DX NetOps

Dear Team,

We are forwarding live exception traps from eHealth pollers to MLS (where we have eventadmin configured for the live eHealth poller)

mapping between elements of eHealth and Spectrum already done and we are able to fetch eHealth report from Spectrum against the device/interface and its working fine.

But live exception alerts are getting mapped on the device rather than respective element.

eg. we have BW utilization alerts coming from eHealth to Spectrum which are getting mapped to the device model instead of interface model.

Is anything I am missing here?

Regards

Ajit C

Hi Ajit,

Not sure the alerts gets mapped to interface models , they by default gets mapped to the device models in Spectrum

When a trap is forwarded from ehealth it has the source IP of device so it gets by default mapped to device model in Spectrum 

At least this is what I see in our environment 

Hi Phani,

Even i thought the same, but integration guide says that it should get mapped to respective elements provided elements are mapped between CA Spectrum and eHealth.

Regards

Ajit C

Hi Catalin,

I am able to fetch ehealth report against that interface from spectrum, also EH_Element_Name_List attribute on device show this interface name as well.

Regards

Ajit C

Hi Ajit,

eHealth Live Exception trap is forwarded to target model via Southbound Gateway (Event Admin) model in Spectrum. The forwarding process looks at event variable 8 (see line 5 below, i.e. element ip) which has pre-defined meaning within Southbound Gateway. Refer to here for more details.

Here is the eHealth Live Exception trap Alert mapping in $SPECROOT/SS/CsVendor/Concord/AlertMap.

# nhLiveAlarm
1.3.6.1.4.1.149.6.21 0x05420102 1.3.6.1.4.1.149.2.2.1(21,0)\ #eh server ip
                                1.3.6.1.4.1.149.2.2.2(26,0)\ #eh server name
                                1.3.6.1.4.1.149.2.2.3(101,0)\ #eh server port
                                1.3.6.1.4.1.149.2.3.1(8,0)\ #element ip
                                1.3.6.1.4.1.149.2.3.2(102,0)\ #element name
                                1.3.6.1.4.1.149.2.3.3(22,0)\ #elementId
                                1.3.6.1.4.1.149.2.3.4(103,0)\ #startTime
                                1.3.6.1.4.1.149.2.3.10(104,0)\ #Rule Message/Title
                                1.3.6.1.4.1.149.2.3.8(105,0)\ #eh group
                                1.3.6.1.4.1.149.2.3.9(106,0)\ #eh group list
                                1.3.6.1.4.1.149.2.3.5(107,0)\ #ex. type
                                1.3.6.1.4.1.149.2.3.6(108,0)\ #eh variable
                                1.3.6.1.4.1.149.2.3.7(109,0)\ #severity
                                1.3.6.1.4.1.11.2.17.2.5(110,0)\
                                1.3.6.1.4.1.149.2.3.14(111,0)\ #profile
                                1.3.6.1.4.1.149.2.3.11(112,0)\ #alarmId
                                1.3.6.1.4.1.149.2.3.12(113,0)\ #tech type
                                1.3.6.1.4.1.149.2.3.17(114,0)\ #event carrier
                                1.3.6.1.4.1.149.2.3.18(115,0)\ #element alias
                                1.3.6.1.4.1.149.2.3.19(116,0)\ #component
                                1.3.6.1.4.1.149.2.3.20(117,0)\ #description
                                1.3.6.1.4.1.149.2.3.21(118,0)\ #alarmOccurrenceID
                                1.3.6.1.4.1.149.2.3.22(119,0)\ #profileId
                                1.3.6.1.4.1.149.2.3.23(120,0)\ #baseType
                                1.3.6.1.4.1.149.2.3.24(25,0) #eh machine id

So you can capture the trap using Wireshark etc. and check the IP address value of event variable 8 (Variable Binding 1.3.6.1.4.1.149.2.3.1). If that is the IP address of your interface model then Spectrum should assert the alarm on that interface model.

Regards,

Widjaja

Thanks Widjaja, will check that also...

Regards

Ajit C

Hi Widjaja,

On spectrum console that interface is showing an IP address but on eHealth side the interface IP is same as device IP, so in the trap its sending only device IP.

Can we change interface IP on eHealth side? or this is the only way it will work?

Regards

Ajit C

Also i tried changing the IP address on interface element in the eHealht and then again regenerated the alert, now this time in the trap its showing the updated IP address but again alert got inserted on device model instead of interface..

It seems eHealth always send device IP address in the Live trap.

Hi Ajit,

The issue here is that the eHealth Live Exceptions profile will have a rule configured to send the trap. This rule will be set for Element Type = Device. And so it will send the IP address of the device in the trap.

You would need to create a new rule for the particular profile you use in Live Exceptions under;

Live Exceptions -> Setup menu -> Profiles

Then select the relevant Profile and it will list all its applicable rules. Create a new one with the same parameters but with Element Type = LAN/WAN. You can further refine the Element Type to be a specific type of interface (such as Ethernet, Generic LAN interface, Fibre Channel etc.). Just be sure to select the one that matches the eHealth Element that you're building the profile for.

Thanks Mohammed, but we have Element Type = LAN/WAN in the rule.