Cannot see trap messages about a bulletin board event

As of January 2012, Logalot is now part of Scrutinizer v9. Your Logalot license is now a Scrutinizer license. Contact support with questions.

Moderators: scottr, Moderator Team

Locked
sharabi
Posts: 23
Joined: Thu Feb 18, 2010 2:47 am

Cannot see trap messages about a bulletin board event

Post by sharabi » Mon Jul 11, 2011 10:09 am

Hello,
I modified "Denika Port Utilization Threshold" policy to send snmp trap messages to our snmp trap server for "first violation". When I modify a report's inbound and outbound threshold and recreate pollFile_XX.cfg files,there are no trap messages received for the bulletin board events. What can I be missing?
thanks,
Umut

pauld
Posts: 222
Joined: Mon Jan 04, 2010 10:05 am
Location: Kennebunk, Maine
Contact:

Re: Cannot see trap messages about a bulletin board event

Post by pauld » Mon Jul 11, 2011 10:46 am

Hello Umut,

I want to make sure I understand this correctly, the correct policy in Logalot is being violated and posting to the bulletin board, but it's not sending the SNMP Trap, correct?

If this is the case, we want to make sure that the notification profile for your Logalot policy is setup correctly.

In Logalot, go to Menu -> Control Center -> Notification Manager.

Select the Notification Profile that's configured to send SNMP traps and then press "Edit Profile".

Once you're in the Notification Profile, please verify that all of your SNMP trap server information has been entered in correctly. Now, press the "Test Alert" button and you should see an SNMP trap come into your SNMP trap server. Do you get this test alert or is it not making it to your SNMP trap server?

You'll also want to verify that the Plixer Notification Service is running.

Thanks,
Paul

sharabi
Posts: 23
Joined: Thu Feb 18, 2010 2:47 am

Re: Cannot see trap messages about a bulletin board event

Post by sharabi » Tue Jul 12, 2011 2:18 am

Hello Paul,
Thank you for your reply.
Notification service is working correctly.SNMP trap messages for other policies are received. There is no problem with that.
Let me summarize what I have done:
- In "Denika Port Utilization Threshold" policy "First Violation" is ticked for "After Threshold reached, process notification for" option.
- I discovered some Cisco routers and Port Utilization reports are created.
- I changed Inbound and Outbound maximum thresholds in those reports.
- I deleted and recreated pollFile_XX.cfg files to be sure that the changes take effect.
After these steps I can see bulletin board events for the routers I discovered but I cannot see trap messages related to them.
I think it is related to "First violation" tick. Can you summarize the functionality of this tick?
Is my problem clear? Do you have any idea?
Thank you,
Umut

User avatar
tomp
Site Admin
Posts: 315
Joined: Wed Jul 27, 2005 10:53 am
Location: Sunny Sanford Maine
Contact:

Re: Cannot see trap messages about a bulletin board event

Post by tomp » Tue Jul 12, 2011 2:29 am

The first vilolation tick mark is associated to notifications where you notification will go out after the first violation based on your settings. Another notification will not go out until the policy has been acknowledged from the bulletin board. Once acknowledged, the first violation is reset and will notify again, when violated per your notification settings.

Let me know if that does not make any sense.

-Tom

sharabi
Posts: 23
Joined: Thu Feb 18, 2010 2:47 am

Re: Cannot see trap messages about a bulletin board event

Post by sharabi » Tue Jul 12, 2011 2:54 am

Hello Paul,
I don't know what does "acknowledge from bulletin board" mean. How can we do that?
What happens when I choose "Each Violation"? When threshold is exceeded,is trap message is sent per every poll?
Thanks,

pauld
Posts: 222
Joined: Mon Jan 04, 2010 10:05 am
Location: Kennebunk, Maine
Contact:

Re: Cannot see trap messages about a bulletin board event

Post by pauld » Tue Jul 12, 2011 10:43 am

Hello Umut,

The Bulletin Board in Logalot can be found under Menu -> Logalot -> Bulletin Board.

The Bulletin Board has been designed to provide you with important messages based off of policies that have been violated.

If you have a policy configured to alert you on "First Violation" it will also post the message to the Bulletin Board so it can be acknowledged. If a "First Violation" message is on the Bulletin Board then you will only get 1 alert, or in your case SNMP trap, until you go to the Bulletin Board and clear out the message.

If you want to get a notification each time the policy is violated, then you will have to select the "Each Violation" option. As a result, every time your threshold is exceeded you will get an SNMP trap.

Thanks,
Paul

sharabi
Posts: 23
Joined: Thu Feb 18, 2010 2:47 am

Re: Cannot see trap messages about a bulletin board event

Post by sharabi » Wed Jul 13, 2011 7:19 am

Hello paul,
I did what you said. For a specific router, I acknowledged the bulletin board entries.And then I waited for this router to exceed the threshold. It exceeded and a new bulletin board entry is created. But I cannot see a trap message about this and also it is not seen in the notification queue.
What can I be missing?
Thanks,
Umut

pauld
Posts: 222
Joined: Mon Jan 04, 2010 10:05 am
Location: Kennebunk, Maine
Contact:

Re: Cannot see trap messages about a bulletin board event

Post by pauld » Wed Jul 13, 2011 8:48 am

Hello Umut,

The first thing we'll need to check is that the Notification Profile is setup correctly

In Logalot, go to Menu -> Control Center -> Notification Manager.

Select the Notification Profile that's configured to send SNMP traps and then press "Edit Profile".

Once you're in the Notification Profile, please verify that all of your SNMP trap server information has been entered in correctly. Now, press the "Test Alert" button and you should see an SNMP trap come into your SNMP trap server. Do you get this test alert or is it not making it to your SNMP trap server?

Do you see any errors during this test?

Thanks,
Paul

sharabi
Posts: 23
Joined: Thu Feb 18, 2010 2:47 am

Re: Cannot see trap messages about a bulletin board event

Post by sharabi » Fri Jul 15, 2011 1:49 am

Hello,
The problem is solved. We changed the notification profile to send snmp trap for every violation.
Thank you for your interest.
Umut

Locked

Who is online

Users browsing this forum: No registered users and 1 guest