I use SBGW quite a lot. there are two
flavours of host we use:
1) where its not modelled in spectrum we would use a
eventadmin model as you already know
2) if it already exists as a systemedge
agent you have to do some special stuff.
here is what I do say if I already have
a unix systemedge agent for that same ip the trap will come from.
a) create an
eventadmin with a dummy ip address that will never exist in your network
10.1.2.3 or whatever say we call this APPX. note down its model handle.
b)
change model handle attribute for sysedge EventModelContainerHandle to other
model handle of the APPX.
Now when you get a sbgw event it will generate vs the
EA model but the other events will still generate vs the origional systemedge
model. If that is still not happening you have to make sure you have setup your
events in a very specific way.
Here is my tried and tested method for all the
files to update and what to put in them. (note its not quite what you see in the
manual about making a package etc its a short cut way!)
Usually you need to do an alert map for traps using special numbers as per the 'template' mentioned in teh southbound gateway guide. So this means editing the alertmap file that you usually get form importing a mib.
You need
to mess about with it changing some of the trap fields around
number 1-17 varbind to map to the 'template' in the manual. These identify special values in the trap that match to name, ip etc. The rest you rename to be
>100 (that is the answer to the mystery of why some traps have like
systemedge log watcher have varbinds >100!). So I usually find a few I want to map to the template (for example what will be the event model name) and then prefix all the others with 1xx so 1 might be 101, 2 would be 102 etc.
I usually put all my new traps in
this file: /custom/Events/AlertMap (yes if you imported a mib you need to hunt
them down in custom/Alertmap and comment out the old version that don't have
SGBW template varbinds)
The parts that are traps with sbgw specific traps I would put in this file
also :
/SS/CsVendor/gen_app_gw/EventAdmin/AlertMap
then to make sure the changes
persist past upgrades copy to a custom file like this
/SS/CsVendor/gen_app_gw/EventAdmin/AM_components/MYEXAMPLE.aml
Each time you upgrade spectrum the cus script will cat all the aml files together to make /SS/CsVendor/gen_app_gw/EventAdmin/AlertMap
Here is an
example of an alertmap for SBGW for oracle enterprise manager which has a trap we wanted to use SBGW for. It has 90+ varbinds but #21 has the device name we want to use for each event model.
So after importing OEM mib you will
have them all as #1-90something not 101,102 etc.
# oraEMNGEvent
oraEMNGEventIndex
1.3.6.1.4.1.111.15.2.0.3 0xfff05100
1.3.6.1.4.1.111.15.3.1.1.1(101,0)\
# oraEMNGEventNotifType
1.3.6.1.4.1.111.15.3.1.1.2(102,0)\
... # oraEMNGEventTargetName
1.3.6.1.4.1.111.15.3.1.1.21(1,0)\
...
see this row has (1,0) not 121,0 which
means this varbind will be the NAME of all those lovely eventModels that will
get created in the EA container. all the 100+ ones are just varbinds I will use
in the event.
This also means you have to edit any event rules you made off the
mib so the 100+ etc map to what the varbinds were before. For traps like this
with 90something varbinds that can mean a lot of time in notepad ++ or excel...
so I would suggest get your SBGW template sorted first before you spend hours
making event policies or all the event varbinds will have to be edited again.
Now we update the eventdisp files.
1) EventModel eventdisp
/SS/CsVendor/gen_app_gw/EventDisp
these events in this file are your full events
just like the normal disp
eg. (once again note the 10x for varbinds)
0xfff05100
E 0 R { 11,21 } CA.EventCondition, "({v 105} == {S \"Critical\"})" , "0xfff05103
-:-","({v 105} == {S \"Warning\"})" , "0xfff05102 -:-","({v 105} == {S
\"Fatal\"})" , "0xfff05104 -:-","default" , "0xfff05105 -:-"
0xfff05102 E 0 A 2,
0xfff05102,11,21
0xfff05103 E 0 A 3, 0xfff05103,11,21 ...etc
you also need to
make sure they are on the end of an EVD file you make for you integration here:
/SS/CsVendor/gen_app_gw/EventAdmin/components/MYEXAMPLE.evd
If you don't next
time you upgrade spectrum your changes will get wiped when the cus script runs.
MAKE EXACTLY THE SAME CHANGES TO THE GENERIC EVENT DISP FILE
/custom/Events/EventDisp
*** A WARNING HERE *** DONT TRY AND EDIT THESE EVENTS
IN GUI OR THEY WILL GET MESSED UP AND MAKE FILES FURTHER DOWN TREE OF
/custom/events/ that will mess things up.
You should **only ever** have SBGW
events in /custom in /custom/Events/EventDisp
next the EventAdmin evendisp files
put pointers to your SBGW events
in these files
SS/CsVendor/gen_app_gw/EventAdmin/EventDisp
/SS/CsVendor/gen_app_gw/EventAdmin/components/MYEXAMPLEEA.evd
(this file is just
to keep it permanent past the next .cus script)
These events should just be
pointers e.g
# Oracle OEM
0xfff05100
0xfff05102
0xfff05103
*** PAY CAREFUL
ATTENTION HERE PEOPLE *** if your model is SBGW enabled as per #2 at start of this post above you also need to edit
its eventdisp file for systemedge this is:
/SS/CsVendor/Ctron_Gen_HOST/Host_systemEDGE/EventDisp
put the same pointers you
put in the file above eg.
# Oracle OEM
0xfff05100
0xfff05102
bear in mind every
time you upgrade spectrum from now on this file might get wiped by CA so you
always have to manage it carefully!! There is no evd /aml files to preserve your
upgrades on this file that I found.
now later on you can edit the pcause and eventformat files in the gui but don't add/remove any SBGW related events except by editing all the files above and reloading spectrum.
