-
User Guide for IP Telephony Monitor
-
Index
-
Preface
-
Introduction
-
Getting Started with ITM
-
Using the Alerts and Activities Display
-
Using Device Management
-
Using IP Phone Information Facility
-
Displaying IPT Security Details
-
Using IP Phone Reachability Testing
-
Using SRST Monitoring Management
-
Using Notification Services
-
Using Fault History
-
Using Phone Monitoring
-
Using ITM Multi-View
-
Configuring and Administering ITM Multi-View
-
Configuring and Administering ITM
-
Managing Groups
-
Configuring Views for the Alerts and Activities Display
-
Configuring Polling and Thresholds
-
Configuring Confidence Tests
-
Administering ITM
-
MIBs Polled
-
Processed and Pass-through Traps, and Unidentified Traps and Events
-
Notification MIB
-
Events Processed
-
Working with Voice Application Systems and Software
-
Polling�SNMP and ICMP
-
How ITM Calculates Repeated Restarts and Flapping
-
ITM Support for SNMP MIBs
-
Table Of Contents
Getting Started with Fault History
Starting Fault History from the Alerts and Activities Display
Generating a 24-Hour Report on All Alerts in the Current View
Generating a 24-Hour Report on All Events on a Device Component
Starting Fault History from the CiscoWorks Navigation Tree
Getting All Stored Information on an Alert
Getting All Stored Fault History on an Event
Understanding the Fault History: Alerts and Activities Display
Understanding the Fault History: Events Display
Using Fault History
These topics explain how to use IP Telephony Monitor (ITM) Fault History:
•
Getting Started with Fault History
•
•
Getting Started with Fault History
Fault History allows you to store and view the history of ITM events and alerts from the past 31 days. The stored history includes alert information and annotations (informational text that you enter), and event information and properties (for example, the values of MIB attributes at the time of the event, polling and threshold information, and utilization information). For an example of what kind of information Fault History displays, see Figure 10-1 and Figure 10-3.
You can also customize the names of events displayed by Fault History (and the Alerts and Activities display) using the Notification Customization feature in Notification Services. (This feature is available if you have downloaded and installed Incremental Device Update (IDU) 4 from the ITM download site: http://www.cisco.com/pcgi-bin/tablebuild.pl/item-3des.) For more information, refer to the "Customizing the Names of ITM Events" section.
You can start Fault History in one of two ways:
•
•
If Fault History finds more than 2,000 records while generating a report, a popup window tells you the total number of records found. The Fault History displays can show up to 2,000 records as a table you can scroll or page through. If your report exceeds 2,000 records and you want to view all of them, you can use the Export tool button to save all of the information to a CSV or PDF file.
You can use Fault History to generate customized tabular displays of specific alerts, specific events, event dates, event severity, and so forth. You might want to generate a Fault History report when:
•
•
•
Note
The Fault History database is stored at NMSROOT\databases\itemFH\itemFH.db. The database stores a maximum of 31 days of data and is purged according to the ITM database purging schedule (see the "Configuring the Daily Purging Schedule" section.)
Starting Fault History
ITM provides two starting points from which you can generate Fault History reports:
•
•
Starting Fault History from the Alerts and Activities Display
Start Fault History from the Alerts and Activities display to create a 24-hour report on:
•
•
Generating a 24-Hour Report on All Alerts in the Current View
To create a report on all the alerts that have occurred in your current view in the past 24 hours, start Fault History from the window tools area in the Alerts and Activities display. (See Figure 3-1.)
Step 1
Step 2
Step 3
Step 4
The Fault History: Alerts and Activities display appears. The "Understanding the Fault History: Alerts and Activities Display" section describes the report contents.
Step 5
If Fault History finds more than 2,000 records based on your search criteria, you can view all of the reports by clicking the Export button (in the upper-right corner of the display) and saving your report to a PDF or CSV file.
Generating a 24-Hour Report on All Events on a Device Component
To create a report on all events that have occurred on a specific device component in the past 24 hours, use the Fault History tool in the Alerts and Activities Detail display.
Step 1
Step 2
Locate the device component in which you are interested, and select Fault History from the list in the Tools column (see Figure 3-8 for an example). If Fault History finds more than 2,000 records, a pop-up window reports the total number of records found.
The Fault History: Events display appears. The "Understanding the Fault History: Events Display" section describes the display contents.
Step 3
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and saving your report to a PDF or CSV file.
Starting Fault History from the CiscoWorks Navigation Tree
To gather historical information on alerts and events in the past 31 days, start Fault History from the CiscoWorks navigation tree by selecting IP Telephony Monitor > Fault History. The following topics explain how you can apply filters and generate reports based on all of the saved information in the Fault History database:
•
•
Getting All Stored Information on an Alert
Fault History provides the following methods for searching for alerts that are in the saved Fault History database:
•
•
•
Searching for Alerts by Alert ID
To determine how often a specific alert has occurred, search for the alert by its alert ID. The alert ID is displayed in the Alerts and Activities display.
Step 1
Step 2
a.
b.
c.
Step 3
The Fault History: Alerts and Activities display appears. (See "Understanding the Fault History: Alerts and Activities Display" section for an explanation of the display contents.)
Step 4
If Fault History finds more than 2,000 records based on your search criteria, you can view them by clicking the Export button (in the upper-right corner of the display) and saving your report to a PDF or CSV file.
Searching for Alerts by Device
Use this procedure to determine what types of alerts are occurring on a specific device.
Step 1
Step 2
a.
Note
b.
c.
Step 3
The Fault History: Alerts and Activities display appears. (See "Understanding the Fault History: Alerts and Activities Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Searching for Alerts by Group
To determine what kind of alerts are occurring in a specific group, use this procedure.
Step 1
Step 2
a.
b.
c.
Step 3
The Fault History: Alerts and Activities display appears. (See "Understanding the Fault History: Alerts and Activities Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Getting All Stored Fault History on an Event
Fault History provides the following methods for searching for alerts that are in the saved Fault History database:
•
•
•
•
If you have downloaded and installed Incremental Device Update (IDU) 4, you can customize the event names used by ITM.
Searching for Events by Event ID
To determine how often a specific event has occurred, search for the event by its event ID. The event ID is displayed on the Alerts and Activities Detail display.
Remember that an event ID is not the same thing as the event codes provided by Notification Services in IDU 4. For more information, refer to the "Customizing the Names of ITM Events" section.
Step 1
Step 2
a.
b.
Step 3
The Fault History: Events display appears. (See "Understanding the Fault History: Events Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Searching for Events by Device
Use this procedure to determine what types of events are occurring on a specific device.
Step 1
Step 2
a.
Note
b.
c.
Step 3
The Fault History: Events display appears. (See "Understanding the Fault History: Events Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Searching for Events by Alert ID
To view the events that correspond to a specific alert, use this procedure.
Step 1
Step 2
a.
b.
c.
Step 3
The Fault History: Events display appears. (See "Understanding the Fault History: Events Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Searching for Events by Group
To determine what types of events are occurring in a specific group, use this procedure.
Step 1
Step 2
a.
b.
c.
Step 3
The Fault History: Events display appears. (See "Understanding the Fault History: Events Display" section for an explanation of the display contents.)
Step 4
If Fault History found more than 2,000 records based on your search criteria, you can view all of the reports found by clicking the Export button (in the upper-right corner of the display) and save your report to a PDF or CSV file.
Understanding the Fault History: Alerts and Activities Display
The Fault History: Alerts and Activities display is shown in Figure 10-1. You can generate this display as described in these sections:
•
•
The tabular display is a scrollable table that lists up to 2,000 records, based on your filtering criteria. If you want to view database contents beyond the 2,000 records, click the Export tool button in the upper-right corner.
Figure 10-1 Fault History: Alerts and Activities Display
The Fault History: Alerts and Activities display provides two tools, as shown in Table 10-1.
Table 10-2 describes the contents of the Fault History: Alerts and Activities tabular display.
Table 10-2 Fault History: Alerts and Activities
Tabular Display—ContentsAlert identifier number. Clicking this link opens the Fault History: Events display (see Figure 10-3), which contains details about the events associated with the alert.
Device name or IP address.
Device type. Learning indicates that ITM was discovering the device at the time of the alert. The actual device type is reflected when new events occur. For more information, see "Using Device Management."
Alert category, one of the following: Application, Connectivity, Environment, Interface, Other, Reachability, System Hardware, Utilization. For alerts containing multiple events, the tabular display shows the category of the event with the most recent change.
For alerts containing multiple events, the display shows the category of the event with the most recent change.
Critical, Warning, or Informational.
Date and time when the alert was generated.
Alert status, based on last polling.
Active
Alert is live.
Cleared
Alert is no longer live. Also, when a device is suspended, all alerts are cleared. When ITM polling determines that the alarm has been in the Cleared state for 30 minutes or more (from the time of polling), the alarm expires and is removed from the Alerts and Activities display.
Acknowledged
Alert was manually recognized by a user (from Alerts and Activities Detail display).
Figure 10-2 shows an alert annotation page, which lists any information users have entered using the Alerts and Activities Detail page. For more information, see the "Starting the Alerts and Activities Detail Page" section.
Figure 10-2 Alert Annotation Page
Understanding the Fault History: Events Display
The Fault History: Events display is shown in Figure 10-3. This display is generated as described in these sections:
•
•
The tabular display is a scrollable table that lists up to 2,000 records, based on your filtering criteria. If you want to view database contents beyond the 2,000 records, click the Export tool button in the upper-right corner.
Figure 10-3 Fault History: Events Display
The Fault History: Events display provides two tools, described in Table 10-3.
Table 10-3 Fault History: Events Display—Window Tools Buttons
Exports the current tabular display to a PDF file.
Opens a printer-friendly version for printing.
Table 10-4 describes the contents of the Fault History: Events tabular display.
Table 10-4 Fault History: Events Tabular Display—Contents
Event identifier number. Clicking this link opens the event properties page (see Figure 10-4), which describes the value of MIB attributes at the time of the event.
Device name or IP address.
Device element on which the event occurred.
ITM event name (as described in "Events Processed"). You can also customize the names of events displayed by Fault History (and the Alerts and Activities display) using the Notification Customization feature in Notification Services (provided in IDU 4). For more information, refer to the "Customizing the Names of ITM Events" section.
Date and time when the event was generated.
Event status, based on last polling.
Active
Event is live.
Cleared
Event is no longer live. Also, when a device is suspended, all alerts are cleared. When ITM polling determines that an alarm has been in the Cleared state for 30 minutes or more (from the time of polling), the alarm expires and is removed from the Alerts and Activities display.
Suspended
Device is suspended.
Resumed
Device is being resumed.
Deleted
Device has been deleted.
Alert identifier number associated with this event.
Figure 10-4 shows the event properties page, which lists more information about an event; for example, the value of MIB attributes at the time of the event, polling and threshold information, and utilization information.
Figure 10-4 Event Properties Page
