Tivoli Storage Manager for Windows Administrator's Guide


Logging Tivoli Storage Manager Events to Receivers

The server and client messages provide a record of TSM activity that you, as an administrator, may use to monitor the server. You can log server messages and most client messages as events to one or more repositories called receivers. You can log the events to any combination of the following receivers:

TSM server console and activity log
See Logging Events to the Tivoli Storage Manager Server Console and Activity Log.

File and user exits
See Logging Events to a File Exit and a User Exit.

Tivoli event console
See Logging Events to the Tivoli/Enterprise Console.

Simple Network Management Protocol (SNMP)
See Logging Events to an SNMP Manager.

The Windows NT Event Log
See Logging Events to the Windows NT Event Log.

Event server receiver (Enterprise Event Logging)
Routes the events to an event server. See Enterprise Event Logging: Logging Events to Another Server.

In addition, you can filter the types of events to be enabled for logging. For example, you might enable only severe messages to the event server receiver and one or more specific messages, by number, to another receiver. Figure 70 shows a possible configuration in which both server and client messages are filtered by the event rules and logged to a set of specified receivers:

Figure 70. Event Logging Overview

Event Logging Overview

Controlling Event Logging

To control event logging do the following:

You can issue the BEGIN EVENTLOGGING and END EVENTLOGGING commands to begin and end logging for one or more receivers.

Note:At server start-up event logging begins automatically to the server console and activity log and for any receivers that are started based on entries in the server options file. See the appropriate receiver sections for details.

You can enable or disable specific events or groups of events by receiver by issuing the ENABLE EVENTS and DISABLE EVENTS commands. When you enable or disable events, you can specify the following:

For example, to enable event logging to a user exit for server messages with a severity of WARNING, enter:

enable events userexit warning 

Notes:

  1. Certain events, such as messages that are issued during server start-up and shutdown, automatically go to the console, but cannot be enabled for any other receivers.

  2. Messages in the SEVERE category and message ANR9999 can provide valuable diagnostic information if there is a serious problem. For this reason, you should not disable these messages.

Logging Events to the Tivoli Storage Manager Server Console and Activity Log

Logging events to the server console and activity log begins automatically at server startup. To enable all error and severe client events to the console and activity log, issue the following command:

enable events console,actlog error,severe nodename=*
Note:Enabling client events to the activity log will increase the database utilization. You can set a retention period for the log records by using the SET ACTLOGRETENTION command (see Setting the Activity Log Retention Period). At server installation, this value is set to one day. If you increase the retention period, utilization is further increased. For more information about the activity log, see Using the Tivoli Storage Manager Activity Log.

You can disable server and client events to the server console and client events to the activity log. However, you cannot disable server events to the activity log. Also, certain messages, such as those issued during server startup and shutdown and responses to administrative commands, will still be displayed at the console even if disabled.

Logging Events to a File Exit and a User Exit

You can log events to a file exit and a user exit:

Both file and user exits receive event data in the same data block structure (see Appendix C, User Exit and File Exit Receivers for details). Setting up logging for these receivers is also similar. Here are the steps involved:

  1. Both types of exits must be specified in the server options file (dsmserv.opt). Here are a few examples:

    File Exit:
    You can specify a file to which event logging begins at server start up and to which new data is appended to any existing data.

    To specify a binary version of the file named events.fexit, enter:

    fileexit yes events.fexit append
    

    To specify a readable text version of the file named events.ftexit, enter:

    filetextexit yes events.ftexit append
    

    For a description of the file format, see Readable Text File Exit (FILETEXTEXIT) Format.

    User Exit:
    Enter the following option to specify a user-written program named events.uexit to which event logging begins at server startup and new data appends to any existing data:
    userexit yes events.uexit 
    

    For details about these server options, see Administrator's Reference.

  2. If YES was not specified in the server option, you must begin event logging from the administrative client. For example, to begin event logging for a user-defined exit, issue the following command:
    begin eventlogging userexit
    
  3. Enable events for the receiver. Here are two examples of enabling events:

Logging Events to the Tivoli/Enterprise Console

TSM includes the Tivoli receiver, a Tivoli/Enterprise Console (T/EC) adapter for sending events to the TE/C. An event name is a four-digit message number preceded by the appropriate prefix:


Tivoli Data Protection Application Client Prefix Range
TDP for Exchange ACN 3500-3649
TDP for Domino ACD 5200-5299
TDP for Oracle ANS 500-599
TDP for Informix ANS 600-699
TDP for SQL ACO 3000-3999

Notes:

  1. The application client must have enhanced T/EC support enabled in order to route the above messages to the T/EC.

  2. Because of the number of messages, you should not enable all messages from a node to be logged to the T/EC.

Enhanced T/EC support provides unique event classes for messages logged to the T/EC from a Tivoli Storage Manager server. The following examples show the message formats:

where:

For example:

TSM_SERVER_ANR2017 
TSM_SERVER_ANR7805_AIX 
TSM_CLIENT_ANE4027 
TSM_APPL_ANE4990 
TSM_TDP_EXCHANGE_ACN3520

This section describes what you must do to set up Tivoli as a receiver for event logging.

  1. The file ibmtsm.baroc, which is distributed with the server, defines the TSM event classes to the T/EC.
    Note:If you have migrated from ADSM Version 3 and have an existing ibmadsm.baroc file, do one of the following:
    • Remove the file.
    • Create a new rule base.
    • Copy the file.
    Before the events are displayed on a T/EC, you must import ibmtsm.baroc into an existing rule base or create a new rule base and activate it by using the following file:
  2. Define an event source and an event group:
    1. From the TME desktop, select Source from the EventServer pop-up menu. From the resulting dialog, define a new source whose name is TSM.
    2. From the TME desktop, select Event Groups from the EventServer pop-up menu. From the resulting dialog, define a new event group for TSM and a filter that includes event classes IBMTSMSERVER_EVENT and IBMTSMCLIENT_EVENT.
    3. From the event console icon, select the Assign Event Group pop-up menu item and assign the new event group to the event console.
    4. Double-click on the event console icon to start the configured event console.
  3. Enable events for logging to the Tivoli receiver. For example, to enable all severe and error server events, enter:
    enable events tivoli severe,error
    
  4. In the server options file (dsmserv.opt), specify the location of the host on which the Tivoli server is running. For example, to specify a Tivoli server at the IP address 9.114.22.345:1555, enter the following:
    techostname 9.114.22.345
    tecport 1555
    
  5. Begin event logging for the Tivoli receiver. You do this in one of two ways:

For details about the server options shown, see Administrator's Reference.

Logging Events to an SNMP Manager

You can use the simple network management protocol (SNMP) together with event logging to do the following:

The management information base (MIB) shipped with TSM defines variables with which to run server scripts and return the results. The server runs these scripts under an administrative client, SNMPADMIN, that you must register. A password is not required for the subagent to communicate with the server and run scripts. However, an SNMP password (community name) is required to access the SNMP agent, which forwards the request to the subagent. Also, you should define a password for SNMPADMIN to prevent access to the server from unauthorized users.

Note:Because the SNMP environment has weak security, you should consider not granting SNMPADMIN any administrative authority. This restricts SNMPADMIN to issuing TSM queries.

SNMP SET requests are accepted for the name and input variables associated with the script names stored in the MIB by the SNMP subagent. This allows a script to be run by running a GET request for the ibmAdsm1ReturnValue and ibmAdsm2ReturnValue variables. A GETNEXT request will not cause the script to be run. Instead, the results of the previous script processed will be retrieved. When an entire table row is retrieved, the GETNEXT request is used. When an individual variable is retrieved, the GET request is used.

Here is a sample TSM configuration with SNMP:

  1. A TSM server on System A communicates with a subagent on system B.
  2. The subagent on System B communicates with an agent on system C, which forward traps to a Netview system.
  3. System D runs a TSM server that also uses the subagent on system B.
  4. System B also has a TSM server that uses the subagent on system B.

To run an arbitrary command from an SNMP management application, for example NetView, follow these steps:

  1. Choose the name and parameters for a TSM script.
  2. Use the application to communicate with the SNMP agent. This agent changes the TSM MIB variable for one of the two script names that the TSM subagent maintains. The SNMP agent also sets the parameter variables for one of the two scripts.
  3. Use the application to retrieve the variable ibmAdsmReturnValue1.x or ibmAdsmReturnValue2.x, where x is the index of the server that is registered with the subagent.

To set the variables associated with the script, the nodes on which the subagent and the agent are run must have read-write authority to the MIB variables. This is done through the SNMP configuration process on the system that the SNMP agent runs on. For example, here is the SNMP configuration screen:

Figure 71. IBM SNMP Configuration Screen

SNMP Configuration Screen

An SNMP agent is needed for communication between an SNMP manager and its managed systems. The SNMP agent is accomplished through the snmpd daemon, and the Distributed Protocol Interface (DPI) Version 2 is an extension of this SNMP agent.

TSM management through SNMP requires additional information in the MIB of the local agent. Therefore, an SNMP agent supporting DPI Version 2 must be used to communicate with the TSM subagent. This SNMP agent is not included with TSM. IBM makes the SystemView agent available for Windows NT, Windows 95, and AIX. The TSM subagent is included with TSM and, before server startup, must be started as a separate process communicating with the SNMP agent.

The SNMP manager system can reside on the same system as the TSM server, but typically would be on another system connected through SNMP. The SNMP management tool can be any application, such as NetView or Tivoli, that can manage information through SNMP MIB monitoring and traps. The TSM server system runs the processes needed to send TSM event information to an SNMP management system. The processes are:

Cross-system support for communication between the server and subagent is not supported, and these products must be installed and run on the TSM server system. Figure 72 illustrates a typical TSM implementation:

Figure 72. TSM SNMP Implementation

TSM SNMP

Figure 73 shows how the communication for SNMP works in a TSM system:

Figure 73. Manager-Agent-Subagent Communication

Manager-Agent-Subagent Communication

Notes:

  1. You can start dsmsnmp and the server in any order. However, starting dsmsnmp first is more efficient in that it avoids retries.

  2. The MIB file name is adsmserv.mib.

  3. mib2adsm.tbl is for concatenating to mib2.tbl for Windows NT SystemView agents.

Procedure for Setting up NetView for Windows NT

Follow this sequence for setting up NetView for Windows NT:

  1. Install the Microsoft SNMP agent.
  2. Re-apply the Windows NT Service Pack 3.
  3. Install NetView.
  4. Disable SNMP service.
  5. Install the SystemView agent.

Configuring Tivoli Storage Manager SNMP

The Tivoli Storage Manager SNMP set up procedure is illustrated by Figure 74:

Figure 74. Tivoli Storage Manager SNMP Set Up

Tivoli Storage Manager SNMP Set Up

To set up TSM monitoring through SNMP, do the following:

  1. Modify server options file (dsmserv.opt) to specify the SNMP communication method. Figure 75 displays an example of a SNMP communication method setting in the server options file. For details about the other options, see Administrator's Reference.

    Figure 75. Example of SNMP Communication Method Options


    commmethod                  snmp
       snmpheartbeatinterval    5
       snmpmessagecategory      severity         
    
  2. Install, configure, and start the SNMP agent as described in the documentation for that agent. The SNMP agent must support the DPI Version 2.0 standard. For example, the AIX SystemView agent is configured by customizing the file /etc/snmpd.conf. A default configuration might look like this:
    logging    file=/var/snmp/snmpd.log  enabled                      
    logging    size=0  level=0                                        
    community  public                                                
    community  private 127.0.0.1   255.255.255.255 readWrite         
    community  system  127.0.0.1   255.255.255.255 readWrite  1.17.2 
    view       1.17.2 system enterprises view                         
    trap       public  <snmp_manager_ip_adr>   1.2.3 fe             
    snmpd      maxpacket=16000 smuxtimeout=60                         
    smux       1.3.6.1.4.1.2.3.1.2.2.1.1.2 public                         
    

    where <snmp_manager_ip_adr> is the IP address of the system running the SNMP management application.

    Before starting the agent, ensure that the DPI agent has been started and not the default SNMP agent that ships with the operating system or with TCP/IP. If you are using the SystemView agent, you must set the SVA_SNMPD environment variable to ensure that the correct agent is started. You can set the variable to any value. For example, on AIX (korn shell) use the following export command:

    # export SVA_SNMPD="active"
    

    Then run svastart.

  3. Start TSM SNMP subagent through the dsmsnmp executable.
  4. Start the TSM server to begin communication through the configured TCP/IP port with the subagent.
  5. Begin event logging for the SNMP receiver, and enable events to be reported to SNMP. For example, issue the following commands:
    begin eventlogging snmp  
    enable event snmp all                                      
    
  6. Define the TSM SNMP MIB values for the SNMP manager to help format and display the TSM SNMP MIB variables and messages. The adsmserv.mib file ships with the TSM server and must be loaded by the SNMP manager. For example, when you run NetView for OS/2 as an SNMP manager, the adsmserv.mib file is copied to the \netview_path\SNMP_MIB directory and then loaded through the following command:
    [C:\] loadmib -load adsmserv.mib
    

Logging Events to the Windows NT Event Log

The Windows NT event log lets you display enabled events in the Windows NT Application Log in the Windows NT Event Viewer. The information displayed includes:

To enable severe and error events for logging on the Event Log, you must first issue the following command:

enable events nteventlog severe,error 

Enterprise Event Logging: Logging Events to Another Server

One or more servers can send server events and events from their own clients to another server for logging. Tivoli Storage Manager provides a receiver at the sending server that receives the enabled events and routes them to a designated event server. At the event server, an administrator can enable one or more receivers for the events being routed from other servers. Figure 76 shows the relationship of a sending TSM server and a TSM event server.

Figure 76. Server to Server Event Logging

Event Logging Overview

The following scenario is a simple example of how enterprise event logging can work.

One or more servers can send events to an event server. An administrator at the event server enables the logging of specific events from specific servers. In the previous example, SERVER_A routes severe, error, and warning messages to SERVER_B. SERVER_B, however, logs only the severe and error messages. If a third server sends events to SERVER_B, logging is enabled only if an ENABLE EVENTS command includes the third server. Furthermore, the SERVER_B determines the receiver to which the events are logged.

Attention: It is important that you do not set up server-to-server event logging in a loop. In such a situation, an event would continue logging indefinitely, tying up network and memory resources. TSM will detect such a situation and issue a message. Here are a few configurations to avoid:

Querying Event Logging

The QUERY ENABLED command displays a list of server or client events that are enabled or disabled by a specified receiver. Because the lists of enabled and disabled events could be very long, TSM displays the shorter of the two lists. For example, assume that 1000 events for client node HSTANFORD were enabled for logging to the user exit and that later two events were disabled. To query the enabled events for HSTANFORD, enter:

query enabled userexit nodename=hstanford

The output would specify the number of enabled events and the message names of disabled events:

998 events are enabled for node HSTANFORD for the USEREXIT receiver.
The following events are DISABLED for the node HSTANFORD for the USEREXIT
receiver:
 ANE4000, ANE49999

The QUERY EVENTRULES command displays the history of events that are enabled or disabled by a specific receiver for the server or for a client node.

query enabled userexit nodename=hstanford


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]