IBM Support

Recipe to setup the SNMP Mttrapd Probe with the Netcool Knowledge Library

Technote (FAQ)


Question

How can I configure the Mttrapd probe with a standard set of rules files from the NcKL?

Answer

The Netcool Knowledge Library (NcKL) provides a base set of rules for the SNMP Mttrapd probe from several event sources. A list of all Supported event sources defined in the rules is available in the Netcool Knowledge Library guide. Additional rules files for the SNMP probe can be developed with the Netcool MIB Manager, and included into the Netcool Knowledge Library. Below are the steps to configure the SNMP Mttrapd probe and the Netcool Knowledge Library in Netcool Omnibus 7.3.1.

Requirements:

Mttrapd installed with Omnibus core

NcKL package unpacked on the server in /tmp

 

Step 1: Configure the Object Server for NcKL

 

Run the advcorr.sql file with nco_sql. Any messages with (0 rows affected) are successful. Any “Object not found” errors can be ignored.

 

-bash-3.00# $OMNIHOME/bin/nco_sql -server NCOMS -user root -password '' < /tmp/NcKL/advcorr.sql

ERROR=Object not found on line 114 of statement

'--###############################################################################...', at or near 'AdvCorr_SetCauseType'

ERROR=Object not found on line 1 of statement 'drop trigger AdvCorr_LPC_RC;...',

at or near 'AdvCorr_LPC_RC'

ERROR=Object not found on line 1 of statement 'drop trigger

AdvCorr_LPC_Sym;...', at or near 'AdvCorr_LPC_Sym'

ERROR=Object not found on line 4 of statement '-- Drop tables in case they

already exists from a previous installation...', at or near 'AdvCorrLpcSymCand'

ERROR=Object not found on line 1 of statement 'drop table

alerts.AdvCorrLpcRcCand;...', at or near 'AdvCorrLpcRcCand'

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(10 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

(0 rows affected)

 

 

Add the required columns to the Object Server via nco_sql:

-bash-3.00# $OMNIHOME/bin/nco_sql -server NCOMS -user root

Password:

1> alter table alerts.status add column NetworkAssureAlarmId int

2> go

(0 rows affected)

1> alter table alerts.status add column NetworkAssureHost varchar(64)

2> go

(0 rows affected)

1> alter table alerts.status add column NetworkAssurePort int

2> go

(0 rows affected)

1> quit

 

 

Step 2: Extract the NcKL

The NcKL is unpacked in the NC_RULES_HOME environment variable directory. This is typically /opt/netcool/rules, but can be any directory. In this example, we will create a NC_HOME_RULES rules directory in $OMNIHOME/probes/solaris2/rules

> cd $NCHOME/omnibus/probes/solaris2

> mv /tmp/NcKL/rules.tar.gz .

> gunzip rules.tar.gz

> tar –xvf rules.tar

 

This creates the following directories under $NCHOME/omnibus/probes/solaris2/rules

drwxrwxr-x   2 8462     1117        1024 Jun 19 05:05 include-common

drwxrwxr-x   2 8462     1117         512 Jun 19 05:05 include-compat

drwxrwxr-x  46 8462     1117        1536 Jun 19 05:06 include-snmptrap

drwxrwxr-x   5 8462     1117         512 Jun 19 05:06 include-syslog

-r--r--r--   1 8462     1117        3475 Jun 19 05:06 snmptrap.adv.include.rules

-r--r--r--   1 8462     1117       68600 Jun 19 05:06 snmptrap.rules

-r--r--r--   1 8462     1117        2154 Jun 19 05:06 snmptrap.sev.lookup

-r--r--r--   1 8462     1117        4415 Jun 19 05:06 snmptrap.user.include.rules

-r--r--r--   1 8462     1117           0 Jun 19 05:06 syslog-SrcType.lookup

-r--r--r--   1 8462     1117        1840 Jun 19 05:06 syslog-SrcType.readme

-r--r--r--   1 8462     1117        8088 Jun 19 05:06 syslog.rules

 

Step 3: Configure the Mttrapd Probe

Configure the mttrapd probe to use the snmptrap.rules provided in the NcKL NC_RULES_HOME directory.

 

> cd $OMNIHOME/probes/solaris2

> vi mttrapd.props

Server                  : 'NCOMS'

MessageLevel            : 'debug'

Port                    : 162

Buffering               : 1

BufferSize              : 10

NetworkTimeout          : 60

RulesFile               : '$NC_RULES_HOME/snmptrap.rules'

 

 

Step 3: Set NC_RULES_HOME

Set the NC_RULES_HOME. This must be set from the same shell where the probe is started or in the probe nco_p_mttrapd.env file. If the probe is started by the Process Agent, this must be set in the nco startup script, the shell where the nco_pad command is executed, in the probe nco_p_mttrapd.env file or in the Process Agent nco_pad.env file.

 

TIP: Add the export of NC_RULES_HOME to the probe .env file in $OMNIHOME/probes/<arch>/nco_p_mttrapd.env. If you are running the probe under PA, export the NC_RULES_HOME directory in $OMNIHOME/platform/<arch>/bin/nco_pad.env

 

> cd $OMNIHOME/probes/solaris2

> vi nco_p_mttrapd.env

 

 

Add the following to the beginning of the file:

NC_RULES_HOME=/opt/christina/netcool731/omnibus/probes/solaris2/rules

export NC_RULES_HOME

 

Step 4: Run the syntax checker

Run the syntax checker to check rules file syntax and ensure the rules can be loaded. Run the syntax checker against the same rulesfile the probe is configured to use, and it will check the syntax of that rule and all included rules.

 

The syntax checker will display the same errors the probe would receive when reading the rules file. The syntax checker should always be ran before restarting the probe after a rules change. The rulesfile is loaded successfully if the "Rules file syntax OK" message is output to the screen.

> cd $OMNIHOME/probes

> ./nco_p_syntax –server NCOMS –rulesfile $OMNIHOME/probes/solaris2/rules/snmptrap.rules

2013-10-17T09:39:23: Information: I-UNK-000-000: Connecting ...

2013-10-17T09:39:23: Information: I-UNK-000-000: Checking rules file ...

2013-10-17T09:39:23: Debug: D-UNK-000-000: Shutting down Probewatch heartbeat thread.

2013-10-17T09:39:23: Debug: D-UNK-000-000: Probewatch heartbeat thread is already shutdown.

2013-10-17T09:39:23: Debug: D-UNK-000-000: Stopping separate communications threads if they are running.

2013-10-17T09:39:23: Debug: D-UNK-000-000: Running with single threaded communications.

2013-10-17T09:39:23: Debug: D-UNK-000-000: Reading /opt/christina/netcool731/omnibus/probes/solaris2/rules/snmptrap.rules

2013-10-17T09:39:23: Debug: D-UNK-000-000: Plain text rules file detected.

2013-10-17T09:39:23: Debug: D-UNK-000-000: Lookup table from '$NC_RULES_HOME/include-snmptrap/CorrScore.snmptrap.lookup' has 1 column

2013-10-17T09:39:23: Debug: D-UNK-000-000: Lookup table from '$NC_RULES_HOME/include-syslog/CorrScore.syslog.lookup' has 1 column

….<Lines will be logged for every single rules file and lookup table>

2013-10-17T09:38:45: Information: I-UNK-000-000: Rules file syntax OK

2013-10-17T09:38:45: Information: I-UNK-000-000: Disconnecting ...

……

 

Step 5: Start the probe

> cd $OMNIHOME/probes

> ./nco_p_mttrapd &

 

Successful startup in the $OMNIHOME/log/mttrapd.log, noting the new snmptrap.rules file is loaded:

....<previous lines snipped>

2013-10-16T16:01:36: Debug: D-UNK-000-000: End of /opt/christina/netcool731/omnibus/probes/solaris2/rules/snmptrap.rules

2013-10-16T16:01:36: Debug: D-UNK-000-000: Number of currently connected servers in list is 0

2013-10-16T16:01:36: Information: I-UNK-000-000: Using targets specified by properties

2013-10-16T16:01:36: Debug: D-UNK-000-000: Creating target for server NCOMS.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Setting default target server to 'NCOMS'.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Default target backup server is ''.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Setting network timeouts to '60'.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Primary server is 'NCOMS' backup is ''.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Attempting a connection to server 'NCOMS'.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Checking for backup ObjectServer.

2013-10-16T16:01:36: Information: I-UNK-000-000: 'NCOMS' is a primary server. Polling disabled.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Checking for svc update support.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Server SUPPORTS services.

2013-10-16T16:01:36: Debug: D-UNK-000-000: svc update SUPPORTED

2013-10-16T16:01:36: Debug: D-UNK-000-000: Server Verification Starting.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Server Verification Complete.

2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Forwarding SAF file on Initial startup

2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Disconnectiontime = 0 : Expire time = 0

2013-10-16T16:01:36: Debug: D-UNK-000-000: SAF: Forwarding events from SAF files

2013-10-16T16:01:36: Debug: D-UNK-000-000: Heartbeat mode is: standard

2013-10-16T16:01:36: Debug: D-UNK-000-000: Heartbeat mode is standard, probe will function as normal without heartbeating

2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread failover-thread (1003ba8)

2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread failover-thread (1003ba8) running

2013-10-16T16:01:36: Debug: D-UNK-000-000: Final number of connected servers in list is 1

2013-10-16T16:01:36: Debug: D-UNK-000-000: Starting communication thread for server NCOMS.

2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread NCOMS-ComThread (1004620)

2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread NCOMS-ComThread (1004620) running

2013-10-16T16:01:36: Debug: D-UNK-000-000: Created communication thread for server NCOMS.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Running with multithreaded communications.

2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread probewatchheartbeat-thread (1005098)

2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread probewatchheartbeat-thread (1005098) running

2013-10-16T16:01:36: Debug: D-UNK-000-000: Probewatch heartbeat thread created successfully.

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ianaPortToService' with 4143 entries from 127 to 207

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ianaServiceToPort' with 4143 entries from 127 to 207

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'ciscoIosDefaults' with 9002 entries from 127 to 450

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'cisco-ios_sev' with 8991 entries from 127 to 449

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'syslogPreClass' with 10280 entries from 127 to 514

2013-10-16T16:01:36: Debug: D-UNK-000-000: Auto-resizing lookup table 'syslogCorrScore' with 10271 entries from 127 to 513

2013-10-16T16:01:36: Debug: D-UNK-000-000: NSProbe - Reentrant Version

2013-10-16T16:01:36: Debug: D-ETC-004-049: THREAD MGR: started thread NSProbe Event Processor (1008080)

2013-10-16T16:01:36: Debug: D-ETC-004-050: THREAD MGR: thread NSProbe Event Processor (1008080) running

2013-10-16T16:01:36: Debug: D-UNK-000-000: *NOT* running PA Aware

2013-10-16T16:01:36: Information: I-UNK-000-000: Probewatch: Running ...

Document information

More support for: Tivoli Netcool/OMNIbus
SNMP Probe

Software version: All Versions

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 1653451

Modified date: 07 October 2016