Extracting Omnibus Events

Omnibus uses a memory resident database to store events in. This database is accessible via an API that you can pass SQL statements.

Here are some of the basic SQL statements to get you started.

select * from alerts.table;
select Node, Tally, Summary from alerts.table;
describe alerts.table;

Look for ITM and TEC integration information for Netcool OMNIBus coming in the next month.

UPDATED - Links Can Enhance the ITM User's Experience

I know, it sounds like the title of some email that your spam killer dropped before getting to your inbox, but as corny as it sounds there are ways to customize ITM to better suite the user's needs. One of these ways is by using links in your TEP workspaces. In this article I'll demystify links and discuss their use.

There are two types of links in ITM 6 - simple and advanced.

Simple Link
Basically an HTML link from one workspace to another. Click the link in a source workspace and it takes you to a target workspace. The navigator basically does the same thing, only with simple links, you can link charts, navigator items, tables and graphical icons to a specific workspace that you create.

Advanced Link
This is the same as a simple link, only it allows you to pass data through from the target workspace to the source workspace through something called a link symbol. A link symbol is like a variable or place holder that you create, and data gets passed into it from the source workspace.

Uses
From your graphical view, you could have a representation of your company by application, for example, and create links on each application icon that takes the user to a more detailed workspace for each application.

From a multi-result row query from a UA, you could create advanced links to pass the data returned by the UA you wrote to a target workspace you create, and have the target workspace filter on that data only. You can get even more creative and manipulate the data being passed dynamically.

Advanced links can minimize the number of workspaces you need to create by making them more dynamic. So it's more than just a fancy term.

Updated - ITM 6.1 Success Story - 99.998% availability

One of my customers, who shall remain nameless for now, has a support contract with Gulf Breeze Software to maintain and monitor their Tivoli Infrastructure. This encompasses everything from User Admin, TDW reporting, remote monitoring of the ITM 6.1 and TEC infrastructure, custom situations and patch deployment.

We use site to site VPN from our data center to maintain a constant network connection that allows remote monitoring and administration of the ITM and TEC infrastructure

I am excited because over the last 3 months, we have achieved 99.998% uptime/availability of the monitoring infrastructure. This is equivalent to 51 seconds of unplanned outages over 3 months. People always want to know, what is availability?

Here is my definition - ITM 6.1 is available IF:

1) I can login to the TEP
and
2) I can view realtime data from an agent on a remote tems
and
3) I can view historical data from the TDW
and
4) TEC has processed a heartbeat event in a specified time frame
and
5) I can successfully access the Universal Message Console on the HUB TEMS.

If I can do all of these - then ITM is ready for business.

While ITM 6.1 has some issues to overcome, the overall code is proving to be stable. Most of the procedures used are located on this web site in the BLOG, however every situation (no pun intended) has its own issues and will require experienced individuals to implement a solution correctly and quickly.

Items such as the TEC Heartbeat, TDW Last Write UA and the SOAP server are all actively being used to achieve our high availability numbers.

If anyone is interested in service contracts from Gulf Breeze Software - contact Tony Delgross at tony.delgross@gulfsoft.com

January Newsletter

It's been a long time since we had a newsletter, but we've made up for it with the Blog articles. So here is a collection of our best articles in a nice newsletter.

Happy New Year.

Our newsletter can be downloaded here....

Netcool Overview for newbies

So what is this Netcool thing people are talking about in the office? What does it do? Why is it so great? Why should I care? Read on for an overview of Netcool that will help answer these questions..

Micromuse

Netcool was formerly owned by Micromuse, who was aquired by IBM in February of last year. The Netcool product suite is now under the IBM umbrella of enterprise monitoring tools.

Netcool

Netcool is a term that stands for multiple products, or components, that make up the total Netcool product suite.

Probes

Probes are executables that are designed to collect event data from a specific source, like email or a database, and apply any rule logic defined to the event data before forwarding an alert to the ObjectServer event bus.

Omnibus

Omnibus contains the event console, called an event list, and the event bus called the ObjectServer. Most components, but not all, connect to the ObjectServer to get event data from the bus.

License Server

License Server listens on a port for license validation requests from most Netcool products, otherwise the products will not function. Licensing is strictly controlled in this way.

Security Manager

Security Manager provides integration with LDAP (e.g. Active Directory, OpenLDAP, etc.), NIS, or you can use you ObjectServer for authentication. Security Manager provides authentication for other Netcool products like Impact, Precision, Webtop, and RAD.

GUI Foundation Server

This server provides the web framework for Netcool products like Precision, Webtop and RAD. It provides single-signon authentication by connecting to Security Manager, and routes license requests from these products to the License Server

Precision IP

Precision provides network monitoring in Netcool. Precision will perform network discovery (both layer 2 and 3 for routers and switches) and handles SNMP (supports v3). Precision provides multiple products inside of it, among them Topoviz, which manages the network topology in a mySQL database, and Webtop for web access.

Impact

Impact provides the ability to connect to a data source, like a database, and enrich an exsting event on the bus with additional information, and then publish it back to the bus.

Stay tuned for further details..

What's a Netcool Probe?

So what is thing in netcool they call a probe? It has nothing to do with the X-Files or a trip to the proctologist. Probes can be equivalent to monitors, they collect data - apply some logic and then forward events to Omnibus. They can also do no monitoring at all. they can be used to integrate products like TEC with Omnibus and Impact. Omnibus is an event subsystem that receives alerts/events from various source - we will talk about that in a later article

Typically, probe has a "props" or properties file that tells the probe where to connect, how often to do something, any specific user id's and various other parameters. There are also "rules" files, these files let you apply logic to the data you collect.

The number of probes available from IBM/Netcool is incredible, everything from a pring probe that simply pings hostnames/ip addresses to an ODBC probe that remotely connects to compliant databases and extracts data and then you can apply rules to the data. You also have the ability to write your own probes.

NTFS Filesystem in Linux

My lab setup consists of several virtual machines and two physical systems, one running Linux and one running Windows XP. To distribute the load I need to shift these virtual machines from one system to another and I needed a common filesystem that can be natively accessed by both Windows and Linux. FAT filesystem is good for smaller and insecure filesystems, but its disadvantages far outweigh the benefits. Surprisingly, NTFS seems to be better bet for sharing filesystems across Linux and Windows. Here is a brief information on how to share NTFS filesystems in Linux

Download, compile and install NTFS driver and FUSE

There are quite a few NTFS drivers are available for Linux. But some of them offer only read capability. The best NTFS driver I found was ntfs-3g. It supports both NTFS read and write and worked flawlessly.

You can download and install NTFS-3g driver from here. The installation instructions are available at the website as well.

One quick note: ntfs-3g requires FUSE (File System in User Space). You will have to insert fuse module by running "/sbin/modprobe fuse" after the successful installation of fuse. (and everytime after boot! so better put it in a rc script).

Make entries in /etc/fstab.

I have an external USB NTFS hard drive and the /etc/fstab entry for that is given below.
/dev/sda1 /media/Vmware ntfs-3g silent,users,sync,umask=0,locale=en_US.utf8,no_def_opts,allow_other 0 0

Mount your NTFS filesystem

Now, you can mount the NTFS filesystem using mount command. If it is already mounted as read-only due to USB auto-detection, you can unmount and remount it. My mount shell script looks like below.

sudo umount /dev/sda2
sudo /sbin/modprobe fuse
sudo mount /dev/sda1

That is it. Hope you find this useful.

Performance
Overall, the ntfs-3g performance was excellent. I was able to share the NTFS hard drive using Samba. However under extremely heavy load, the NTFS driver eats lot of CPU and during these times performance was poor. Having said that, ntfs-3g should be able to meet your day-to-day NTFS needs in Linux without any problems.