Monday, June 24, 2013

OpenNMS - Err_Disable Alert for Cisco

Another task on OpenNMS with help of Rob Coote and Alejandro Galue:

1. Add following xml file (Cisco.errdisable.events.xml) to /opennms/etc/events directory:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<events>
<event>
 <mask>
  <maskelement>
   <mename>id</mename>
   <mevalue>.1.3.6.1.4.1.9.9.41.2</mevalue>
  </maskelement>
  <maskelement>
   <mename>generic</mename>
   <mevalue>6</mevalue>
  </maskelement>
  <maskelement>
   <mename>specific</mename>
   <mevalue>1</mevalue>
  </maskelement>
  <varbind>
      <vbnumber>2</vbnumber>
      <vbvalue>5</vbvalue>
  </varbind>
  <varbind>
      <vbnumber>3</vbnumber>
      <vbvalue>ERR_DISABLE</vbvalue>
  </varbind>
 </mask>
 <uei>uei.opennms.org/vendor/Cisco/traps/syslog/errDisable</uei>
 <event-label>CISCO-SYSLOG-MIB defined trap event: clogMessageGenerated-Warning (ERR_DISABLE)</event-label>  <descr>&lt;p&gt;When a syslog message is generated by the device a  clogMessageGenerated notification is sent.  The  sending of these notifications can be enabled/disabled  via the clogNotificationsEnabled object.&lt;/p&gt;&lt;table&gt;  &lt;tr&gt;&lt;td&gt;&lt;b&gt;  clogHistFacility&lt;/b&gt;&lt;/td&gt;&lt;td&gt;%parm[#1]%
 &lt;/td&gt;&lt;td&gt;&lt;p;&gt;&lt;/p&gt;&lt;/td;&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;b&gt;
 clogHistSeverity&lt;/b&gt;&lt;/td&gt;&lt;td&gt;%parm[#2]%
 &lt;/td&gt;&lt;td&gt;&lt;p;&gt;
 emergency(1) alert(2) critical(3) error(4) warning(5) notice(6) info(7) debug(8)&lt;/p&gt;  &lt;/td;&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;b&gt;
 clogHistMsgName&lt;/b&gt;&lt;/td&gt;&lt;td&gt;%parm[#3]%
 &lt;/td&gt;&lt;td&gt;&lt;p;&gt;&lt;/p&gt;&lt;/td;&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;b&gt;
 clogHistMsgText&lt;/b&gt;&lt;/td&gt;&lt;td&gt;%parm[#4]%
 &lt;/td&gt;&lt;td&gt;&lt;p;&gt;&lt;/p&gt;&lt;/td;&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;b&gt;
 clogHistTimestamp&lt;/b&gt;&lt;/td&gt;&lt;td&gt;%parm[#5]%
 &lt;/td&gt;&lt;td&gt;&lt;p;&gt;&lt;/p&gt;&lt;/td;&gt;&lt;/tr&gt;&lt;/table&gt;
 </descr>
 <logmsg dest='logndisplay'>&lt;p&gt;Cisco Event: SYSLOG Notification: %parm[#4]%.&lt;/p&gt;</logmsg>
 <severity>Warning</severity>
</event>

</events>

2. Add "<event-file>events/Cisco.errdisable.events.xml</event-file>" to /opennms/etc/eventconf.xml as shown below:

 <event-file>events/Cisco.CIDS.events.xml</event-file>
  <event-file>events/Cisco.5300dchan.events.xml</event-file>
  <event-file>events/Cisco.errdisable.events.xml</event-file>
  <event-file>events/Cisco.mcast.events.xml</event-file>
  <event-file>events/Cisco.SCE.events.xml</event-file>
  <event-file>events/Cisco2.events.xml</event-file>

3. Issue following command to refresh the change: /opt/opennms/bin/send-event.pl uei.opennms.org/internal/eventsConfigChange

4. From WebUI, go go Admin/Configure Notifications/Add New Event Notification, select "Cisco-SYSLOG-MIB defined trap event:" and configure the alert


Note: Here is another version of Cisco.errdisable.events.xml, which will do the same job, except it does not provide interface information:

<?xml version="1.0" encoding="UTF-8" standalone="true"?>
-<events xmlns="http://xmlns.opennms.org/xsd/eventconf"> -<event> -<mask> -<maskelement> <mename>id</mename> <mevalue>.1.3.6.1.4.1.9.9.548.0.1</mevalue> </maskelement> -<maskelement> <mename>generic</mename> <mevalue>6</mevalue> </maskelement> -<maskelement> <mename>specific</mename> <mevalue>1</mevalue> </maskelement> </mask> <uei>uei.opennms.org/mib2opennms/cErrDisableInterfaceEvent</uei> <event-label>CISCO-ERR-DISABLE-MIB defined trap event: cErrDisableInterfaceEvent</event-label> <descr> <p>The cErrDisableInterfaceEvent is generated when an interface or {interface, vlan} is error-disabled by the feature specified in cErrDisableIfStatusCause. cErrDisableInterfaceEvent is deprecated and replaced by cErrDisableInterfaceEventRev1.</p><table> <tr><td><b> cErrDisableIfStatusCause</b></td><td> %parm[#1]%;</td><td><p> udld(1) bpduGuard(2) channelMisconfig(3) pagpFlap(4) dtpFlap(5) linkFlap(6) l2ptGuard(7) dot1xSecurityViolation(8) portSecurityViolation(9) gbicInvalid(10) dhcpRateLimit(11) unicastFlood(12) vmps(13) stormControl(14) inlinePower(15) arpInspection(16) portLoopback(17) packetBuffer(18) macLimit(19) linkMonitorFailure(20) oamRemoteFailure(21) dot1adIncompEtype(22) dot1adIncompTunnel(23) sfpConfigMismatch(24) communityLimit(25) invalidPolicy(26) lsGroup(27) ekey(28) portModeFailure(29) pppoeIaRateLimit(30) oamRemoteCriticalEvent(31) oamRemoteDyingGasp(32) oamRemoteLinkFault(33) mvrp(34) tranceiverIncomp(35) </p></td></tr></table> </descr> <logmsg dest="logndisplay"><p> cErrDisableInterfaceEvent trap received cErrDisableIfStatusCause=%parm[#1]%</p> </logmsg> <severity>Indeterminate</severity> -<varbindsdecode> <parmid>parm[#1]</parmid> <decode varbinddecodedstring="udld" varbindvalue="1"/> <decode varbinddecodedstring="bpduGuard" varbindvalue="2"/> <decode varbinddecodedstring="channelMisconfig" varbindvalue="3"/> <decode varbinddecodedstring="pagpFlap" varbindvalue="4"/> <decode varbinddecodedstring="dtpFlap" varbindvalue="5"/> <decode varbinddecodedstring="linkFlap" varbindvalue="6"/> <decode varbinddecodedstring="l2ptGuard" varbindvalue="7"/> <decode varbinddecodedstring="dot1xSecurityViolation" varbindvalue="8"/> <decode varbinddecodedstring="portSecurityViolation" varbindvalue="9"/> <decode varbinddecodedstring="gbicInvalid" varbindvalue="10"/> <decode varbinddecodedstring="dhcpRateLimit" varbindvalue="11"/> <decode varbinddecodedstring="unicastFlood" varbindvalue="12"/> <decode varbinddecodedstring="vmps" varbindvalue="13"/> <decode varbinddecodedstring="stormControl" varbindvalue="14"/> <decode varbinddecodedstring="inlinePower" varbindvalue="15"/> <decode varbinddecodedstring="arpInspection" varbindvalue="16"/> <decode varbinddecodedstring="portLoopback" varbindvalue="17"/> <decode varbinddecodedstring="packetBuffer" varbindvalue="18"/> <decode varbinddecodedstring="macLimit" varbindvalue="19"/> <decode varbinddecodedstring="linkMonitorFailure" varbindvalue="20"/> <decode varbinddecodedstring="oamRemoteFailure" varbindvalue="21"/> <decode varbinddecodedstring="dot1adIncompEtype" varbindvalue="22"/> <decode varbinddecodedstring="dot1adIncompTunnel" varbindvalue="23"/> <decode varbinddecodedstring="sfpConfigMismatch" varbindvalue="24"/> <decode varbinddecodedstring="communityLimit" varbindvalue="25"/> <decode varbinddecodedstring="invalidPolicy" varbindvalue="26"/> <decode varbinddecodedstring="lsGroup" varbindvalue="27"/> <decode varbinddecodedstring="ekey" varbindvalue="28"/> <decode varbinddecodedstring="portModeFailure" varbindvalue="29"/> <decode varbinddecodedstring="pppoeIaRateLimit" varbindvalue="30"/> <decode varbinddecodedstring="oamRemoteCriticalEvent" varbindvalue="31"/> <decode varbinddecodedstring="oamRemoteDyingGasp" varbindvalue="32"/> <decode varbinddecodedstring="oamRemoteLinkFault" varbindvalue="33"/> <decode varbinddecodedstring="mvrp" varbindvalue="34"/> <decode varbinddecodedstring="tranceiverIncomp" varbindvalue="35"/> </varbindsdecode> </event>
<events>

Note: Here is a link for more error disabled information on Cisco IOS devices:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)