Configuring TrueSight Infrastructure Management

This topic describes the configuration tasks for the Service Down event type supported out-of-the-box. When you want to add support for new events in the run book, you must perform the tasks described in this topic on the TrueSight Infrastructure Management server. 

The following table describes the tasks required to configure TrueSight Infrastructure Management:

Step

Task

1.

2..

3.

4.

5.

Before you begin

You must ensure that the following conditions are met before configuring TrueSight Infrastructure Management for the Event Orchestration run book:

Prerequisite

Reference (TrueSight Infrastructure Management documentation)

TrueSight Infrastructure Management server is installed and up and running

(Optional) If your TrueSight Infrastructure Management system integrates with Business Service Resolution (BSR), the integration is configured appropriately. 

PATROL Agent is configured for monitoring the target server and thresholds are set in TrueSight Infrastructure Management to generate events

To add enumeration type for events

The Event Orchestration runbook supports Service Down event out-of-the-box. To add more events to be supported by the run book, you must first define the enumeration type for the event.

Important

Only those events that are defined in the main cell are forwarded to the TrueSight Orchestration gateway for triage and remediation.

  1. Go to the pw/server/etc/<main_cell_name>/kb/classes location and open the bii4p.baroc file. 

  2. In the baroc file, specify the following configuration details. 

    Attribute

    Description

    ENUMERATION EO_EVENT_TYPE

    Contains the name of the events to be supported by the run book.

    Specify the name of the event in the following format:

    <Number> <Name of the event>

    For example, 20 ServerDown

    MC_EV_CLASS

    Extends the base Event class to add a slot named eo_event_type, whose default value is Unknown. All events whose type is
    Unknown will be dropped by the cell and not propagated to TrueSight Orchestration.

    The following figure shows a sample configuration for the file. You can copy the content and replace values that match your environment. 

    #################################################################################
    # File name: bii4p.baroc
    # Version: 11.0.0
    # Copyright 2017-2027 BMC Software, Inc. All Rights Reserved
    #
    # Module        : Event Orchestration
    # Date          : April 19, 2018
    # Author        :
    # Description   : Data classes required to support Event Orchestration
    # Revision      : 11.0.0
    # History       : Initial Creation.
    #################################################################################
    # Event classification to tag a specific event type

    ENUMERATION EO_EVENT_TYPE
       0   Unknown
       10 ServiceDown
       20 ServerDown
       30 DiskFull
    END

    MC_EV_CLASS :
               PATROL_EV ISA EVENT
               DEFINES
                {
                   mc_tool:    default="PATROL Agent";
                   mc_host_address:    dup_detect=yes;
                   mc_origin_key:      dup_detect=yes;

                   p_agent:    STRING;
                   p_agent_address:    STRING;
                   p_agent_port:   INTEGER;
                   p_agent_version:    STRING;
                   p_application:  STRING;
                   p_catalog:  STRING;
                   p_class:    STRING;
                   p_diary:    STRING;
                   p_expectancy:   STRING;
                   p_handler:  STRING;
                   p_instance: STRING;
                   p_node:     STRING;
                   p_origin:   STRING, dup_detect=yes;
                   p_owner:    STRING;
                   p_source_id:    STRING;
                   p_status:   STRING;
                   p_type:     STRING;
                   p_args:     LIST_OF STRING;
                   pes:    INTEGER;
                   pes_tcp_port:   INTEGER;
                   pes_udp_port:   INTEGER;
                   pes_icon_name:  STRING;
                   pes_parent_instance:    STRING;
                   pes_param_status:   STRING;
                   pes_alert_date: STRING;
                   pes_alert_time: STRING;
                   pes_tz: STRING;
                   pes_last10: STRING;
                   pes_ave10:  STRING;
                   pes_last10_ts:  STRING;
                   pes_last10_tp:  REAL;
                   pes_user_defined:   STRING;
                   pes_alarm_min:  STRING;
                   pes_alarm_max:  STRING;
                   pes_patrol_home:    STRING;
                   pn_object_id : INTEGER, hidden=no, default = 0;
                   pn_object_class_id : INTEGER, hidden=no, default = 0;
                   eo_event_type  : EO_EVENT_TYPE,   default = Unknown ;
                };
           END

    #---------------------------------------------------------------------
    #   End Of file
    #---------------------------------------------------------------------

To add refinement rules for event enrichment

Events must be enriched before forwarding to the TrueSight Orchestration gateway. Event enrichment ensures that events contain relevant data, and only those events are forwarded to TrueSight Orchestration that are enumerated in the main cell. 

After defining enumeration for new event  types, you can now define rules for the events added in the main cell. Rules are defined to detect events received from the PATROL Agent. 

  1. Go to the <MAIN_CELL_HOME>/kb/rules folder and create a file named event_orchestration_refine.mrl.

  2. Add a rule for the ServiceDown event by using the following attributes. 

    The following table describes the attributes to be specified in the rule and the field to which the field is mapped to when an event is converted into a Common Event Model (CEM) format.

    Attribute

    Mapping with CEM format

    Description

    mc_service

    SituationData:service

    Specifies the name of the service.

    Specify the value to be extracted from the mc_object slot.

    mc_event_category

    SituationData:eventCategory

    Species the category of the event. Example: AVAILABILITY_MANAGEMENT

    mc_event_subcategory

    SituationData:eventSubCategory

    Specifies the sub-category of the event. Example: APPLICATION

    eo_event_type

    ExtendedData:eo-event-type

    Specifies the event type enumeration added in the file. Example: ServiceDown

    mc_smc_impact

    -

    Specifies the default impact value for the event. Example: IMPACTING

    The following figure shows the sample rules defined for the ServiceDown event, which is available out-of-the-box with the Event Orchestration run book. In this example, the windows_service_down_event rule is defined to enrich a ServiceDown event from the Windows PATROL Agent. The linux_service_down_event rule is to enrich a ServiceDown event for a Linux PATROL Agent. 

    Note

    For each event, you must add rules for each supported operating systems.

    #
    # File name: event_orchestration_refine.mrl
    # Version: 11.0.00
    # Copyright 1998-2017 BMC Software, Inc. All Rights Reserved
    #
    #===============================================================================
    # Refine rule for event orchestration.
    # This rule is configured for detecting events received from a Windows Patrol Agent
    # Set the mc_service to value extracted from mc_object.
    #
    #-------------------------------------------------------------------------------
    #
    #
    refine windows_service_down_event:
           PATROL_EV ($EV) where [ $EV.mc_object_class == 'NT_SERVICES' AND $EV.mc_parameter == 'ServiceStatus'
                               AND ( $EV.mc_parameter_value == '3.000000' OR $EV.mc_parameter_value == '2.000000' ) ]
            {   
                $EV.mc_service = substring( $EV.mc_object, strpart($EV.mc_object, '_') );
                $EV.mc_event_category = 'AVAILABILITY_MANAGEMENT';
                $EV.mc_event_subcategory = 'APPLICATION';
                $EV.eo_event_type = 'ServiceDown';
                $EV.mc_smc_impact = 'IMPACTING';
            }
    END

    #===============================================================================
    # Refine rule for BAO's event orchestration.
    # This rule is configured for detecting events received from a Linux Patrol Agent
    # Set the mc_service to value extracted from mc_object.
    #
    #-------------------------------------------------------------------------------

    refine linux_service_down_event:
           PATROL_EV ($EV) where [ $EV.mc_object_class == 'NUK_Process' AND $EV.mc_parameter == 'ProcessCount'
                               AND ( $EV.mc_parameter_value == '0.000000' )  ]
            {   
                $EV.mc_service = $EV.mc_object;
                $EV.mc_event_category = 'AVAILABILITY_MANAGEMENT';
                $EV.mc_event_subcategory = 'APPLICATION';
                $EV.eo_event_type = 'ServiceDown';
                $EV.mc_smc_impact = 'IMPACTING';
            }
    END

To update event filter rules for event enrichment

You can define the filter rules to restrict processing a certain type of events, not supported by the Event Orchestration run book. If the filter rule is defined, 

  1. Go to the <MAIN_CELL_HOME/kb/rules folder and create a new file named event_orchestration_filter.mrl.
  2. Add the following rules to the file.
    1. match_unknown_event_type: Filters out all events mapped to a specified event type

    2. match_non_open_events: all events that are not in an OPEN state, such as INFO events.
      The following figure shows the filter rules defined for the run book.

      # File name: event_orchestration_filter.mrl
      # Version: 11.0.00
      # Copyright 1998-2018 BMC Software, Inc. All Rights Reserved
      #
      #################################################################################
      # BMC Event Orchestration
      # Date     : April , 2018
      # Revision :      
      # Author   :
      #################################################################################


      # Filter events whose eo_event_type is Unknown
      filter match_unknown_event_type: NOPASS
         EVENT ($EV) where [ $EV.eo_event_type == 'Unknown' ]
      END

      # Filter events whose status is NOT Open
      filter match_non_open_events: NOPASS
         EVENT ($EV) where [ $EV.status != 'OPEN' ]
      END

  3. In the same folder, go to <MAIN_CELL_HOME/kb/rules and add the name of the refinement rule files created in the earlier step to the .load file. 

    Note

    Ensure that you only specify the file name without the file extension.

    The following figure shows the file names updated in the .load file.

    .
    .
    .
    ibrsd_propagate_causal_events
    ibrsd_propagate_causal_event
    ibrsd_event_association_for_ci_info
    mc_sm_migrate
    gatewayim
    event_orchestration_refine
    event_orchestration_filter

Propagate events from the main cell to a TrueSight Orchestration Gateway

For the Event Orchestration run book, you must propagate the events that are received by the main cell to the TrueSight Orchestration gateway. To propagate events to the gateway, add the following information to the main cell. 

  1. In the <MAIN_CELL_HOME>/kb/rules folder, add a new file (with a suggested named propagate_to_bao.mrl).
    The file must contain the following information:

    #
    # File name: propagate_to_bao.mrl
    # Version: 11.0.00
    # Copyright 1998-2017 BMC Software, Inc. All Rights Reserved
    #

    #---------------------------------------------------------------------------------
    #
    #  Rule to propagate events received by BAO cell after enrichment. Here the BAO
    #  Gateway name is BAOGW
    #
    #  This rule will be triggered by event sync up tool to sync the cell and Jserver event
    #-----------------------------------------------------------------------------------

    propagate to_BAOGW:
       PATROL_EV ($EV) where [ $EV.status != CLOSED AND $EV.eo_event_type != 'Unknown' ]
       to BAOGW
    END

To compile and restart the main cell

After defining enumerations for event types, and configuring enrichment rules for the events in the main cell, you must compile and restart the cell. 

Important

You must compile and restart the cell every time you add a new event type to be supported by the run book.

Perform the following steps to ensure that the newly added event type is supported by the runbook:

  1. Go to the CELL_HOME/kb and run the following command to recompile all changes made to the main cell.

    > mccomp manifest.kb

  2. Run the following command to restart the cell. 

    > mcontrol -n <cell-name> restart

Where to go from here

After you have configured the TrueSight Infrastructure Management server, you can now configure the TrueSight Orchestration adapters and modules to enable the gateway to receive and perform triage and remediation for events. For more information about configuring adapters, see Configuring-TrueSight-Orchestration-adapters. For more information about configuring modules, see Configuring-TrueSight-Orchestration-modules.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*