HPE Community
Operating System - HP-UX
1833852 Members
2269 Online
110063 Solutions
New Discussion

Re: Easy EMS Question

 
Tim Medford
Valued Contributor

‎02-25-2003 09:29 AM

‎02-25-2003 09:29 AM

Easy EMS Question

Most of the monitors in our EMS are set up with the following configuration:

For /storage/events/disks/default/0_0_1_1.2.0:
Events >= 1 (INFORMATION) Goto TEXTLOG; file=/var/opt/resmon/log/event.log
Events >= 3 (MAJOR WARNING) Goto SYSLOG
Events >= 3 (MAJOR WARNING) Goto EMAIL; addr=root
Events = 5 (CRITICAL) Goto TCP; host=saifprod.corp.saif.com port=64698


My question is on the Critical warnings, what exactly does it mean to say they are logged to a TCP port?

I'm not a networking expert, but is there supposed to be something listening on port 64698? I do not see anything listed in /etc/services or when I run a netstat command.

Thanks,
Tim
0 Kudos
Reply
6 REPLIES 6
Christopher Caldwell
Honored Contributor

‎02-25-2003 09:41 AM

‎02-25-2003 09:41 AM

Re: Easy EMS Question

Can't completely help you but ...

You don't have to have an entry in /etc/services to listen on a port - some apps check for an entry in /etc/services, some don't.

I've found that with the EMS/ServiceGuard stuff, things tend to listen on all manner of ports - the ports are somewhat unpredictable.

If you run netstat -an | grep LISTEN, you should get everything that's listening.

If something's not listening on an expected port, the something may not be running.

0 Kudos
Reply
S.K. Chan
Honored Contributor

‎02-25-2003 09:52 AM

‎02-25-2003 09:52 AM

Re: Easy EMS Question

EMS uses or open ports by itself when it starts up so that processes like psmond can make use of them. I don't think you can find which processes (in the case say "psmond") listen to which port unless you have the "lsof" tool. In your case port 64698 is "just another port opened by EMS".
0 Kudos
Reply
Tim Medford
Valued Contributor

‎02-25-2003 11:15 AM

‎02-25-2003 11:15 AM

Re: Easy EMS Question

Thanks for the replies. Let me clarify my question a bit. I'm not so much concerned about what is listening on that port as what will happen if a critical error ever does occur?

I can understand things being logged to the syslog, and emails being sent to root, but I don't know where to go or what to look at if a critical error occurs since it will be sending the message to some TCP port?

Hopefully this makes some sense.

Thanks again
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎02-25-2003 11:23 AM

‎02-25-2003 11:23 AM

Re: Easy EMS Question

The event number 5 ie CRITICAL will go to ..
1- the "event.log" file
2- the "syslog.log" file
3- root's email
4- console ( I think .. )
The first 3 is guaranteed because of the event number 5 is .. > 1 and > 3.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-25-2003 02:38 PM

‎02-25-2003 02:38 PM

Re: Easy EMS Question

Hi,

On the host saifprod.corp.saif.com, you will need to write a socket program that can accept messages through the TCP port 64698 on the box.

On the local box, EMS will send messages to the remote host with the destination port as 64698.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Andrew Merritt_2
Honored Contributor

‎02-26-2003 02:13 AM

‎02-26-2003 02:13 AM

Re: Easy EMS Question

Tim,
I think the answer you are looking for is that the 'Goto TCP' line is for determining when psmctd will be notified that a resource has gone to the 'DOWN' state. When a CRITICAL event is logged by disk_em, psmctd will be one of the recipients of the notification, and will notify psmmon that the device is now Down. The event in this case is sent via a TCP connection.

CRITICAL is the default level of event that will mark a device as down, but that can be configured in the psmcfg file for a monitor.

See the EMS Hardware Monitors User's Guide (B6191-90028) for some more details on the Peripheral Status Monitor (psmmon).

http://www.docs.hp.com/hpux/diag/index.html
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.