise Console gateway 97 init.tecad_logfile 102, 103 init.tecad_snmp 83 initial 20 install.exe 79 installation script 8 instlsrv.exe 127 log_default.rls 103, 108 logfile_gencds 103, 104 mail alias 108 MSGBRC.MBR 39...
  • Page 188 IBM Tivoli Enterprise Console (continued) tec_gateway_sce 97 gateway, Tivoli Management Framework 2 GatewayAckInterval keyword 98 GatewayQueueSize keyword 99 GatewaySendInterval keyword 99 GatewayTMEAckEnabled keyword 99 getport_timeout_seconds keyword 12 getport_timeout_usec keyword 12 getport_total_timeout_seconds keyword 12 getport_total_timeout_uset keyword 12 graphic character set 25...
  • Page 189 OpenView adapter (continued) configuration file 70 described 65 error file 73 event correlation with NNM 6 66, 68 event listing 74 files 70, 142 ovspmd process 65 ovtrapd process 65 starting 73 stopping 73 stream tracing 68 testing tool 68 traps 76 troubleshooting 77 OpenView NNM version, determining 65...
  • Page 190 TCP/IP AS/400 alert adapter 35 AS/400 message adapter 51 host table 35, 51 Windows event log adapter 111 IBM Tivoli Enterprise Console: Adapters Guide TCP/IP (continued) Windows NT event log adapter 127 tec_gateway_sce ACP 97 tec_gateway.conf 97 tec_recv_agent_port entry 14 tec_uninstal.cmd 79...
  • Page 191 troubleshooting all adapters 21 AS/400 alert adapter 34 AS/400 message adapter 51 described 19 endpoint adapters 21 managed node adapters 21 NetWare adapter 55, 63 non-TME adapters 22 OpenView adapter 73, 77 OS/2 adapter 82 SNMP adapter 93 UNIX log file adapter 109 Windows event log adapter 125 Windows NT event log adapter 139 UDP calls 12...
  • Page 192 IBM Tivoli Enterprise Console: Adapters Guide...
  • Page 194 Program Number: 5698-TEC Printed in U.S.A.

Table of Contents