Setting event rules
The EventRules configuration variable allows you to define a list of persistent rules in the agent where each rule can be one of the following:
- Event suppression rule: If an event is published in the context of a given KM, then you can suppress this event.
- Event replacement rule: If an event is published in the context of a given KM (or application), then you can replace this event.
- Event text substitution rule. This rule is similar to the event replacement rule except that only the description of the event is replaced. All other event attributes remain the same.
Format and type of data | /EventRules/sourceCatalog/sourceClass/objectPath |
---|---|
Values (no default) | SUPPRESS |
Minimum and maximum | Not applicable |
Dependencies | None |
Recommendation | None |
Note
Only ONE rule can exist for a given KM context, event catalog and event class. This is inherently enforced by the fact that only one such pconfig variable can exist.
If many rules exist that match the objectPath of an event, the following order is applied:
- application/ instance id/ parameter
- application/__ANYINSTANCE__/ parameter
- application/ instance id
- application/__ANYINSTANCE__
- application
If <objectPath> is '*' (an asterisk), any event with the same catalog and class will match the rule.
Suppress an event
To suppress an event means that you want to suppress event source catalog, source class anytime the event origin matches objectPath.
When an event is suppressed following tasks are observed:
- No event action is ran
- No SNMP trap is triggered
Some standard events that are used internally by the agent can be suppressed (with limitations):
- Event class "7" — login OK
- Event class "28" — login invalid
- Event class "39" — value of parameter not in range
- Event class "11" — value of parameter is in alarm zone
- Event class "9" — alarm has been cancelled.
- Event class "40" — response event
Some of the events generated for PATROL objects that are blacked out but can be suppressed (with limitations):
- BlackoutStart event
- BlackoutStop event
Note
If you suppress any of the above mentioned events, neither will any event get generated nor will any event actions run. Only range evaluations will take place and recovery events will get generated. Example:
- Event class "BlackoutStart" — event will not get generated.
- Event class "BlackoutStop" — event will not get generated
Replace an event
The event replacement rule allows you to replace standard events with more meaningful events for each KM. To replace an event means that you want to replace event source catalog, source class with event replacement catalog, replacement class anytime the event origin matches objectPath.
If MY_CAT/MyClass does not exist, the original event will be published.
It is expected that event class "MyClass" defines the same number of arguments as in event class "11".
- If event "MyClass" has more arguments than "41", the extra replacement arguments will not be expanded.
- If event "MyClass" has less arguments than "41" then the extra source arguments will be ignored.
Some standard events are used internally by the agent and, as such, cannot be replaced:
- Event class "7" — login OK
- Event class "28" — login invalid
- Response event
Substitute event text
To substitute event text means that you want to substitute the event description of event source catalog, source class with the substitute text when the event origin matches objectPath. Event text substitution allows you to provide event descriptions that are in context of your environment and more meaningful.
As in the event replacement rule, it is expected that the substitute description defines the same number of arguments as in the original description.
Comments
Log in or register to comment.