BMC Defender Server automation

The previous section discussed correlation features of the BMC Defender Server, including a brief discussion of actions. This section provides more detailed information on BMC Defender Server actions, that is the ability of the BMC Defender Server to launch specific programs when certain conditions indicate.

The BMC Defender Server, in addition to being a data collector and correlator, can also be viewed as an agent program, that runs autonomously to perform specific tasks in response to event messages. These actions can provide notifications, data processing, and corrective actions. The screens supporting this capability are available using the Correlation > Actions navigation tab.

In particular, this section describes one of the most flexible and important aspects of the BMC Defender Server, that is how to use the real-time collection of messages to perform specific actions and automation. This greatly expands the potential role of BMC Defender Server within an organization.

This section is of interest to administrators, wanting to configure the BMC Defender Server using one of the out-of-box actions, as well as system integrators and developers that want to extend the system to perform highly specialized functions in the context of a larger management goal. Although ordinary operators might find this information interesting, they are limited with regard to actually using the information herein, since configuring actions is limited to BMC Defender Server users that have an admin login to the system.

Section summary and additional notes about BMC Defender Server automation

  • Two types of actions exist: Correlation actions and Ticket actions. These types of actions operate in a similar fashion, but accept slightly different information and are launched differently.
  • Correlation Actions are configured via the Correlation > Actions screen, and are executed when specific messages are matched. Correlation Action programs reside in the BMC Defender Server/actions directory
  • Ticket Actions are configured via the Ticket > Actions screen, and are executed when specific tickets are opened, closed, or changed. Ticket Action programs reside in the BMC Defender Server/t-actions directory.
  • Action programs generally consist of batch file wrappers for other programs, accepting information and environmental variables from the BMC Defender Server system, and launching other programs.
  • You can update a relational database table with message information using the RUNSQL.bat action program. This action requires you to configure an ODBC data source, and also requires you to configure the system/RUNSQL.cnf file. The RUNSQL program requires a single argument, that is the pathname to the RUNSQL.cnf file.
  • You can send log messages to another syslog server using the SENDLOG.bat file. This program requires a single argument, that is the hostname or IP address of the syslog host.
  • You can send e-mail messages using the SENDMAIL.bat. This program requires three arguments, the SMTP server hostname or IP address, the Mail From e-mail address, and the Mail To e-mail address.
  • You can send SNMP traps using the SENDTRAP.bat file. This program requires two arguments, the SNMP manager hostname or IP address, and the trap community for the trap.
  • You can send messages via the Windows Messenger, creating popup alerts on the local or a remote machine. This program requires a single argument, that is the Net BIOS name of the platform that is to receive the alert message. The target platform must be running the standard Messenger service.

This section provides information about the following topics:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*