BMC Defender Server automation

This section provides detailed information about BMC Defender Server actions—the ability to launch specific programs when certain conditions are met.

In addition to being a data collector and correlator, BMC Defender Server is an agent program that runs autonomously to perform specific actions in response to event messages. The actions can provide notifications, data processing, and corrective actions. To define and manage actions, you use the Correlation > Actions page.

BMC Defender Server provides flexibility by using the real-time collection of messages to perform specific actions and automation.

As an administrator, you can use one of the out-of-the-box actions or add new actions.

As a developer or a system administrator working with integrations, you can extend the system to perform highly specialized functions in the context of a larger management goal.

Section summary and additional notes about BMC Defender Server automation

• You can use correlation actions and ticket actions. These types of actions operate in a similar fashion, but accept slightly different information and are launched differently.
• Correlation actions are configured via the Correlation > Actions screen, and are executed when specific messages are matched. Correlation action programs reside in the installationDirectory/actions directory.
  Replace installationDirectory with the directory in which you installed the product. The default directory is C:\Program Files\BMC Software\BMC Defender.
• Ticket actions are configured via the Ticket > Actions screen, and are executed when specific tickets are opened, closed, or changed. Ticket action programs reside in the installationDirectory/t-actions directory.
• Action programs generally consist of batch file wrappers for other programs, accepting information and environmental variables from the BMC Defender Server system, and launching other programs.
• You can update a relational database table with message information using the RUNSQL.bat action program. This action requires you to configure an ODBC data source, and also requires you to configure the installationDirectory/system/RUNSQL.cnf file. The RUNSQL program requires a single argument, that is the path name to the RUNSQL.cnf file.
• You can send log messages to another syslog server using the SENDLOG.bat file. This program requires a single argument, that is the hostname or IP address of the syslog host.
• You can send e-mail messages using the SENDMAIL.bat. This program requires three arguments, the SMTP server host name or IP address, the Mail From e-mail address, and the Mail To e-mail address.
• You can send SNMP traps using the SENDTRAP.bat file. This program requires two arguments, the SNMP manager hos name or IP address, and the trap community for the trap.
• You can send messages via the Windows Messenger, creating popup alerts on the local or a remote machine. This program requires a single argument, that is the Net BIOS name of the platform that is to receive the alert message. The target platform must be running the standard Messenger service.

This section provides information about the following topics: