BMC Defender Server Actions configuration screens

Actions are configured using either the  Correlation > Actions screen, or the Ticket > Actions screen. These two facilities are similar, but operate on different types of data: The Correlation > Actions screen processes incoming messages, whereas the Ticket > Actions screen processes tickets.

The CO-catlog.exe program reads the action configuration file. This process (that is also responsible for cataloging data on the system) stops the parsing of incoming messages, executes the specified action, waits for the action to complete, and then continues. All data is buffered while the CO-catalog.exe program has stopped, so no loss of messages occurs. However, if the action takes a long to execute, it is possible that the CO-catlog.exe program can begin to lag behind in its cataloging process. This situation, while unlikely, should be a consideration when adding actions to the system. In particular, actions should always be transient processes that execute within a second or two. If an action program blocks execution, the cataloging of data and further processing of actions stops.

It is possible (and in fact common) for a single event message to resulting multiple actions being executed.

Add New Action wizard

The simplest and fasted way to configure one of the pre-existing actions is to simply click the Wizard option on the Correlation > Actions and Ticket > Actions screens.

The Add New Action wizard guides you through the process of configuring one of the existing actions on the system. In addition to allowing the operator to select one of the pre-configured actions (such as LOGFILE, SENDMAIL) the wizard performs checks, and provide a prompt for the specific arguments required for the action program.

This might be satisfactory in many (and perhaps most) situations. However, the BMC Defender Server actions component is an open system. It is designed to permit you specified action programs (such as Java, PHP and Perl scripts) to be executed in response to correlated items, as discussed in the sections that follow.

Detailed steps in configuring a user action

It is quite common for users to employ their own actions. Hence, the majority of this section discusses the detailed steps needed to create a brand-new action.

To illustrate, the following basic steps need to occur in order to add an action to either the Correlation > Actions or the Ticket > Actions screens.

1. The administrator defines the action by creating a program in the BMC Defender Server/actions or BMC Defender Server/t-actions directories (depending upon whether this is an action on incoming messages or action on tickets.)  This can be an existing action, or new action, such as the execution of a Java, Perl or PHP script, or some batch file or executable
2. The administrator copies the action into the BMC Defender Server/actions or /t-actions directory. The administrator might want to test the action by executing the program at a command prompt.
3. The administrator goes to the Actions screen of the BMC Defender Server web interface and enters the match patterns that triggers the action, the name of the action program residing in the appropriate directory, as well as any arguments for the selected action program.
4. The administrator optionally tests the action by sending a syslog message (possibly with the Messages > Config > Parms > Send Syslog Message tool) and verifies that the action is executed. The status of the executed action appears on the Actions screen, and a log file is created in the actions directory.

Each of the preceding basic steps is discussed in more detail within the section that follows.