×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Network Automation 8.8 ... Administering Performing network administration tasks Managing external event filters

Adding or editing an external event filter

  1. Open the External Event Filters page by navigating to Admin > Network Admin > External Events.
  2. Perform one of the following actions:
    • To define a new external event filter, click Add.
    • To view or change an existing external event filter, select the external event filter and click .
      For example, the event filter in the figure below is used to trigger the Auto Archive policy when a potential configuration change has been made by an external user.

  3. Enter or update the information in the following fields:
    • Name: Specify a unique name for the filter.
    • Enabled: (Optional) Uncheck to disable the filter.
    • Source: Select Syslog or Check Point for the source of the external event.

    • Filter: (Optional) Specify one or more syslog text strings that, when matched, are categorized, logged and processed as the selected Event Type (for example, Configuration Changes) for the device.

      The string should be in the form of a regular expression, with .* at the beginning and end when needed to match arbitrary text at the edges. See Grammar field metacharacters for a summary of regular expression metacharacters.

      If the syslog message contains a username, enclose that part of the regular expression in parentheses (). BMC Network Automation extracts the username out of the message so that it can track external changes back to the originating user.

      Example

      For example, an IOS syslog message that looks like this: %SYS-5-CONFIG_I: Configured from console by johndoe on vty0 (10.1.1.51) Would be matched by this regular expression, with extraction of the username: .SYS-5-CONFIG. by (\S+) on.*

      Notes

      • Filters should be ordered with more-specific expressions first, so that BMC Network Automation can make the best match. When you add new filters, they are added to the end of the list.

        For example, Cisco IOS can emit the configuration change message used in the preceding example with or without a user name. The expression that matches the version that includes the user name should be in the list ahead of the version that matches the message without a user name. Otherwise, BMC Network Automation does not extract the user name, as it stops at the first match.
      • Failure to extract a username from a syslog message does not harm the BMC Network Automation system in any way. Not all syslog messages include a username. The Auto Archive and other policies trigger regardless of whether or not usernames are successfully captured. The captured username is displayed as the originator when configuration information is displayed (such as in the Change Summary report).
    • Event Type: Select an Event Type for this filter. The Event Type is used by the policy Keywords and defines how the event is logged in the Event Log.
    • Incoming Severity: Select the syslog severity of the event for filter matching.
  4. Click Save to save your changes to the external event filter.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on Dec 03, 2015
task edit add external_event_filter contributor-updated

Comments

Log in or register to comment.

Managing external event filters
Viewing the external event filters listing
© Copyright 2013 - 2016 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.