How to disable the South Bound Gateway alert forwarding on a Host_systemEDGE model for the Log File Monitor trap in Spectrum

book

Article ID: 51898

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

How to disable the South Bound Gateway alert forwarding on a Host_systemEDGE model for the Log File Monitor trap in Spectrum

When using the Host_systemEDGE model for Log File Monitoring, by default, SPECTRUM will try to parse the matched log file for a hostname or ip address to forward to a model in the SPECTRUM database. If SPECTRUM is unable to parse a hostname or ip address from the log file, SPECTRUM will generate an event on the Host_systemEDGE model to that fact and not generate an alarm.

Sometimes, logs being monitored do not conform to the requirements to parse a hostname or ip address from the syslog header but the user still wants an alarm to be generated should there be a match.

Environment

Release: Any
Component:

Resolution

Set the Enable_SouthboundGateway attribute 0x116296e on the Host_systemEDGE model to No.

Edit the $SPECROOT/SS/CsVendor/Ctron_Gen_HOST/Host_systemEDGE/EventDisp file and change the entry for 0x116002f to the following:

0x0116002f E 50 A 3, 0x0116002f

Update the SpectroSERVER cache.  Now, when SPECTRUM receives a logMonMatchtrap from this Host_systemEDGE model, a CRITICAL alarm will be asserted on the Host_systemEDGE model.