  |
Administrator Handbook | Table of contents |  |
|
LoriotPro proprietary network events
Event window
Events are messages sent by the LoriotPro main programs, polling process, discover process and by Plug-in to the event manager. Events are used to notify the administrator of SNMP object state changes and failures. Events are displayed in the Global Event tab.
When LoriotPro sends a local event, it sends it to the Event Manager process which is in fact a server listening on an IP socket. This architecture allows redirecting Events to another LoriotPro system. By default, the Event manager server is listening on port 5001 on the loopback address 127.0.0.1.
Events received are displayed under the Global Events tab.
A double click on an event display the Event Trap viewer window
An event is composed of the following fields
| Level |
A level number that change the color and icon type. Used to classify by severity or other choice. |
| TimeStamp |
The Date and Time at which the event was received |
| LoriotPro Agent |
The Name (if defined in the directory)and IP address of the LoriotPro that has generated the event. "local" is used for events generated by this LoriotPro |
| Event reference |
The unique number identifying this type of event |
| IP reference |
The Name and IP address of the host to which this event refers. |
| Alert message |
The message describing the default |
The lower part of the contextual menu allow you to manage the event status.
| |
Acknowledge Selection |
Select one or more event in the list and acknowledge them. Their color change to light grey on white background. |
| |
Acknowledge All Events |
All Events are Acknowledged. Their color change to light grey on white background. |
| |
Clear Acknowledged Events |
Erase Acknowledged events from the display list. They are still logged in the event files |
| |
Clear All Events |
Erase all events from the display list. They are still logged in the event files |
| |
Clear Selected Events |
Erase the selected events from the display list. They are still logged in the event files |
A doucle click on an event displays a detailled information window. The IP address of the host to which this event is associated is displayed in the top left corner. Button allows you to access the properties, the event logs, perform a telnet or a web session on this machine.
The Acknowledge check box allows you to set the status of this event when it has been red. The text of this entry becomes light grey on white background under the Global Events tab.
Event level
LoriotPro has its own events. Each process could send events to the Event Manager. These are local events. Events receive from other devices connected on the network are external events. Loriot is able to manage Traps which are SNMP events sent by devices and defined in MIB. LoriotPro support SNMP v1 traps, SNMP V2c and V3 informs. Authentication is also supported.
The Global Events window icons are made of triangles containing a question mark and are of different colors.
Table of Global Events window status icons
| Icons |
Functions |
Remark |
|
|
Message of level 0 |
internal |
|
|
Message of level 1 |
notification |
|
|
Message of level 2 |
low severity |
|
|
Message of level 3 |
high severity |
|
|
Message of level 4 |
very high severity |
|
|
Message of level 5 |
user defined |
|
|
Message of level 6 |
user defined |
|
|
Message of level 7 |
user defined |
|
|
Message of level 8 |
user defined |
Registering new events
Each event has a unique number and a name. Internal event numbers range from 1 to 9999. Customized events could be defined for incoming trap, plugin events or third party products.
To create a new event you could either edit the events.txt file or use the graphical interface.
All existing numbers are defined in the events.txt file, located in the /bin directory of LoriotPro.
To access the graphical intefrace, select Menu->Configure->Register New Event Number
The following dialog box is displayed
The upper list box allow you to select an existing event.
To create a new event, enter a new event number. Check first that the number is not already used. Define the associated comment and click on Register New Event.
Remark: The DSNMP library manages the numbering logic of events and their generation. A SDK function allows a Plugin to perform a dynamic registration of a new event type that could be used by the event filter.
File of registered Events
The events.txt file is located in the /bin directory of LoriotPro. This file contains all events that are known to the software. This file is used by the Filter process to display event’s name in the filter tree of the Event manager window. This file is also used when creating a new event filter
#Events reference number to name
#don’t modify this first part of the file (tab no allowed)
1 "New host"
2 "New network"
5 "Load Tree"
6 "Append Tree"
7 "New Tree"
8 "Delete Tree Item"
100 "Host go up"
101 "Host go down"
102 "Host go polled"
103 "Host go no polled"
200 "HTTP Server go up"
201 "HTTP server go down"
202 "POLLING GO UP"
203 "POLLING GO DOWN"
204 "POLLING PING GO UP"
205 "POLLING PING GO DOWN"2
06 "POLLING SNMP GO UP"
207 "POLLING SNMP GO DOWN"
208 "Plugin Loading error"
209 "plugin loaded"
210 "Loriot go up"
211 "Loriot go down"
212 "SnmpV3 Authentication Error"
213 "SnmpV3 Replay"
214 "SnmpV3 Error"
215 "Service Plugin Loading error"
216 "Service plugin loaded"
217 "Kernel GetTableEntry Buffer overflow"
300 "Trap event"
#after 10000 for custom event (plug-in)
10011 "Service URL Link Polling v1.0"
10012 "Service SmtpEventScheduler v1.0"
10010 "Service TCP Polling v1.0"
If you want to define or name a new event, you should use a reference value higher than 10 000.
Reference values between 0 and 9 999 are reserved to LoriotPro upper are free.
In the event.txt file display for example, the reference 10
010 is associated to the Plugin "Service
TCP Polling v1.0".
The following screen capture shows the filter window with example of local
events.
Events filters window
External Events
As we mention before, by default LoriotPro sends the event to its local Event manager server. This event could be forwarded to a remote LoriotPro system. For this remote Event manager server, the incoming event will be considered as external events.
The LoriotPor system should be modified to send its events to another address than the one by default. The configuration is stored in the loriot.ini file and lalarm.ini file located in the /bin directory of the LoriotPro system.
loriot.ini file
In the loriot.ini the parameters that should be changed are under [ALARM]
The alarm_port option defines
the UDP port used as destination port when sending events.
The alarm_ip option defines the IP address
used as destination address when sending events.
Extract of the file :
[ALARM]
alarm_port 5001
alarm_ip 127.0.0.1
lalarm.ini file
In the lalarm.ini, the parameters that should be changed are under [ALARM].
The alarm_port option defines
the UDP port used by the Event Manager server as listening port.
The alarm_port option defines the UDP port
used by the Syslog server as listening port.
Extract of the file :
[ALARM]
alarm_port 5001
syslog_port 514
Remark: If you want to forbid the Syslog message reception, you should use the port number 0 as valu for the syslog_port parameter. The Syslog server will not start in this case.
Event management algorithm
The Event management algorithm will be explained by the example below:
-
A change is detected by one of the internal process of LoriotPro, a host creation for example.
-
The process sends to the Event manager process a structured message (the event) containing a reference number
-
The Event manager displays the received event in the Global Events window
-
It reads the filter list loaded in memory from the trapfilter.txt file
-
If a filter condition is satisfied, it executes the associated actions.
Remark: Many actions could be defined for a single received event. The algorithm will check all defined rules for a specific event and will execute all those which are satisfied.
Event management algorithm
Event log file
All received events are stored in a log file. A new file is created each 24 hours with a new name and contains a time-stamp. These log files are located in the directory /bin/www/log in an HTML format. They could be read from a LoriotPro WEB remote access.
The events that are not correctly structured but readable
for the Event manager are displayed in the global event window with the icon
.
Example of event file name
Bin/www/log/ event_May_08_2002.html
Remark: The received Syslog messages are stored in the same directory but with a name starting by Syslog.
Example of syslog file name
Bin/www/log/ syslog_May_08_2002.html
Reading Event log
Reading the event log is performed by the Event Browser module.It is possible to read Event log file from the main menu, select :
Supervise>See Events Log Files…
A selection window enables you to choose the file that you want to read.
Remote access to the Event log files
Event lofg files are visible from a remote WEB navigator. The ‘LoriotPro HTTP Service’ should be configured and started.
Example
In this example, the Events button of the WEB page has been selected.
A file is then selected:
Example of event log file
All events could also be stored in an ODBC database which give to administrator a powerful tool for event management with advanced sorting options.
The interface uses PHP script for displaying the data coming from the database. If everything is set properly, (refer to chapter for setting the database) you are able to see events that are stored in the database and make advanced filtering search.
Choose Database from the main menu of WEB server the home page the select Events.
Result of the database query
Remark: Refer to chapter “setting database” for detailed explanations.
Event access stored in database
The tool ‘Database Query..’ allows you to sort events and display them from the GUI. These events are stored in a standard ODBC Database.
From the main menu select :
Supervise>Database Query…
Menu Supervise
The ‘Database Query’ window help you to build “SQL” query and display sorted events.
Database Query
window
www.loriotpro.com |
|