Keywords can be one of the following types:
- Event: Any event that is logged to the Event Log (for example from external syslog or user event).
- Change: BMC Network Automation detected a configuration file change or an OS image change.
- Discrepancy: BMC Network Automation detected a configuration file or an OS image discrepancy (for example difference between the trusted production configuration and the current configuration).
Note
The Change Detected keyword is used to detect changes to the Running, Startup, and other configurations and to the operating system. To detect hardware changes, use the Hardware Change Detected keyword (Type=Event, Category=Device, Event=Hardware inventory has been updated.).
Click here to view the predefined keywords that are delivered with BMC Network Automation and, which assist in establishing policies.
| |
|---|
All Compliance Violations Cleared | All compliance violations on the current configurations have been cleared. |
All Discrepancies Cleared | All discrepancies between running versus startup, running versus trusted running, startup versus trusted startup, and OS image are cleared on the device. |
| A change has been detected in a configuration file. |
Compliance Violation Detected | A compliance violation on a device was detected. Compliance violation events are logged for rules in enabled and assigned compliance rule sets. |
| A potential configuration change has occurred on a device. |
| Detects high CPU usage reported on a device. |
| A denial of service event has been received from a device. |
Deploy to Active Request Failed | A user or policy-based Deploy to Active action for a device has failed. |
| A discrepancy has been detected between the device's trusted production configuration and the current configuration. |
| A duplicate IP address event has been received from a device. |
External Change Task Close Failure | The External Change Task Close task fails. |
| The system has detected a hardware change on a device (for example, new or removed board, flash, or memory chip.) |
| A link down event has been received from a device. |
| A memory event has been received from a device. |
| A change to the operating system version has been detected. |
| A user or policy Remediate action with a rule, rule set, or all assigned rules has failed for a device. |
| A security event has been received from a device. |
| A high severity event (0/1) has been received from the device. |
| A user or policy-based configuration snapshot for a device failed. |
| A system reboot has been detected on a device. |
This topic describes how to add, edit, or copy keywords for policy conditions and also shows some examples.
To add, edit, or copy keywords for policy conditions
- Open the Keywords page by clicking the Policies tab, and selecting Policies > Keywords.
On the Keywords page, perform one of the following actions:
| | |
|---|
| | |
| | Edit an existing keyword in the relevant row. |
| | Create a new keyword by copying and editing an existing keyword in the relevant row. |
- Enter a unique name for the keyword, up to 40 characters.
- Select the type of keyword: Event, Change, or Discrepancy. You cannot edit the keyword type after it is saved.
- Enter or update information in the displayed fields:
For an Event keyword:
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.
For a Change keyword:
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.
For a Discrepancy keyword:
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.
- Click Save.
Back to top
Editing examples
The following figures show the editing of out-of-the-box keywords, one of each type (Change, Event, and Discrepancy). Click each figure to enlarge.
Back to top
Viewing-the-keywords-listing
