- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- PCM+ 3.2
Switches, Hubs, and Modems
1753544
Members
5929
Online
108795
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2011 03:13 AM
05-31-2011 03:13 AM
PCM+ 3.2
Hi,
We have a new install of this software which is fully functional...
I would like to understand how the initial events appear in PCM and how to get them back after deletion!! ^_^
Basically we left it running and it picked up all our devices, and retrieved a load of historical information which had obviously been held on the switches...
We simply deleted this info from the events view of PCM... however the switches still seem to have the events in their event log.. is this correct? How does PCM get all the historical events (I understand real time traps va SNMP)...
And if so how can I get this back into PCM? I have attempted to delete and rediscover etc...
Also are things like alert counts etc... read from the device (And therefore lost on switch reboot?)...
We have a new install of this software which is fully functional...
I would like to understand how the initial events appear in PCM and how to get them back after deletion!! ^_^
Basically we left it running and it picked up all our devices, and retrieved a load of historical information which had obviously been held on the switches...
We simply deleted this info from the events view of PCM... however the switches still seem to have the events in their event log.. is this correct? How does PCM get all the historical events (I understand real time traps va SNMP)...
And if so how can I get this back into PCM? I have attempted to delete and rediscover etc...
Also are things like alert counts etc... read from the device (And therefore lost on switch reboot?)...
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2011 10:48 AM
05-31-2011 10:48 AM
Re: PCM+ 3.2
Greetings,
PCM doesn't mine historical events, but it does generate events from incoming SNMP traps and it also scrapes syslog data from devices. What you see in terms of these tabs depends upon what context you've selected in the navigation tree on the left side of the PCM screen. If you select a specific device you will have a "Device Syslog" tab to view, plus an "Events" tab that shows only events attributed to the selected device. If you select a device group or the Devices node itself you will see an "Events" tab that contains all events associated with the devices under the selected node. Finally, selecting the "Network Management Home" node of the tree will show you the device events *and* events generated by PCM components too, such as policy firings. I mention this only so you can be sure you're mindful of the scope of events displayed at each node of the tree.
The other behavior you should be aware of is that PCM can keep only 500k events in its DB for scalability reasons. The others are archived to .zip files that you can view by selecting the "Archived Events" button on the "Events" tab; as far as I can tell the view that comes up is not tied to the selected node in the navigation tree. In the archived event view, you can see the events that have "phased out" of the 500k slots in the DB. Hopefully you will find your missing events here.
You can control how events are retained in the DB versus which are archived using the menu choice "Tools"->"Preferences" and clicking on the "Events" node. Here you can control the mix of event severities that are retained in the DB, can control the types of events that are archived (SNMP vs. PCM events), how many days old they can be until they're archived, and how large to let the archive store grow on disk.
If you have NIM running you may want to "tune" it a bit as it may be generating a lot of security events. You can add exemptions to its whitelist so that it doesn't flag suspicious traffic patterns to/from expected nodes like network management stations, DNS servers, printers, etc. A little time invested here can go a long way in terms of reducing "false positive" events that will run through your 500k DB slots pretty quickly.
Regards,
SVB
PCM doesn't mine historical events, but it does generate events from incoming SNMP traps and it also scrapes syslog data from devices. What you see in terms of these tabs depends upon what context you've selected in the navigation tree on the left side of the PCM screen. If you select a specific device you will have a "Device Syslog" tab to view, plus an "Events" tab that shows only events attributed to the selected device. If you select a device group or the Devices node itself you will see an "Events" tab that contains all events associated with the devices under the selected node. Finally, selecting the "Network Management Home" node of the tree will show you the device events *and* events generated by PCM components too, such as policy firings. I mention this only so you can be sure you're mindful of the scope of events displayed at each node of the tree.
The other behavior you should be aware of is that PCM can keep only 500k events in its DB for scalability reasons. The others are archived to .zip files that you can view by selecting the "Archived Events" button on the "Events" tab; as far as I can tell the view that comes up is not tied to the selected node in the navigation tree. In the archived event view, you can see the events that have "phased out" of the 500k slots in the DB. Hopefully you will find your missing events here.
You can control how events are retained in the DB versus which are archived using the menu choice "Tools"->"Preferences" and clicking on the "Events" node. Here you can control the mix of event severities that are retained in the DB, can control the types of events that are archived (SNMP vs. PCM events), how many days old they can be until they're archived, and how large to let the archive store grow on disk.
If you have NIM running you may want to "tune" it a bit as it may be generating a lot of security events. You can add exemptions to its whitelist so that it doesn't flag suspicious traffic patterns to/from expected nodes like network management stations, DNS servers, printers, etc. A little time invested here can go a long way in terms of reducing "false positive" events that will run through your 500k DB slots pretty quickly.
Regards,
SVB
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP