ntevl probe - receiving DHCP scope full alerts that do not include scope details
search cancel

ntevl probe - receiving DHCP scope full alerts that do not include scope details

book

Article ID: 217852

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) Unified Infrastructure Management for Mainframe CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

check: CRITICAL ALARM ON NIMSOFT MANAGED RESOURCE 
Description: Thu 10 Jun, 2021 - 19:07:25 - NIMSOFT SNMP GATEWAY Critical Alarm generated with the following details: ---------------------------------------------------------------- SubnetMonitor (1063 - None): ALERT: scope or subnet has fewer IPs available than the configured threshold.Scope: Threshold: 1 Site 

We are getting these alerts without DHCP scope details so please help us to resolve the issue asap.

Environment

Release : 20.3

Component : UIM - NTEVL

OS: Windows 2016 Datacenter

Cause

- This was a Windows event message issue, not an ntevl probe issue.

Resolution

Customer wanted to exclude specific alarms (blind scope alerts/alerts missing DHCP scope details) through ntevl/nas exclusion.

Normal/expected DHCP scope alert:

SubnetMonitor (1063 - None): ALERT:  10.xxx.xxx.0/23 scope or subnet has fewer IPs available than the configured threshold.Scope: 10.xxx.xxx.0/23  Threshold: 38  Site Name: XXXxxxx - GIA/EHS  Site Code: PG  DNS Code: xxxx.xxxx.com  Function: GIA (Guest Internet Access)Environment: XXX (Utility DMZ - Internet Connectivity Engineering)
Source: xxxxxxx01
IP/HostName: 10.x.xxx.xxx
Level: 5
Suppression Key: ntevl/10.xxx.xxx.0/23
Subsystem: NMS.Alarm.Logs.NT-EventLog.Application
Probe ID: 
Origin: xxx-xxx-xxx01_hub
Arrival Time (s): 1623991218
NIM-ID: VO80025237-87094
Domain: xxx-xxx-xxx01_domain

DHCP "Blind scope" alert:

SubnetMonitor (1063 - None): ALERT:   scope or subnet has fewer IPs available than the configured threshold.Scope:   Threshold: 1  Site Name:   Site Code: Missing  DNS Code:   Function: MissingEnvironment: Missing

Steps Taken:

 

1. Created a nas AO preprocessing rule to exclude all blind scope alerts

2. Message filter:

   /.*SubnetMonitor (1063 - None): ALERT:   scope or subnet has fewer IPs available than the configured threshold.Scope:   Threshold: 1  Site Name:   Site Code: Missing  DNS Code:   Function: MissingEnvironment: Missing.*/

for the source/host-> xxxxxxxx

and probe-> ntevl

In the nas, we tested it by sending a test alarm and it worked - only 'blind' scope ntevl alerts are being excluded.

Powered by Wolken Software