Table of Contents
The NATkit Utilities Drawer
The tools in the NATkit Utilities drawer consist of several view and control functions. You can configure the Device Identification Manager (formerly Seed File Maintenance), Download Manager (formerly the Download Initializer), Launchpad, and Purge Data Manager (formerly the Purge Manager). You can also view log and error reports, the Event Dispatcher, as well as view and change the NATkit Scheduler (Task Manager).
Note Most of the functions found in the NATkit Utilities drawer originally resided in either the View or Control sections of NATkit 1.6.
The following tools can be found in the NATkit Utilities drawer:
- Device Identification
- Download Manager
- Errors and Logs
- Event Manager
- Launchpad
- Purge Data Manager
- Task Manager
This tool allows you to view, import, and export all devices currently installed by using the following tools:
- Current Devices
- Import Devices Now
NATkit only collects data on network devices it knows about and the Device Identification Manager (DIM) is used to specify or display those devices. The NATkit Device View screen shows you which devices NATkit knows about, along with additional information such as system object identification and a brief description of the device and its type.
In addition, a summary of all devices found can be displayed. In the following example, 11 routers, 2 switches, and 28 WAN switches were found.
The Device Name, sysObjectID, Description, and Type are listed for each device found.
The Device Name and Type of any WAN switch found is also listed.
Use this tool to import all devices from RME.
The Download Manager tool allows you to specify which data is downloaded daily to Cisco. Doing so enables NSA engineers to monitor your Cisco network devices for any glitches.
There are eight categories of data for download. The default is to download no data (all eight boxes are unchecked) for all devices. Data is downloaded to Cisco 60 minutes after your daily report is run (between 12:00a.m. and 4:00a.m. local time).
You can also specify the number of download attempts for an entire configuration. Choose Once, Twice, Three Times, or Four Times.
NATkit creates logs and error reports for all the tasks it carries out. Each tool (SNMP Poller, Syslog, Device Availability, Configuration Collector, System Logs, Audits, WAN Switches, and Transient) has a corresponding error report and message log.
The error reports list any problems encountered while data was collecting. The message logs track various data collection events, depending on the log of whatever tool you are viewing.
In addition to each tool, there is an error report and message log for NATkit system processes that collects similar information. The following are the different log and error reports available
:
- Logging and Error Rotation --- When a message log or error report file reaches a configurable size, newer data is collected and older data is rotated out of the file. The default size for log and error files is configured by NATkit support personnel. Please contact them (natkit-support@cisco.com) for specific information.
- Reporting Levels --- There are five levels of message and error reporting, from level 1 (Catastrophic) to level 5 (Debugging). As the reporting level increases (level 1 is lowest), the amount of information collected and saved for each error or log message grows.
Each error report and message log follows a similar, tabular format. Information for each recorded event includes:
- PRI---a reporting (priority) level (see previous section)
- Timestamp---the date the event was recorded
- Message---the event message
- Task ID
The following shows an example of the above:
When a Syslog filter detects the specified Syslog event, the Event Dispatcher allows you to invoke the default correlation, custom correlation, or no correlation settings specified when you scheduled the Syslog filter task.
When an SNMP Poller profile polls a device variable that exceeds its threshold value, the Event Dispatcher invokes the custom correlation settings you specified when you created the profile.
The Event Dispatcher also performs rate limiting while receiving individual events. This process prevents the Event Dispatcher from starting the actions repetitively. For more information on Rate Limiting, refer to the online help in RME and NATkit.
The Event Dispatcher also displays the statistics for each event and provides the ability to clear statistics.
The following are the SNMP Poller profile event statistics fields:
- DeviceName---The device to which the message applies. An asterisk (*) indicates all devices.
- ProfileName---The profile to which the message belongs. This is the name of the scheduled SNMP Poller profile.
- VariableName---The name of the variable being monitored. If this variable exceeds a certain value, a message is sent to the Event Dispatcher, which takes the action programmed at the time of scheduling.
- Threshold---Indicates the rate limiting programmed for the message. Units are
S-seconds.
- No_of_Hits---The number of times the message or a matching message was received.
- Times_Action_Taken---The number of times action was taken against this message.
- Start_Time---The time statistics started collecting for this message.
- Last_Message_Time---The latest time at which the message was received.
The following fields describe Syslog filter event statistics:
- ProcName---The name of the Syslog filter task to which the message belongs.
- MajorComponent---The facility code of the Syslog event.
- Severity---The severity level of the message.
- Mnemonic---The Syslog message mnemonic.
- Description---The description of the Syslog message received.
- Rate, Unit---These indicate the rate limiting programmed for the message. Units are S - seconds, M - minutes and H - hours.
- Action---This is a link to the action programmed for the described message. Action could be a combination of one or more of the following:
- Device data-gathering commands
- Data analysis commands
- Email notification
- Run a NATkit specific command
- Delete---This marks the message for deletion. When the Delete button is pressed, the messages marked are deleted.
The Clear Statistics button lets you reset statistics information for Syslog and SNMP Poller profiles.
The View Event Messages screen displays separate tables for your Syslog filter tasks and SNMP Poller profiles that are currently handled by the Event Dispatcher. These tables provide information about each filter task or SNMP Poller profile you have created. You may have deactivated these events---that is, they are not scheduled to run---but the Event Dispatcher still knows about them.
The following fields describe SNMP Poller profiles:
- DeviceName---The device to which the message applies. An asterisk (*) indicates all devices.
- ProfileName---The profile to which the message belongs. This is the name of the scheduled SNMP Poller profile.
- VariableName---The name of the variable being monitored. If this variable exceeds a certain value, a message is sent to the Event Dispatcher, which takes the action programmed at the time of scheduling.
- Rate, Unit---The Rate and Unit fields indicate the rate limiting programmed for the message. Units are S - seconds, M - minutes, and H - hours.
- Action---This is a link to the action programmed for the described message. Action could be a combination of one or more of the following:
- Device data-gathering commands
- Data analysis commands
- E-mail notification
- Run a NATkit-specific command
- Delete---This field marks the message for deletion. When the Delete button is pressed, the messages marked are deleted.
Note This delete action is the same as deleting an SNMP Poller profile using the Change Task Status function.
The following fields describe a Syslog filter task:
- ProcName---The name of the Syslog profile to which the message belongs.
- MajorComponent---The facility code of the Syslog message.
- Severity---The severity level of the message.
- Mnemonic---The syslog message mnemonic.
- Description---The description of the Syslog message received.
- Rate, Unit---The Rate and Unit fields indicate the rate limiting programmed for the message. Units are S - seconds, M - minutes, and H - hours.
- Action---This is a link to the action programmed for the described message. Action could be a combination of one or more of the following:
- Device data-gathering commands
- Analysis Commands
- E-mail notification
- Run a NATkit-specific command
- Delete---This field marks the message for deletion. When the Delete button is pressed, the messages marked are deleted.
Note This delete action is the same as deleting an SNMP Syslog profile using the Change Task Status function.
Various information is collected and stored in NATkit, including: availability, configuration, daily syslog, and inventory. Once the information is stored, NATkit provides different ways for the user to view the data. Launchpad is one of them.
Most data views in NATkit are defined by data type. For example, you can view inventory data or configuration data. Device Launchpad provides a way to view multiple data types.
You can view the following types of data from the Device Launchpad screen:
Note Only data you have scheduled for collection can be viewed.
- Daily Syslog---Provides a 24-hour snapshot of any data collected by your scheduled Syslog profiles.
- Latest configuration---If you have used the Config Scheduler to collect device configuration data, you can view the latest data collected through Launchpad.
Note The latest configuration data screen is only available to trusted users.
- Login information---The login information screen is unique to Launchpad. The information displayed on this screen is collected from the data you entered using the Device Identification Manager tool and inventory data. It provides the following information:
- Domain name of the specified device
- Login String (both the login name and the login password)
- Read community string
- Write community string (if available)
Note Login Information is only available to trusted users.
- Availability in the last 8 hours---Displays availability data from a scheduled availability task for the past 8 hours.
- Availability in the last 24 hours---Displays availability data from a scheduled availability task for the past 24 hours.
- DNM Aliases---Lists all aliases (including IP addresses) that exist for the selected device.
- Device Telnet---The Telnet link launches your Telnet client and connects you to the specified device.
The Launchpad screen is divided into four frames. The top left frame lets you choose the list of devices available in the lower left frame.
The top right frame provides controls for viewing the following data types:
The Purge Data Configuration form allows you to specify the number of days' worth of data stored in NATKit each time the data is purged. For example, if you set the Syslog module to 14 days, every two weeks all Syslog data stored in NATkit will be removed except for the last 14 days. You can set a purge time for the following modules:
The NATKit Scheduler schedules new tasks, starts and ends tasks on time, and deletes the task context when instructed to do so. The scheduler is also responsible for checking resource availability before starting a task. It also maintains statistics for how many times the task got started and whether it ended sucessfully.
The terms "task" and "profile" are used somewhat interchangeably. A task such as an inventory task or availability task may be scheduled. A profile is a configurable task. Only Syslog tasks and SNMP Poller tasks are configurable, hence they are called, respectively, Syslog Reporter profiles and SNMP Poller profiles.
In addition to scheduled tasks and profiles such as inventory, configuration, availability, Syslog, and poller, Scheduler also maintains NATkit system tasks. These include:
- Device Access Verifier---Verifies device SNMP read-only/read-write community strings and log in strings (password, enable password, TACACS user name, and so on).
- Garbage Collector---Periodically clears temporary files from directories.
- Navail Correlation---Correlates any outage that occurred in the network (being monitored by the Network Availability Monitor) with other activities that occurred on the network during the outage window. These activities are Syslog messages received, configuration changes, and inventory changes.
- Downloader---Schedules the Download Manager to send data back to Cisco.
- Essentials Device Import---Extracts device names from RME and imports them into NATkit database.
- Daily Reports---Creates a report summarizing all activities in the last 24 hours.
- Netsys Integration---Parses the configuration data to find catastrophic and informational messages.
- Purger---Purges data dependencies on purge configurations.
Each row in the Scheduler represents a task and its properties:
- TASK #---TASK ID assigned by the Scheduler.
- TASK NAME---Nickname of the task. If the task or profile is one that you have scheduled, it is the name you assigned the task. Click a task name to view detailed information it.
- TASK MODULE---Type of task, for example, poller or system task.
- STATUS---The status of a task is either ON (activated) or OFF (deactivated).
- LAST EXECUTE TIME---The last ending time for this task.
- START TIME---The starting time for this task.
- END TIME---The ending time for this task.
- PERIODIC TIME---The task execution frequency.
- NEXT START TIME---The next time the task is scheduled for execution.
- CHILD PIDS---The process IDs of the child processes, if any, for the task at the instant when the view scheduler was executed.
Posted: Wed Dec 15 14:15:18 PST 1999
Copyright 1989-1999©Cisco Systems Inc.
