cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
493
Views
0
Helpful
2
Replies

IDS Director Alarms

jacky.chan
Level 1
Level 1

I have installed the IDS Director UNIX and a 4230 sensor. How can I see the alarm in HPOV's event browser instead of open the sensor icon?

2 Replies 2

marcabal
Cisco Employee
Cisco Employee

The alarms will only show up in the event browser if they are converted to Snmp Traps.

The Unix Director was designed to send the alarms to the Hp OpenView database directly so they could be seen as icons.

So if you want to see the alarms as both icons and lines in the Event Browser then follow the following steps (NOTE: alarms would have to be deleted from both the maps and the event browsers, HP OV will not know that the line in the event browser for an alarm has anything to do with the icon for the alarm.)

1) Configure and enable eventd:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#25236

In step 1 you want to run eventd on the director itself

In step 7 use /usr/nr/bin/nrSnmpTrap

2) Configure smid to duplicate alarms and send them to eventd:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#55925

If however, you no longer want the alarm icons then you have to do the following steps:

1) Configure eventd on the Director to generate SnmpTraps for alarms of certain levels.

Refer to:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#25236

In step 1 you want to run eventd on the director itself

In step 7 use /usr/nr/bin/nrSnmpTrap

2) Configure the sensors to stop sending events to the smid process on the Director

(Smid is the process which passes alarms to the nrdirmap process which places the alarms in HP OpenView. If you no longer want the alarms in the HP OpenView map then you have to configure the sensors stop sending alarms to smid.)

In nrConfigure:

For each sensor go to the System Folder in the current configuration version.

Open the destinations configuration

Delete the entry for smid on the director

(NOTE: Leave the entry for loggerd on the sensor)

3) Configure the director to stop sending alarms to smid.

Other process on the director will also be sendning alarms to smid which are used to create the initial sensor icons, and track when the Director can no longer communicate with the sensors.

You can keep this from happening by also removing smid from the director's own destination configuration, or you can leave it as is. I would recommend leaving it as is and maybe stopping it later.

4) Configure each sensor to send alarms directly to eventd.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids7/unix_cfg/tasks.htm#44057

These steps will have to be repeated for each sensor.

In step 1 you would open the configuration for each sensor instead of the director.

In step 5 the HOST should be the director's name

(You are configuring each sensor to send it's alarms directly to eventd)

(most people will actually do the section beneath the one I pointed you to, and configure smid to duplicate the alarms and send them to eventd, but in step 2 above we stopped sending alarms to smid so that will no longer work.)

5) Configure each sensor to send alarms directly to loggerd on the director.

By default smid will usually duplicate alarms and send them to loggerd on the director for logging in the /usr/nr/var directory. Since smid is no longer getting alarms we have to send them directly to loggerd on the director.

Do the same thing you did in step 4. but this time use loggerd as the application in Step 5.

6) Configure the Director itself and each sensor to send it's alarms to eventd and loggerd on the Director.

You can then follow steps 4 and 5 above for the director itself.

Thanks, you are very helpful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: