Netcool/OMNIbus – Replay raw capture alarms
| Posted by watashii | Filed under SoftwareThis post shows how to replay raw capture alarms on Netcool Omnibus 7 using the Stdin probe. The following steps are performed under Solaris SunOS. My aim was to capture SNMP traps and have the ability to replay the same traps whenever I want.
- Prepare the raw capture (.cap) file.
- Validate the raw capture file.
- Replay the raw capture file.
This file is sourced from the probe you would like to capture raw data to replay, in my case it is the SNMP (aka Mttrapd) probe. It is activated via the probe property (.props) file, by setting RawCapture and RawCaptureFile properties, and restartarting the probe. Note raw capturing is suited for testing purposes and should be turned off during production/live environments to improve performance.
> tail $OMNIHOME/probes/solaris2/mttrapd.props
...
...
RawCapture : 1
RawCaptureFile : '$OMNIHOME/var/mttrapd.cap'
Stop the probe from capturing when you have enough data. The raw capture contains name-value pairs, and each block represents one captured alarm.
vi $OMNIHOME/var/mttrapd.cap
Status_Node = "Node1"
Status_Manager = "mttrapd"
Status_FirstOccurrence = 1212610941
Status_RemoteSecObj = ""
Status_PhysicalPort = 0
RawCaptureTimeStamp = 1212611025
Status_Node = "Node2"
Status_Manager = "mttrapd"
Status_FirstOccurrence = 1212610949
Status_RemoteSecObj = ""
Status_PhysicalPort = 0
RawCaptureTimeStamp = 1212611025
The following command replays the alarm by feeding the capture file into the Stdin probe. The Stdin probe processes the data via the specified probe rules (.rules) file – the same rules file which is used by the Mttrapd probe. Also, make sure the Stdin probe props file is configured properly.
cat $OMNIHOME/var/mttrapd.cap | $OMNIHOME/probes/nco_p_stdin -rulesfile /opt/netcool/etc/rules/snmptrap.rules
Share:
Related Posts:
Tags: mttrapd, netcool, omnibus, probe, raw capture, snmp, stdin
