We are forwarding live exception traps from eHealth pollers to MLS (where we have eventadmin configured for the live eHealth poller)
mapping between elements of eHealth and Spectrum already done and we are able to fetch eHealth report from Spectrum against the device/interface and its working fine.
But live exception alerts are getting mapped on the device rather than respective element.
eg. we have BW utilization alerts coming from eHealth to Spectrum which are getting mapped to the device model instead of interface model.
Is anything I am missing here?
Not sure the alerts gets mapped to interface models , they by default gets mapped to the device models in Spectrum
When a trap is forwarded from ehealth it has the source IP of device so it gets by default mapped to device model in Spectrum
At least this is what I see in our environment
Even i thought the same, but integration guide says that it should get mapped to respective elements provided elements are mapped between CA Spectrum and eHealth.
Did you check to see if the interfaces that are generating events are mapped in eHealth elements? For each device/interface models there are a series of attributes in Spectrum that will show you information about eHealth integration. All of them start with EH_ . Check the list to see if your interface has an element associated in eHealth.
I am able to fetch ehealth report against that interface from spectrum, also EH_Element_Name_List attribute on device show this interface name as well.
eHealth Live Exception trap is forwarded to target model via Southbound Gateway (Event Admin) model in Spectrum. The forwarding process looks at event variable 8 (see line 5 below, i.e. element ip) which has pre-defined meaning within Southbound Gateway. Refer to here for more details.
Here is the eHealth Live Exception trap Alert mapping in $SPECROOT/SS/CsVendor/Concord/AlertMap.
# nhLiveAlarm126.96.36.199.188.8.131.52.21 0x05420102 184.108.40.206.220.127.116.11.2.1(21,0)\ #eh server ip 18.104.22.168.22.214.171.124.2.2(26,0)\ #eh server name 126.96.36.199.188.8.131.52.2.3(101,0)\ #eh server port 184.108.40.206.220.127.116.11.3.1(8,0)\ #element ip 18.104.22.168.22.214.171.124.3.2(102,0)\ #element name 126.96.36.199.188.8.131.52.3.3(22,0)\ #elementId 184.108.40.206.220.127.116.11.3.4(103,0)\ #startTime 18.104.22.168.22.214.171.124.3.10(104,0)\ #Rule Message/Title 126.96.36.199.188.8.131.52.3.8(105,0)\ #eh group 184.108.40.206.220.127.116.11.3.9(106,0)\ #eh group list 18.104.22.168.22.214.171.124.3.5(107,0)\ #ex. type 126.96.36.199.188.8.131.52.3.6(108,0)\ #eh variable 184.108.40.206.220.127.116.11.3.7(109,0)\ #severity 18.104.22.168.22.214.171.124.17.2.5(110,0)\ 126.96.36.199.188.8.131.52.3.14(111,0)\ #profile 184.108.40.206.220.127.116.11.3.11(112,0)\ #alarmId 18.104.22.168.22.214.171.124.3.12(113,0)\ #tech type 126.96.36.199.188.8.131.52.3.17(114,0)\ #event carrier 184.108.40.206.220.127.116.11.3.18(115,0)\ #element alias 18.104.22.168.22.214.171.124.3.19(116,0)\ #component 126.96.36.199.188.8.131.52.3.20(117,0)\ #description 184.108.40.206.220.127.116.11.3.21(118,0)\ #alarmOccurrenceID 18.104.22.168.22.214.171.124.3.22(119,0)\ #profileId 126.96.36.199.188.8.131.52.3.23(120,0)\ #baseType 184.108.40.206.220.127.116.11.3.24(25,0) #eh machine id
So you can capture the trap using Wireshark etc. and check the IP address value of event variable 8 (Variable Binding 18.104.22.168.22.214.171.124.3.1). If that is the IP address of your interface model then Spectrum should assert the alarm on that interface model.
Thanks Widjaja, will check that also...
On spectrum console that interface is showing an IP address but on eHealth side the interface IP is same as device IP, so in the trap its sending only device IP.
Can we change interface IP on eHealth side? or this is the only way it will work?
Also i tried changing the IP address on interface element in the eHealht and then again regenerated the alert, now this time in the trap its showing the updated IP address but again alert got inserted on device model instead of interface..
It seems eHealth always send device IP address in the Live trap.
The issue here is that the eHealth Live Exceptions profile will have a rule configured to send the trap. This rule will be set for Element Type = Device. And so it will send the IP address of the device in the trap.
You would need to create a new rule for the particular profile you use in Live Exceptions under;
Live Exceptions -> Setup menu -> Profiles
Then select the relevant Profile and it will list all its applicable rules. Create a new one with the same parameters but with Element Type = LAN/WAN. You can further refine the Element Type to be a specific type of interface (such as Ethernet, Generic LAN interface, Fibre Channel etc.). Just be sure to select the one that matches the eHealth Element that you're building the profile for.
Thanks Mohammed, but we have Element Type = LAN/WAN in the rule.