Comware

I am new to the world of PCM+, having only a trial copy and am trying to wrap my mind around this to decide if it is worth the coin to license it.

Under Events, I cannot seem to set a filter that excludes only one that includes. For example, I am trying to reduce the noise by filtering out some but not all of the informational like "SNTP". I really don't need to be notified every time the clocks update. Maybe a future version could have rules to combine and replace alerts and the four rudimentary filters.

If someone clears the password by pushing the Clear button on a switch, it logs only as informational. I realize that it is the switch and not PCM that determines the severity, but I might suggest to the switch OS authors that this should at least be a warning.

Les,

I believe that you can set that in the switch itself.

If someone can clear the PW on a switch then they have the authorisation to do so... I.o.w. I hope that your switches are secure and only accessable to the people who need to access them.

Scooter

Scooter,
Thanks for the reply. I have not been able to find where in the switch OS that I can change the level of the event.
I also posed the question to Procurve Support and this is the answer they gave me:
<QUOTE>
Les,
One option you may want to consider is that you can set the 5300 to reboot when the clear button is pressed. This way no one can clear the passwords without the box going through a full reboot cycle. The thought behind this is that if this were to occur it would cause extra alerts on the network to let you know that something is happening. I will check into the exclusion/inclusion feature as you suggested.
</QUOTE>

Search as I may, I cannot find the "reboot on clear" feature either.

As for your comment about physically securing the switches, it just is not going to happen. I plan to deploy several of these switches in a mesh over two kilometres of fibre stretched throughout an industrial complex. Real estate is at a premium and I cannot get excusive locked space.

Les,
You should insist with your managers to let you put your switches and patch panels in closed, wall-mounted, locked and ventilated racks. Otherwise there is not only a risk of having a jolly worker reset and clear your switches (using the two very small and attractive Reset and Clear buttons on the front of the switch), but a much more serious risk of another jolly worker to plug a small patchcord in two of the switche's ports which, of course, creates a loop.

Les,

Reset on clear:

Check the Access security guide 2-13.

ftp://ftp.hp.com/pub/networking/software/59906052.pdf

Let me check the rest and I'll get back to you.

Configuring Front Panel Security
Using the front-panel-security command from the global configuration context
in the CLI you can:
â ¢ Disable or re-enable the password-clearing function of the Clear
button. Disabling the Clear button means that pressing it does not
remove local password protection from the switch. (This action
affects the Clear button when used alone, but does not affect the
operation of the Reset+Clear combination described under â Restoring
the Factory Default Configurationâ on page 2-11.)
â ¢ Configure the Clear button to reboot the switch after clearing any
local usernames and passwords. This provides an immediate, visual
means (plus an Event Log message) for verfiying that any usernames
and passwords in the switch have been cleared.
â ¢ Modify the operation of the Reset+Clear combination (page 2-11)
that the switch still reboots, but does not restore the switchâ s factory
default configuration settings. (Use of the Reset button alone, to
simply reboot the switch, is not affected.)
â ¢ Disable or re-enable Password Recovery.
Syntax: show front-panel-security
Displays the current front-panel-security settings:
Clear Password: Shows the status of the Clear button on the front
panel of the switch. Enabled means that pressing the Clear
button erases the local usernames and passwords configured
on the switch (and thus removes local password protection
from the switch). Disabled means that pressing the Clear
button does not remove the local usernames and passwords
configured on the switch. (Default: Enabled.)
Reset-on-clear: Shows the status of the reset-on-clear option
(Enabled or Disabled). When reset-on-clear is disabled and
Clear Password is enabled, then pressing the Clear button
erases the local usernames and passwords from the switch.
When reset-on-clear is enabled, pressing the Clear button
erases the local usernames and passwords from the switch
and reboots the switch. (Enabling reset-on-clear
automatically enables clear-password.) (Default: Disabled.)
Factory Reset: Shows the status of the Reset button on the front
panel of the switch. Enabled means that pressing the Reset
button reboots the switch and also enables the Reset button
be used with the Clear button (page 2-11) to reset the switch
to its factory-default configuration

Scooter,
DOH! Security guide makes sense now. Noob mistake to only look in the config guide.

Dan,
I hear what you say and would love to have the locked space but it is just not going to happen. Maybe after someone takes a box cutter to all my fibres they will listen but until then I am just preaching "doom and gloom". I would settle for a lock on the door to the shared space but even that is asking too much. :(

Thanks

BTW, I will go ahead with the "Plus" version of PCM and only hope that they will enhance the filter to full fledged "rules". In the meantime, I can send info traps to a different receiver (Whatsup Gold) and leave them out of PCM.

OK, I enabled reset-on-clear but it still does not help me. Yes, the switch now reboots but still no warning traps get sent.

I would have expected a password reset or a reboot to throw more than an informational trap.

I guess I will have to send informational traps to my Whatsup Gold trap receiver instead of PCM+. At least Whatsup can page me which is more than what PCM+ can do.

Update:
I submitted a feature request to HP to have the reboot and clear events changed to "warning". They really should not be buried in a sea of "informational" traps.

Here's to hoping that a software engineer agrees with me.

Les,
you could give a try to Kiwi's CatTools2, which is an excelent tool even for HP switches. You will not believe what you can do with this NZ tool:

http://www.kiwisyslog.com/cattools2.htm

Just what I don't need... yet another tool in my arsenal. TBH, I did not look at it. I already have a plethora of tools and was hoping that PCM+ could be more of a swiss army knife. I did manage to bully my way on to the PCM+ beta program so here's hoping that I can contribute something of value.

Thanks

DOH! I have misconstrued. I am not on any beta program but merely got an advance copy of the latest 1.6 beta.

Will go crawl under a rock now.