Important

   

Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.

Adding or editing keywords

This topic was edited by a BMC Contributor and has not been approved.  More information.

Keywords can be one of the following types:

  • Event: Any event that is logged to the Event Log (for example from external syslog or user event).
  • Change: BMC Network Automation detected a configuration file change or an OS image change.
  • Discrepancy: BMC Network Automation detected a configuration file or an OS image discrepancy (for example difference between the trusted production configuration and the current configuration).

Note

The Change Detected keyword is used to detect changes to the Running, Startup, and other configurations and to the operating system. To detect hardware changes, use the Hardware Change Detected keyword (Type=Event, Category=Device, Event=Hardware inventory has been updated.).

 Click here to view the predefined keywords that are delivered with BMC Network Automation and, which assist in establishing policies.
Keyword nameDescription

All Compliance Violations Cleared

All compliance violations on the current configurations have been cleared.

All Discrepancies Cleared

All discrepancies between running versus startup, running versus trusted running, startup versus trusted startup, and OS image are cleared on the device.

Change Detected

A change has been detected in a configuration file.

Compliance Violation Detected

A compliance violation on a device was detected. Compliance violation events are logged for rules in enabled and assigned compliance rule sets.

Config Change Event

A potential configuration change has occurred on a device.

CPU Usage

Detects high CPU usage reported on a device.

Denial of Service

A denial of service event has been received from a device.

Deploy to Active Request Failed

A user or policy-based Deploy to Active action for a device has failed.

Discrepancy Detected

A discrepancy has been detected between the device's trusted production configuration and the current configuration.

Duplicate IP Address

A duplicate IP address event has been received from a device.

External Change Task Close FailureThe External Change Task Close task fails.

Hardware Change Detected

The system has detected a hardware change on a device (for example, new or removed board, flash, or memory chip.)

Link Down

A link down event has been received from a device.

Memory Event

A memory event has been received from a device.

OS Version Change

A change to the operating system version has been detected.

Remediate Request Failed

A user or policy Remediate action with a rule, rule set, or all assigned rules has failed for a device.

Security Event

A security event has been received from a device.

Severity (0/1) Event

A high severity event (0/1) has been received from the device.

Snapshot Request Failed

A user or policy-based configuration snapshot for a device failed.

System Reload

A system reboot has been detected on a device.

This topic describes how to add, edit, or copy keywords for policy conditions and also shows some examples.

To add, edit, or copy keywords for policy conditions

  1. Open the Keywords page by clicking the Policies tab, and selecting Policies > Keywords.
  2. On the Keywords page, perform one of the following actions:

    IconActionDescription

    AddAdd a new keyword.
    EditEdit an existing keyword in the relevant row.
    CopyCreate a new keyword by copying and editing an existing keyword in the relevant row.
  3. Enter a unique name for the keyword, up to 40 characters.
  4. Select the type of keyword: Event, Change, or Discrepancy. You cannot edit the keyword type after it is saved.
  5. Enter or update information in the displayed fields:
    • For an Event keyword:

      Field

      Description

      Severity

      Select one or more severity levels for the event. This field is required only if you set the Event value to Any.

      Category

      (Optional) Select the category of event. Syslog messages are logged under the External category.

      Event

      (Optional) Specify the specific type of event for the selected category.

      Search String

      Specify one or more strings to match in the event. Start and terminate the string with the wildcard character * to find string anywhere in the event text. This field is required only if you set the Event value to Any.

    • For a Change keyword:

      Field

      Description

      Trails

      (Optional) Select if want to detect change to the Running, Startup, or other device specific configurations.

      OS Image

      (Optional) Select if want to detect change to the OS image.

      Search String

      Specifies which command lines in the configuration file have changed. For any command line, specify "*" as the search string. For a specific command-line change, specify a substring for the command (for example, *access-list*). You can enter multiple search strings. For OS Image changes, you must specify "*" as the search string.

    • For a Discrepancy keyword:

      Field

      Description

      Running vs Trusted Running

      (Optional) Select if want to detect a discrepancy between the current Running and trusted Running configuration files.

      Startup vs Trusted Startup

      (Optional) Select if want to detect discrepancy between the current Startup and trusted Startup configuration files.

      Running vs Startup

      (Optional) Select if want to detect discrepancies between the Running and Startup configuration files.

      OS Image

      (Optional) Select if want to detect discrepancies between the current Running and Trusted Running OS image versions.

      Search String

      Specifies which command lines in the configuration file have a discrepancy. For any command line, specify "*" as the search string. For a specific command line change, specify a substring for the command (for example, *access-list*). You can enter multiple search strings. For OS Image changes, you must specify "*" as the search string.

  6. Click Save.

Back to top

Editing examples

The following figures show the editing of out-of-the-box keywords, one of each type (Change, Event, and Discrepancy). Click each figure to enlarge.

 

Back to top

Related topic

Viewing the keywords listing

Was this page helpful? Yes No Submitting... Thank you

Comments