TechLibrary

Navigation Back up to About Overview

ContentIndex

[+] Expand All

[-] Collapse All

Management and Monitoring Guide for IP/MPLSView
- Copyright and Trademark Information
- Table of Contents
- List of Tables
- About the Documentation
  - Documentation and Release Notes
  - Documentation Conventions
  - Documentation Feedback
  - Requesting Technical Support
- Introduction
  - FCAPS
  - Data and Traffic Collection Features
  - Analysis Features
  - MPLS Traffic Engineering Features
  - Getting Started Essentials
  - User Access
  - Saving User-Specific Views
  - Modifying the Live Network
  - Saving the Network
- Documentation Conventions
  - Document Conventions
  - Keyboard, Window, and Mouse Terminology and Functionality
  - The Keyboard
  - The Mouse
  - Informational Notes, Cautions, and Warnings
  - Changing the Size of a Window
  - Moving a Window
  - For Further Information
- Setting Up Device Profiles
  - Using the Router Profiles Window
  - Detailed Router Profile Procedures
- Task Manager
  - Task Manager Window
  - New Task Wizard
  - ARP Data Collection
  - Autodiscovery
  - CDP Discovery (Cisco Only)
  - Collection Data Copy
  - Config, Comparison, Conformance, and IC Report
  - Device Ping Collection
  - Device SLA Collection
  - Device SNMP Collection
  - Hardware Inventory Report
  - Host Discovery
  - Link Latency Collection
  - LDP Traffic Collection (Juniper only)
  - LSP Ping Collection
  - LSP Tunnel Traffic Collection (Juniper only)
  - Network Config Data Collection
  - Network Performance Data Report
  - Ping IPs
  - SAM Collection
  - SAM Interface Traffic Collection
  - SAM LSP Statistics Collection
  - Scheduling Live Network Collection
  - Server Performance Data Collection
  - Traffic Summary Report
  - User CLI Collection
  - User-Defined SNMP Collection
  - Generated Web Report
  - Web Report
- Network Discovery
  - Detailed Procedures
  - Incremental Discovery and Collection
  - Host Discovery
- VLAN Discovery
  - Detailed Procedures
- Live Network Collection
  - Detailed Procedures
- Collecting Supplementary Device Data
  - Detailed Procedures
- Configuration File Management
  - Detailed Procedures
- Configuration Backup and Restore
  - Detailed Procedures
- Performance Management: Traffic Collection
  - Recommended Instructions
  - Detailed Procedures
- Performance Management: Network Diagnostics
  - Detailed Procedures
- Fault Management: Events
  - Setup
  - Event Browser
  - Creating Groups
  - Event Group Coloring and Annotation
  - Posting Events
  - Acknowledging and Clearing Events
  - Autoclear
  - Background Ping
  - Live View vs. Historical View
  - Event Browser Options
  - Event Browser Query Manager
  - Event Browser Toolbar and Popup
  - Event Browser Popup Menu
  - Enabling and Disabling Events
  - Related Events
  - Event Map
  - Event Count Chart
  - Root Cause Analysis
  - Configuring the SNMP Traps and Events to Record (Advanced)
  - Creating Events from Application Server (Advanced)
  - Event Administration
  - Subscription Editor
  - Event Subscription Editor Settings
  - Creating an Event Subscription
  - Creating an Event Subscriber
  - Trap Forwarding to Northbound NMS
  - Configuring Event Subscriptions via XML File(Advanced)
- Fault Management: Threshold Crossing Alerts
  - Detailed Procedures
- Hardware Inventory
  - Detailed Procedures
  - Equipment Views
  - Hardware Model Options
  - Hardware Model Reports
- Security Management
  - Detailed Procedures
  - Advanced User Administration
  - Creating a Group
  - Creating Users
- Performing Further Analysis Offline
  - Explicitly Saving the Network Model
  - Replaying Traffic in the Offline Model
  - Directory to Use in Offline Network Model
  - Traffic Aggregation
- IP/MPLSView Web Interface: Live Network
  - Network Monitor
  - Configuration Management
  - Fault Management
  - Tools
  - Reports
- Reference
  - Performance Menu
  - Tools Menu
  - Admin Menu
  - Setup Mode
  - Map Views
- Appendix A
  - Data Repository
  - Information for the Live Network
  - Additional Collected Live Network Data
  - Information Extracted via Network Data Collection Task
  - Task Manager Data
  - Log Files

No index entries found.

Download This Guide

Download this guide: Management and Monitoring Guide for IP/MPLSView

Creating an Event Subscription

To create a new event subscription, right click in the top left panel and select Create, or select an existing event subscription and click the Create icon at the top of the window.

Figure 205: Create an Event Subscription

Select the newly created subscription from the upper left pane to modify its properties in the right pane, Property Editor.
Enter a Subscription Name.
Next, select the Event Type. This is the type of event that will be subscribed to. Click in field to bring up a dropdown menu of available event types. Options range from specific trap events such as mplsLspUp and linkUp to generalized events like TunnelEvent and NetworkEvent, that are families of events. To see which events are included in a family of events such as TunnelEvent, view the file /u/wandl/db/config/eventtypes.store and search for events with the superType=”TunnelEvent”. Besides network events, events can also be generated for IP/MPLSView application-related events (ApplicationEvent) or threshold-related events defined in the Threshold Editor (ThresholdEvent).
For example, to subscribe only to threshold crossing alerts, select event type ThresholdEvent.
Following that, you can configure the subscription to filter the events further to match a particular rule using the Subscription Rule property. When editing an event subscription rule, right click in the Subscription Rule text box to bring up the Subscription Rule Builder.
In the Subscription Rule Builder, the top panel lists the available keys and the bottom panel displays the resulting rule. In the top panel, use the checkbox to select the desired key(s). In the bottom panel, click the underlined values to edit the logical operators and properties. Press OK to build the rule syntax.
Figure 206: Subscription Rule Builder
Alternatively, the Subscription rule syntax can be typed into the field instead of using the Subscription Rule Builder. Note that all conditions and rules are case sensitive, and spaces should be used as delimiters between keywords, values, and logical operators. Additionally, quotes (““) should be placed around string values, for example, IPAddress == “1.2.3.4”.
For reference, the following are the supported logical operators:
- == (Equals)
- != (Does not equal)
- ~= (Equals using regular expression)
- && (And)
- || (Or)
- < (Less than), and
- > (Greater than).
For reference, the following are the supported properties:
- type: The event type. For example, this can be an SNMP trap type such as linkUp and linkDown or ThresholdEvent. You could enter “type ~= link” to filter on both linkUp and linkDown events, or “type ~= mpls” to filter on trap types such as mplsLspUp and mplsLspDownReason.
- elementType: The element type (Node, Interface, Tunnel). For example, you can enter “elementType == Interface” to filter only for interface-related events. Note in the particular case of Cisco that tunnels are associated with the Interface element type rather than the Tunnel element type.
- deviceID: The hostname of the node associated with the event. For example, you can enter “deviceID == NWK && elementType == Node” to filter only for node events related to router NWK.
- name: The name of the particular element associated with the event. Depending upon the element type, this can be an interface name, device’s hostname, or tunnel name. For example, you can enter “name ~= fe && elementType == Interface” to filter only for events related to fastethernet interfaces.
- timestamp: The timestamp in terms of number of milliseconds since January 1,1970
- severity: Severities are represented as integers, in increasing order from least serious to most serious, where INFO=1000, NORMAL=2000, UP=2001, WARNING=3000, MINOR=4000, MAJOR=5000, CRITICAL=6000, and DOWN=6001. For example, you can set “severity > 4000” to get only errors of severity MAJOR or higher.
- description: This includes details of the event. For example, for an SNMP trap, this includes the object name and value pairs. For a threshold event, this includes the description configured in the threshold event definition.
- sourceIP: The IP address of the SNMP agent that sent the trap (SNMPv1) or packet (SNMPv2)
- sourceID: Indicates the process that posted the event, for example, “SNMPEventPublisher” for traps.
- comment: The Event Comment entered in Event Browser when acknowledging an event.

The “Durable” option specifies if the event subscription is persistent. By default all subscriptions are set to Durable. If a subscription is not set to Durable, then it will be lost the next time the event server is restarted.

Figure 207: Example Subscription to Threshold Events of High Severity

The following are some example subscription configurations:

Event Type	Subscription Rule	Description
NetworkEvent	deviceID == SFO	Sends all network-related events occurring at router SFO
TunnelEvent	name == Tunnel5	Sends all tunnel-related events occuring at tunnel Tunnel5
NetworkEvent	type == linkDown && name == fe-0/1/2	Sends a report if link fe-0/1/2 goes down.
ThresholdEvent	severity > 4000	Sends all threshold events of severity MAJOR or higher. Requires first configuring threshold crossing alerts as described in Chapter 14, Fault Management:Threshold Crossing Alerts
NetworkEvent	severity > 4000	Sends all network events (including traps and threshold events) of severity MAJOR or higher. Edit Threshold event severities from the Threshold editor as described in Chapter 14, Fault Management:Threshold Crossing Alerts. Edit the severities of other events from the web interface as described in Edit Event Type Severities.
CollectionEvent		Sends events related to the traffic data collector, such as the collection start, stop, and update

TechLibrary

Download This Guide

Related Documentation

Creating an Event Subscription

Modified: 2015-12-29