Rules and actions overview

Rules are triggered by events on servers monitored by IBM® Sterling Control Center Monitor. When a rule is triggered by a server event, the action specified in the rule is performed.

Rules specify criteria that must match an event generated in instances such as:

  • Data is collected from a monitored server
  • Polling of a node does not occur within a reasonable amount of time
  • A rule is created, updated, or deleted

When rules are triggered by events, the action specified in the rule is performed, such as:

  • Generate an alert and an email notification to a system administrator if a process or file transfer completes with errors
  • Monitor a process or file transfer for specific message IDs, and issue an operating system command if the message is detected
  • Monitor server status and generate an alert if a server error occurs
  • Generate an SNMP trap when a process return code is 8 or higher (for certain server types)

Rules have the following properties:

Criteria

Conditions that must be met for a rule to be applied, such as:

  • Parameters (for example, Event type, Message ID, Server ID, and SLC Name)
  • Server/server groups to which the rule applies
  • Data visibility group to which the rule belongs
Actions

Action performed when all criteria are met. Actions include:

  • Generating an alert (with different severity levels)
  • Sending an email notification
  • Generating an SNMP trap
  • Executing an operating system command on the system where the IBM Sterling Control Center Monitor engine is running or executing a server command on the specified monitored server
Schedule

One or more schedules (calendar) can be associated with a rule. If a schedule is used, the rule is applied when all rule criteria are met and a schedule associated with the rule matches.

Linked rule

A rule with a second set of criteria that must occur within a specified time. Linked rules also include both a resolution and non-resolution action. One of these actions is taken depending on whether the second set of criteria is met within the time specified.

For example, a linked rule can be used to generate an alert (non-resolution action) for a server down condition (first set of criteria) only if a server up event does not occur within 5 minutes (second set of criteria), thus giving an administrator a five-minute window to restart the server before any alert is generated.

After you create a rule, it is displayed in the Rules listing in the console for the rule set it was assigned. Rules without a data visibility group (DVG) criteria are assigned to the global rule set. Rules with a DVG criteria assigned belong to the specified DVG rule set. All enabled global rules for the entire IBM Sterling Control Center Monitor system are applied in the order in which they are listed in the Rules listing. Events with a DVG attribute are later processed by each applicable DVG rule set. The basic process is as follows:
  • An event occurs > For the global rule set, and each applicable DVG rule set, is it a match to the first rule in the listing? No.
  • Go to the next rule. Is it a match? No.
  • Go to the next rule, and to the next rule, until a match occurs.
Therefore, rules with specific criteria should precede rules with more general criteria (specific server versus server group). Only one rule per rule set is triggered per event. So, if the first rule is too general, a match always occurs and subsequent rules are ignored