O'Reilly logo

Event Management and Best Practices by Michael Wallace, Guilherme Pereira, Jacqueline Meckwood, Peter Glasmacher, Tony Bhe

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Event management products and best practices 279
6.5.2 Escalating events with NetView
Best practices dictate that you should perform escalation using IBM Tivoli
Enterprise Console for worsening problems or using the trouble-ticketing system
for problems that have not been addressed within a predefined time period.
However, in environments where NetView is the only monitoring tool, it may be
desirable to have it perform trap escalation. The NetView rule set is used to
perform this function.
Override ruleset node
One of the nodes available to the NetView ruleset editor is Override. This
provides the capability to change the object status or severity assigned to a
specific event and update applications that are registered to receive the output of
the rule set. Typically, the Event Display application is registered to receive the
output.
Figure 6-35 on page 283 contains the following relevant fields:
򐂰 Status: Specifies the new object status to be associated with this event. You
can click No override if you do not want to change the status. The Event
Display application updates the object status to this value.
򐂰 Severity: Specifies the new severity level to be used for this event. You can
click No override if you do not want to change the severity level. A trap that is
processed through this node is marked so that it is not handled by the default
processing action specified for this rule.
Business impact escalation rule
An example of business impact escalation is increasing the severity of traps
based on device type. A rule set may be coded in NetView that uses a Query
Database Field to determine the device type, and then uses an override,
depending on the type.
NetView issues Node Down traps when switches and servers fail. By default, the
traps are assigned a Minor severity. Assume that an organization decides to treat
switch failures as more critical than other node outages. The rule set shown in
Figure 6-31 accomplishes this.
280 Event Management and Best Practices
Figure 6-31 Escalation rule set in NetView
For the event stream to pass events, by default, follow these steps:
1. Right-click the Event Stream node and select Edit.
2. In the Ruleset window (Figure 6-32), click Pass and then click OK. This
ensures that traps, other than the one in question, are passed by default.
Figure 6-32 Event Stream default action
3. Add the Trap Settings node to check for the node down trap.
a. Right-click the Trap Settings node and select Edit.
b. In the Trap Settings window (Figure 6-33), choose the enterprise and trap,
and click OK.
Upon matching, it sends the trap onto the Query Database Field. Note that traps
that do not match are merely forwarded, as set by the default action for the event
Chapter 6. Event management products and best practices 281
stream. The Query Database Field checks to see if the isBridge field is set for the
object. Switches have this field set.
Figure 6-33 Trap setting for escalating a Node Down trap
282 Event Management and Best Practices
Again, edit the node. Right-click the node and select Edit. As shown in the Query
Database Field window (Figure 6-34), for Field Name, click the Select button and
select isBridge. The Object ID Source is set to 2. This indicates that the query
should be performed for the object referenced in variable binding 2 (host name to
which the trap applies) from the trap. See Appendix A in Tivoli NetView for UNIX
Administrator’s Guide, Version 7.1, SC31-8892, for a list of the variables passed
in NetView internal traps.
Figure 6-34 Query Database Field settings for escalation
Chapter 6. Event management products and best practices 283
The Override node is edited and the severity for the trap is set to Major, as shown
in Figure 6-35. No change was made to the object status.
Figure 6-35 Override node used in escalation rule
To test the rule set, we created a dynamic event display window, as shown in
Figure 6-36, and selected the escalation.rs rule for it. See Chapter 4, “Using
Dynamic and Static Work Spaces”, in Tivoli NetView for UNIX User's Guide for
Beginners, Version 7.1, SC31-8891, for information about how to create dynamic
work spaces.
Figure 6-36 Dynamic filtered workspace for escalation rule set

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required