[hobbit] Hobbit not recognizing certain tests?

Here's a quick overview of how I handle SNMP traps with Hobbit:

1 - Snmptrapd is configured to feed SNMPTT the OID and hostname of the sending SNMP agent.

2 - SNMPTT then translates the OID into a text message based on the MIB description for that OID and logs the message in /var/log/messages (or where ever you put it). You can also configure SNMPTT to log to a MySQL database simultaneously.

3 - SEC monitors the /var/log/messages file for entries from SNMPTT. Since some equipment can send the same trap multiple times in quick sucession, SEC is configured to ignore duplicate messages for a second or two

4 - SEC then launches a wrapper script that sends Hobbit a message using Hobbit's BB client program. Hobbit will send an alert if its status is yellow/red.

5 - A script is run by Hobbit every 5 minutes to prevent any trap message columns from turning purple. (I don't want my screen turning purple if I don't get a trap inside of 30min or whatever the no response timeout period is for Hobbit.)

In the event you get a rapid sequence of a "CRITICAL" trap and then a "Normal" trap, you'll get a Hobbit alert, but when you view the web page, it'll be green. You have to rely on the trap history to see all of the traps that SNMPTT recorded.

The real trick (pain) is defining what traps you want to be CRITICAL and what not.

Andy

From: Asif Iqbal [mailto:vadud3 at gmail.com] Sent: Tuesday, July 17, 2007 9:31 AM To: hobbit at hswn.dk Subject: Re: [hobbit] Hobbit not recognizing certain tests?

On 7/17/07, Henrik Stoerner <henrik at hswn.dk> wrote:

On Tue, Jul 17, 2007 at 08:07:31AM -0500, Hubbard, Greg L wrote:
> Being familiar with both Netcool and Hobbit, I would never

consider > replacing Netcool trap management with Hobbit. Netcool processes traps > in "near real time" and scales quite large. Hobbit does not provide > real time monitoring (default is 5 minute samples, with 1 minute screen > updates).

There is nothing inherent in Hobbit that prevents it from doing 
real-time handling of events. Hobbit processes events as soon as

it is told about them; the fact that some types of information is only checked once every 5 minutes is not something that necessarily applies to everything Hobbit monitors.

I havent looked at Andy's trap script, but if I were to

implement SNMP trap handling in Hobbit, I'd start off with snmptrapd from the

I wish you do :-). I have lots of customers who like to see that feature in hobbit. May be then I can convince my IT department to get rid of Netcool slowly :P

Net-SNMP tools - this receives snmp traps, and can be configured

to do "something" when a trap arrives. That "something" would then be a script/utility that grabs the hostname and trap type from the trap information, and feeds that into Hobbit as a status update. That will give you an immediate alert, and a status change in the Hobbit display if you use the "Critical systems" view which is dynamically generated.

I'm not throwing rocks at Netcool <grin> but I just want to make

it clear that Hobbit can be as real-time as you want it to - it's only a matter of feeding it data as quickly as you possible.

Regards,
Henrik


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk

-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu