How to disable the South Bound Gateway alert forwarding on a Host_systemEDGE model for the Log File Monitor trap (Legacy KB ID CNC TS32365 )

Document ID : KB000051898
Last Modified Date : 14/02/2018
Show Technical Document Details

Set the Enable_SouthboundGateway attribute 0x116296e on the Host_systemEDGE model to No.


Edit the $SPECROOT/SS/CsVendor/Ctron_Gen_HOST/Host_systemEDGE/EventDisp file and change the entry for 0x116002f to the following:


0x0116002f E 50 A 3, 0x0116002f


Update the SpectroSERVER cache.  Now, when SPECTRUM receives a logMonMatchtrap from this Host_systemEDGE model, a CRITICAL alarm will be asserted with the following similar event:






Severity



Created On



Name



Event



Created By



Cleared On



Cleared By



Event Type




Critical



Jul 23, 2009 3:15:15 PM EDT



ackjo04-8



Device ackjo04-8 of type Host_systemEDGE reported that a LogMonitorMatch event has occurred.

Matched Text: Jun  8 14:48:00 VoiceLab_Server_Switch 1389704: Jun 08 13:27:51.245 UTC : %TEST-0-test: This is another test

Monitored File: C:/test/test.txt

Monitor Description:



System





0x116002f

.

Related Issues/Questions:
How to disable the South Bound Gateway alert forwarding on a Host_systemEDGE model for the Log File Monitor trap

Problem Environment:
SPECTRUM 08.01.00.00
SPECTRUM 09.00.00.00
0x116002f
When using the Host_systemEDGE model for Log File Monitoring, by default, SPECTRUM will try to parse the matched log file for a hostname or ip address to forward to a model in the SPECTRUM database. If SPECTRUM is unable to parse a Hostname or ip address from the log file, SPECTRUM will generate an event to that fact and not generate an alarm.

Sometimes, logs being monitored do not conform to the requirements to parse a Hostname or ip address from the syslog header but the user still wants an alarm to be generated should there be a match.




(Legacy KB ID CNC TS32365 )