Hi Saurabh-
I usually run once a month by month end or sometimes as-needed few queries
to see what events are generated and what devices are generating top-most
events.
WHAT EVENTS:
./mysql -uroot -proot ddmdb
SELECT type, count(*) as c from event where utime > UNIX_TIMESTAMP('2012-02-07
00:00:01') and utime < UNIX_TIMESTAMP('2012-02-07 23:59:59') group by type
order by c desc;
OR;
SELECT hex(model_h), count(*) as c into outfile 'd:/mysqloutput.out' from
ddmdb.event where utime >UNIX_TIMESTAMP('2012-02-09 00:00:00') and utime <
UNIX_TIMESTAMP('2012-02-10 23:59:59')and type=66305 group by hex(model_h) order
by c desc;
TOP-MOST EVENTS by DEVICES:
mysql -uroot -proot ddmdb -e "select hex( type ), hex( e.model_h ),
m.model_name, count( * ) as cnt from event e, model m where e.model_h =
m.model_h group by type, e.model_h order by cnt desc limit 750"
If you have any questions or concerns, please feel free to contact me. Thank
you.
Cheers, Ali
________________________________
From: Bohra, Saurabh [mailto:[email protected]]
Sent: Friday, March 30, 2012 10:15 AM
To: spectrum
Subject: [spectrum] Events Management
Hello Experts,
I want to know get some ideas how Spectrum administrators do Event management.
Once in a while I usually see Archive experts Event Table - Average Daily
Growth section. Yesterday after three weeks from my last observation I noticed
that there was an increase of 70 Mbpd. Not many devices had been added to
Spectrum in last few days, so I started digging the cause of increase and
things started getting interesting.
1. We were getting a lot of Authentication failure traps (Event 0x1030a)
60-75 K traps per day from few of our servers and switches (non-cisco), however
no alarm were generated in Spectrum.
2. Several ports in the environment were flapping, however they were
below the threshold of Link up/down alarm, so un-noticed.
3. We have so many different types of devices in our environment that
it's difficult to keep up with all the MIBs and evaluate every trap. One device
which was recently upgraded suddenly started sending 100K + traps a day which
was unmapped hence went un-noticed.
So, before I go crazy and re-invent the wheel, I want to hear from the experts
how do you find issues in your environment for which you might be collecting
data however goes undetected like few scenarios described above.
Thanks,
Saurabh Bohra
Sr. Network Mgmt Systems Analyst
ESPN Inc.
O: 860-766-0842 | M: 860-385-3597 | e-mail: [email protected]
* --To unsubscribe from spectrum, send email to
[email protected]<mailto:[email protected]> with the body: unsubscribe spectrum
[email protected]
________________________________
NOTICE: The information contained in this electronic mail transmission is
intended by Convergys Corporation for the use of the named individual or entity
to which it is directed and may contain information that is privileged or
otherwise confidential. If you have received this electronic mail transmission
in error, please delete it from your system without copying or forwarding it,
and notify the sender of the error by reply email or by telephone (collect), so
that the sender's address records can be corrected.
---
To unsubscribe from spectrum, send email to [email protected] with the body:
unsubscribe spectrum [email protected]
