[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opennms-discuss
Subject:    Re: [opennms-discuss] Unformatted Enterprise Event
From:       J Kephart <jkephart () safetynetaccess ! com>
Date:       2012-03-23 18:19:37
Message-ID: 4F6CBEB9.8050906 () safetynetaccess ! com
[Download RAW message or body]

Thanks to all!  Greg, your reminder about the event detail gave us 
precisely what we needed, and we're now getting properly formatted 
events, and now they actually provide us with useful information.  
Again, my thanks!

-- Jim

On 03/22/2012 07:23 PM, Greg Chavez wrote:
> I would hardly call unformatted events dreaded; they're quite useful.
> > From the UI, if you click the event ID either from the Events list or
> from the node page, you should see the Event Detail.  That shows you
> the minimum OID mask required to catch the trap and associate it with
> an event.  The link provided by Jim Kephart should help you with the
> rest of the configuration.
>
> --Greg Chavez
>
> On Thu, Mar 22, 2012 at 5:54 PM, J Kephart<jkephart@safetynetaccess.com>  wrote:
>> Hi!
>>
>> We've been searching everywhere (lists, Google, you name it) for anything
>> that will help us identify what we need to do in order to rid ourselves of
>> the dreaded "Received unformatted enterprise event" error.  In this
>> situation, we're monitoring a number of Fortinet FortiGate firewalls; we're
>> using the events file that installed as part of the OpenNMS installation
>> (<ONMS_HOME>/etc/events/Fortinet.events.xml).  We routinely get the
>> following error:
>>
>> Received unformatted enterprise event (enterprise:.1.3.6.1.4.1.12356.101.2
>> generic:6 specific:301). 4 args:
>> .1.3.6.1.4.1.12356.100.1.1.1.0="FGXXXXXXXXXXXXXX"
>> .1.3.6.1.2.1.1.5.0="SNA-CoLo" .1.3.6.1.4.1.12356.101.12.3.2.0="64.xx.xx.xx"
>> .1.3.6.1.4.1.12356.101.12.3.3.0="63.xx.xx.xx"
>>
>> I suspect the problem lies with the inability to translate the
>> enterprise-specific arguments passed as part of the trap, and you'll note
>> that the lone MIB-2 argument is properly translated.  The problem we're
>> having is that we can't seem to find the file(s) that is/are used to define
>> those vendor-specific OID's.  From what we can tell, the OpenNMS core has
>> the "standard" MIB's, such as MIB-2, etc., built in.  Clearly, it does not
>> have the Fortinet OID's, save for a couple used for data collection.
>>
>> If our suspicion is correct, can anyone tell us where we might put the OID's
>> from the FORTINET-CORE-MIB and FORTINET-FORTIGATE-MIB so that OpenNMS can
>> retrieve those values on receipt of a trap?  Or, if it's something simpler
>> than that, please advise.  As I said, we've spent days looking for an
>> answer, and we've found nothing that seems to help.
>>
>> As an aside, if we do have to include the OID's elsewhere, we may have a
>> problem doing so, since parseMIB.sh is having real trouble parsing the
>> Fortinet MIB's.  No matter what we've included, MIB-wise, and in what order,
>> we constantly get and error when it hits the MODULE-IDENTITY marker.  Any
>> thoughts on that would be appreciated, as well, but secondarily to the
>> question above.
>>
>> Many thanks!
>>
>> Jim Kephart
>> Safety NetAccess, Inc.
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Please read the OpenNMS Mailing List FAQ:
>> http://www.opennms.org/index.php/Mailing_List_FAQ
>>
>> opennms-discuss mailing list
>>
>> To *unsubscribe* or change your subscription options, see the bottom of this
>> page:
>> https://lists.sourceforge.net/lists/listinfo/opennms-discuss
>
>

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss
[prev in list] [next in list] [prev in thread] [next in thread]