02-02-2012 04:51 AM
I have a PCM+ that´s working properly but i have problems with policies:
- I receive logs from network switches on the PCM+ syslog correctly but when i configure a policy based on these logs it can´t be triggered. The policy is well configured because when i apply it based on traffic activity threshold it works.
Can you help me?
02-03-2012 11:28 AM
Unfortunately PCM doesn't support policies based on data from syslog messages, only data from PCM events. PCM events are generated from the reception of SNMP traps from devices, so perhaps you can configure the switch(es) in question to send traps for whatever you're trying to capture out of the syslog ...?
The reason for this is that syslog formats vary wildly and parsing the various messages with any sort of accuracy for content that can then be plugged into a policy (e.g. IP addresses, port numbers, ifIndexes, etc.) is extremely error-prone. In contrast, SNMP traps can be parsed for their content by OID, meaning that PCM can always rely on finding the bits of data it needs without the guesswork and potential error involved in parsing a syslog string.
02-06-2012 04:23 AM
Thank you very much for your as¡nswer but, if i understand, you mean that if i have a switch that send logs to the PCM+ own integrated syslog I can´t configure a policy based on these log messages?
So, how can i do to configure a policy that notify me if a port or link goes down?
02-07-2012 09:38 AM
PCM collects syslog information so that it's centrally available, but because of the variability in syslog record content and format PCM does not process syslog messages as policy triggers.
If you want to trigger a policy to notify you of a particular event, such as a port changing state, you have to do so based on SNMP events. If the device can generate an SNMP trap for the event you're interested in - and I believe that the HP switches are capable of generating a trap for port up/down - then you can create a policy in PCM that will notify you via email or dialog box on the PCM console.